scholarly journals Analisis Penilaian Risiko Terhadap Penggunaan Sistem Informasi Akademik Pada Universitas Muhammadiyah Palembang Menggunakan Metode Octave Allegro

2021 ◽  
Vol 2 (1) ◽  
pp. 28-42
Author(s):  
Kholifah Kholifah ◽  
Reza Ade Putra ◽  
Fathiyah Nopriani
Keyword(s):  
Risk Assessment ◽  
Information Systems ◽  
Information Security ◽  
Risk Evaluation ◽  
Information Needs ◽  
Work Process ◽  
Crucial Information ◽  
Information Assets ◽  
Areas Of Concern ◽  
Academic Information

The development of technology in meeting information needs has been implemented at the Muhammadiyah University of Palembang where there are various information systems used in managing information as a basis for creating quality services and supporting optimization in the work process. However, apart from the perceived benefits, the increasing dependence on information systems is in line with the risks that can arise, one of which is the risk of information security where information is an important asset for an organization that needs to be protected and secured. As an effort to maintain and protect information security, it is necessary to carry out risk evaluation in order to identify and anticipate risks that can interfere with information security. This study aims to conduct a risk assessment analysis of the use of Academic Information Systems as a very crucial information system in a university. This risk assessment analysis uses the Octave Allegro method with the main focus on information assets which consists of 8 steps and is organized into 4 stages starting with determining drivers, developing information asset profiles, identifying threats, and identifying and mitigating risks. The results of this study are 10 (ten) areas of concern with a mitigation approach of 7 (seven) risks that must be reduced (mittigate), 2 (two) risks that can be deferred (defer), and 1 (one) risk. that can be accepted (accept). From the risk assessment carried out, recommendations are given to prevent / minimize the identified risks as an effort to maintain and improve information security.

Managing the Risks of Outsourcing IT Security in Supply Chain

2013 ◽  
pp. 477-495 ◽  
Author(s):  
Theodosios Tsiakis ◽  
Panagiotis Tsiakis
Keyword(s):  
Supply Chain ◽  
Information Systems ◽  
Information Security ◽  
Supply Chains ◽  
Business Processes ◽  
Business Operations ◽  
It Systems ◽  
Increasing Risk ◽  
Information Assets ◽  
Share Information

Enterprises are expeditiously outsourcing the non-core business processes and functions. This is happening in order for new efficiencies to be found and costs to be reduced along with the increase of shareholder value. Enterprises in a supply chain use networks to share information assets. Information Systems and Information Technology are essential for their business operations. Organizations resort to outsourcing, in order to balance the infinite requirements with organisational assets. Supply chains that are relying upon sourced Information Systems (or/and IT) are vulnerable from Information Security (IS) specific types of risks to supply chains. These systems and their components are at increasing risk of supply chain. The process of securing all elements of IT systems (whether it is hardware, software, or services) throughout their life cycle is critical. The scope of the chapter is to identify the basic process of outsourcing Information Security functions/processes in Supply Chain and moreover to adduce the practice of it.

Analisis Manajemen Risiko Infrastruktur Dengan Metode NIST (National Institute of Standards and Technology) SP 800-30 (Studi Kasus : STMIK Rosma)

2021 ◽  
Vol 14 (1) ◽  
pp. 141-151
Author(s):  
Anggi Elanda ◽  
Robby Lintang Buana
Keyword(s):  
Operating System ◽  
Risk Assessment ◽  
Information Systems ◽  
Information Security ◽  
Human Resources ◽  
Programming Language ◽  
Academic Community ◽  
Security Vulnerabilities ◽  
Language Data ◽  
Program Software

Infrastructure is an important thing in an organization/company that is used to support activities carried out within the organization. Infrastructure that includes STMIK Rosma, including hardware, software, data, and information, and human resources that support information systems. Hardware resources include PCs that are used for clients with application program software. Windows 10 professional 32 and 64 bit as the operating system. While the software on the server uses Linux OS and PHP programming language. Data and information include infrastructure data, device data, server data and data on staff, students and lecturers at STMIK Rosma. So the need for the sustainability of this system is increasingly important. Problems that have existed in the STMIK Rosma infrastructure, such as those related to information security vulnerabilities. If this problem cannot be fixed in a sustainable manner, it will have an impact or risk on the sustainability of this infrastructure, especially the academic community. This study uses NIST SP 800-30 as the method used to solve these problems. Keywords: Information Security, NIST SP 800-30, Infrastructure, Risk Assessment

scholarly journals XP Model for Information Systems Recording Academic Data

SinkrOn ◽  
2019 ◽  
Vol 3 (2) ◽  
pp. 242
Author(s):  
Suhar Janti ◽  
Ghofar Taufik ◽  
Ishak Komarudin
Keyword(s):  
Higher Education ◽  
Information Systems ◽  
Student Affairs ◽  
Information Needs ◽  
Extreme Programming ◽  
Academic Planning ◽  
Class Period ◽  
Academic Information ◽  
Upper Level ◽  
Student Grades

