Establishment of Enterprise Secured Information Architecture

2012 ◽  
pp. 316-325
Author(s):  
Shyh-Chang Liu ◽  
Tsang- Hung Wu
Keyword(s):  
Information Technology ◽  
Risk Management ◽  
Information Security ◽  
Information Flow ◽  
Information Architecture ◽  
Limited Resources ◽  
Integrated Planning ◽  
Operation Modes ◽  
Integrated Operation ◽  
Management Flow

Due to the fast progressing of the Information Technology, the issues of the information security became more important for the industry recently. Since the scopes of the information security are so broad, it hardly can be absolutely safety, not to mention only the limited resources are provided. The possible solution to enhance the security of present IT environment is to plan the safe and sound information flow (includes the strategy flow, risk management flow, and logistic flow) by integrated planning, based on the company integrated operation modes.

Information Security and Risk Management

2009 ◽  
pp. 668-674 ◽  
Author(s):  
Thomas M. Chen
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Denial Of Service ◽  
Modern Society ◽  
Limited Resources ◽  
Management Process ◽  
News Reports ◽  
Risk Management Process ◽  
Confidential Data ◽  
Information Assets

It is easy to find news reports of incidents where an organization’s security has been compromised. For example, a laptop was lost or stolen, or a private server was accessed. These incidents are noteworthy because confidential data might have been lost. Modern society depends on the trusted storage, transmission, and consumption of information. Information is a valuable asset that is expected to be protected. Information security is often considered to consist of confidentiality, integrity, availability, and accountability (Blakley, McDermott, & Geer, 2002). Confidentiality is the protection of information against theft and eavesdropping. Integrity is the protection of information against unauthorized modification and masquerade. Availability refers to dependable access of users to authorized information, particularly in light of attacks such as denial of service against information systems. Accountability is the assignment of responsibilities and traceability of actions to all involved parties. Naturally, any organization has limited resources to dedicate to information security. An organization’s limited resources must be balanced against the value of its information assets and the possible threats against them. It is often said that information security is essentially a problem of risk management (Schneier, 2000). It is unreasonable to believe that all valuable information can be kept perfectly safe against all attacks (Decker, 2001). An attacker with unlimited determination and resources can accomplish anything. Given any defenses, there will always exist a possibility of successful compromise. Instead of eliminating all risks, a more practical approach is to strategically craft security defenses to mitigate or minimize risks to acceptable levels. In order to accomplish this goal, it is necessary to perform a methodical risk analysis (Peltier, 2005). This article gives an overview of the risk management process.

scholarly journals INFORMATION SYSTEM SECURITY RISK MANAGEMENT ANALYSIS IN UNIVERSITAS ADVENT INDONESIA USING OCTAVE ALLEGRO METHOD

2019 ◽  
Vol 7 (1) ◽  
pp. 1715-1724
Author(s):  
Elmor Benedict Wagiu ◽  
Raminson Siregar ◽  
Raymond Maulany
Keyword(s):  
Information Technology ◽  
Information System ◽  
Risk Management ◽  
Information Security ◽  
Business Processes ◽  
Financial Information ◽  
Security Risk ◽  
System Risk ◽  
Area Of Concern ◽  
The Impact

Universitas Advent Indonesia is one of the many universities that use information technology to support their business processes in the hope that information technology will provide significant benefits. The use of information technology in supporting a business can not be separated from the risks that might be faced. for that, good management of information technology will be the key to how much risk will be faced. In this case, the researcher will conduct an analysis of information system risk management at the Universitas Advent Indonesia. The method used by researchers is OCTAVE ALLEGRO. OCTAVE ALLEGRO is a method that is often used to carry out analysis in the field of risk management and risk assessment. The purpose of this study was to identify risks that could potentially threaten business processes at Universitas Advent Indonesia by first identifying the impact of the area, determining the scale of priorities etc. The results of the study using OCTAVE Allegro is a risk reduction approach for each area of concern of each UNAI critical information asset namely student financial information, lecturer financial information, student score information, student transcript information, and class attendance data. UNAI makes written rules regarding responsibilities in maintaining information security and sanctions for violators and do socialize about the rule well gradually to Universitas Advent Indonesia employees. Re-evaluate information security by using OCTAVE Allegro method periodically, for example, once every 2 years.

E-Business and Information Security Risk Management

2011 ◽  
pp. 596-614 ◽  
Author(s):  
Stefan Fenz
Keyword(s):  
Information Technology ◽  
Risk Management ◽  
Information Security ◽  
Everyday Life ◽  
Failure Probability ◽  
Security Risk ◽  
Research Directions ◽  
Information Security Risk ◽  
Almost All ◽  
Security Risk Management

For almost all private individuals and especially organizations, information technology (IT) including hardware, software, and data is an irreplaceable part of their everyday life/business. Thus, IT has to be protected in an adequate way to ensure that it delivers the expected services. Information security risk management (ISRM) helps to holistically protect the IT and to minimize their failure probability at reasonable costs. This chapter shows why ISRM is important for e-businesses, gives a brief overview about the ISRM history, describes current problems in ISRM, and presents novel ISRM methods as potential solutions to the stated problems. The chapter closes with an outlook on future ISRM research directions.

Risk Management on Information Security in ABC Company

2017 ◽  
Vol 4 (1) ◽  
pp. 62-66
Author(s):  
Luyen Ha Nam
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Data Management ◽  
Management System ◽  
Risk Mitigation ◽  
Data Management System ◽  
Data Centre ◽  
Long Time ◽  
Mitigation Action ◽  
Better Than

From long, long time ago until nowadays information still takes a serious position for all aspect of life, fromindividual to organization. In ABC company information is somewhat very sensitive, very important. But how wekeep our information safe, well we have many ways to do that: in hard drive, removable disc etc. with otherorganizations they even have data centre to save their information. The objective of information security is to keep information safe from unwanted access. We applied Risk Mitigation Action framework on our data management system and after several months we have a result far better than before we use it: information more secure, quickly detect incidents, improve internal and external collaboration etc.

Sign in / Sign up

Export Citation Format

Share Document