Risk Analysis Process

That the oil and gas exploration and development is extending into deep water proceeds the rapidly shift to subsea production system. However, complex subsea equipment and frequency offshore accidents aroused the concern on the risk assessment of subsea system. The paper illustrates the hazard aspects which should be focused on in the subsea equipment compared with the surface equipment. The hazards identification and risk analysis on subsea X-tree system is carried out. A general risk-prevent process of subsea X-tree system is illustrated, so does the reliability analysis process. Besides, some commendations on subsea detection and maintenance are presented in the paper.

Risk Evaluation in Software Project Using Bayesian Network Modeling

Research Society and Development ◽

10.33448/rsd-v9i11.10116 ◽

2020 ◽

Vol 9 (11) ◽

pp. e58991110116

Author(s):

Adalberto Ramos Cassia ◽

André Felipe Librantz ◽

Ivanir Costa ◽

Mauro de Mesquita Spinola ◽

Erika Midori Kinjo

Keyword(s):

Risk Analysis ◽

Software Development ◽

Risk Evaluation ◽

Development Project ◽

Software Project ◽

Software Development Project ◽

Bayes Model ◽

Analysis Process ◽

Bayesian Network Modeling ◽

Engineering Institute

Project risk events are often influenced by each other and rarely act independently. In this context, effective methods to identify, model and analyze these risks are necessary. The objective of this article is to apply the risk analysis in a software development project, based on the model of the Software Engineering Institute (SEI), using the Bayes model to calculate the event probabilities and also the Noisy-OR calculation structure to assign the initial weights of the network of factors that influence the project. In this way, it is expected to increase the chances of success of the risk analysis process. The results obtained by the techniques adopted prove to be promising in assisting the process of decision making by the managers of software development projects.

Perancangan Perangkat Audit Internal untuk Sistem Keamanan Informasi pada Organisasi XYZ

Jurnal Teknologi Informasi dan Ilmu Komputer ◽

10.25126/jtiik.2020701940 ◽

2020 ◽

Vol 7 (3) ◽

pp. 435

Author(s):

Arif Rahman Hakim ◽

Rizky Aditya Pratama Wijaya

Keyword(s):

Risk Analysis ◽

Business Process ◽

Process Analysis ◽

Internal Audit ◽

Electronic Systems ◽

Control Analysis ◽

Audit Tool ◽

Analysis Process ◽

Business Process Analysis ◽

Iec 27002

Organisasi xyz sebagai penyelenggara sistem elektronik strategis harus mempunyai mekanisme audit internal terhadap keamanan sistem elektronik yang dimilikinya. Namun, organisasi xyz belum memiliki perangkat audit (audit tool) untuk melakukan audit internal tersebut secara berkala. Di sisi lain, perangkat audit tersebut berperan penting dalam menganalisis kerawanan yang terdapat dalam sistem. Untuk itu, organisasi xyz perlu merancang perangkat audit internal tersebut agar mekanisme audit berkala yang disyaratkan dapat dipenuhi dan risiko kegagalan akibat kerawanan sistem informasi yang dimiliki dapat dimitigasi dengan baik. Pada makalah ini dilakukan penelitian kualitatif berupa perancangan perangkat audit didasarkan pada penggunaan tiga metode dalam penentuan kriteria audit, yaitu analisis risiko menggunakan FMEA, kemudian penentuan kriteria audit berdasarkan pemetaan kontrol menggunakan Statement of Applicability (SoA) ISO/IEC 27002:2013 dan analisis proses bisnis menggunakan COBIT 5. Kriteria audit yang telah ditentukan dengan tiga metode tersebut kemudian dilakukan pembentukan perangkat audit, ujicoba impementasi, penilaian dan diakhiri dengan finalisasi perangkat audit. Berdasarkan analisis risiko dengan FMEA didapatkan 22 aset bernilai risiko tinggi, 10 aset bernilai sedang, 18 risiko bernilai rendah, dan 1 risiko bernilai sangat rendah. Selanjutnya pada proses pemetaan kontrol SoA ISO/IEC 27002:2013 dihasilkan 29 kontrol dan pada analisis proses bisnis berdasarkan COBIT 5 didapatkan 9 proses enabler yang kemudian digunakan sebagai kriteria audit. Selanjutnya hasil 29 kontrol tersebut kemudian diklasifikasikan menjadi enam kategori audit tingkat kepatuhan dan sembilan proses enabler tersebut diklasifikasikan menjadi sembilan kategori audit level pencapaian, sehingga perangkat audit yang dibentuk mengandung kategori tersebut. Hasil uji coba implementasi, penilaian dan finalisasi perangkat audit menunjukkan bahwa perangkat audit yang dihasilkan sudah sesuai dengan kebutuhan organisasi xyz. AbstractThe XYZ organization as the operator of electronic systems with strategic characteristic shall have internal audit mechanisms for its electronic systems security. Unfortunately, XYZ organization does not have an internal audit tool to conduct the audit periodically. In other hand, this audit tool plays an important role in determining vulnerability of the systems. For this reason, XYZ organization needs to design the internal audit tool so that periodic audit mechanism required can be conducted and the risk of system failure due to the vulnerability of the system can be properly mitigated. In this paper, we conduct qualitative research to design audit tool using three methods in determining the audit criteria, the first is FMEA in risk analysis process, the second is ISO / IEC 27002: 2013 in control analysis process and the third is COBIT 5 in business process analysis. Our audit tool is design based on the audit criteria that obtained from those three methods. Based on risk analysis using FMEA we obtained 22 assets with high risk, 10 assets with medium risk, 18 assets with low risk, and one asset with very low risk. From control analysis based on SoA ISO/IEC 27002:2013, we obtained 29 risk-based controls and from business process analysis using COBIT 5 we obtained nine enabler processes. Then those 29 controls and nine processes are used as audit criteria. In the next step, we classify these 29 controls into six categories in compliance level and those nine processes into nine categories in achievement level in our audit tool. The results of implementation trials, assessment, and finalization of our audit tool shows that our audit tool has been consistent with the needs of XYZ organization.