Fulfillment of academic information to support a decision in a college is very necessary, especially to support an academic planning and evaluation in higher education. Often management asks the student academic bureau to find out the number of students based on their class, period, number of graduates, class schedules to student grades. This encourages the student academic bureau to create a desktop-based application that can be used to find out more quickly the needs requested by management. By using the extreme programming (XP) model, it can accommodate the academic information needs of student affairs in universities in the form of a recap of academic data that can be presented in real time and quickly for the upper level management.

scholarly journals The Graduate MIS Security Course: Objectives And Challenges

2009 ◽  
Vol 2 (8) ◽  
pp. 51-54
Author(s):  
Bradley K. Jensen ◽  
Carl S. Guynes ◽  
Andrew Nyaboga
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Management Information Systems ◽  
Management Information ◽  
Laboratory Environment ◽  
Course Objectives ◽  
Private And Public ◽  
Information Assets ◽  
Potential Losses

Given the magnitude of real and potential losses, both private and public employers increasingly expect graduates of management information systems (MIS) programs to understand information security concepts. The infrastructure requirements for the course includes setting up a secure laboratory environment to accommodate the development of viruses and worms. The labs and lectures are intended to instruct students in the inspection and protection of information assets, as well as detection of and reaction to threats to information assets.

scholarly journals Method of Information Security Risk Assessment Based on Improved Fuzzy Theory of Evidence

2018 ◽  
Vol 14 (03) ◽  
pp. 188 ◽  
Author(s):  
Xuepeng Huang ◽  
Wei Xu
Keyword(s):  
Risk Assessment ◽  
Information Systems ◽  
Information Security ◽  
Fuzzy Sets ◽  
Fuzzy Theory ◽  
Security Risk ◽  
Basic Probability ◽  
Information Security Risk ◽  
Security Risk Assessment ◽  
Theory Of Evidence

<p>A method based on improved fuzzy theory of evidence was presented to solve the problem that there exist all kinds of uncertainty in the process of information security risk assessment. The hierarchy model for the information systems risk assessment was established firstly, and then fuzzy sets were introduced into theory of evidence. The basic probability assignments were constructed using the membership function of fuzzy sets, and the basic probability assignments were determined. Moreover, weight coefficients were calculated using entropy weight and empirical factor, which combined the objective weights with the subjective ones, and improved the validity and reliability. An illustration example indicates that the method is feasible and effective, and provides reasonable data for constituting the risk control strategy of the information systems security.</p>

scholarly journals Dynamic Expert System-Based Geographically Adapted Malware Risk Evaluation Method

2020 ◽  
Vol 15 (3) ◽  
Author(s):  
Donatas Vitkus ◽  
Justina Jezukevičiūtė ◽  
Nikolaj Goranin
Keyword(s):  
Risk Assessment ◽  
Expert System ◽  
Information Security ◽  
Expert Systems ◽  
Knowledge Base ◽  
Risk Evaluation ◽  
Proper Solution ◽  
Security Risk ◽  
Information Security Risk ◽  
Base Formation

Fast development of information systems and technologies while providing new opportunities for people and organizations also make them more vulnerable at the same time. Information security risk assessment helps to identify weak points and preparing mitigation actions. The analysis of expert systems has shown that rule-based expert systems are universal, and because of that can be considered as a proper solution for the task of risk assessment automation. But to assess information security risks quickly and accurately, it is necessary to process a large amount of data about newly discovered vulnerabilities or threats, to reflect regional and industry specific information, making the traditional approach of knowledge base formation for expert system problematic. This work presents a novel method for an automated expert systems knowledge base formation based on the integration of data on regional malware distribution from Cyberthreat real-time map providing current information on newly discovered threats. In our work we collect the necessary information from the web sites in an automated way, that can be later used in a relevant risk calculation. This paper presents method implementation, which includes not only knowledge base formation but also the development of the prototype of an expert system. It was created using the JESS expert system shell. Information security risk evaluation was performed according to OWASP risk assessment methodology, taking into account the location of the organization and prevalent malware in that area.

Sign in / Sign up

Export Citation Format

Share Document