Analisis Manajemen Risiko Infrastruktur Dengan Metode NIST (National Institute of Standards and Technology) SP 800-30 (Studi Kasus : STMIK Rosma)

2021 ◽  
Vol 14 (1) ◽  
pp. 141-151
Author(s):  
Anggi Elanda ◽  
Robby Lintang Buana
Keyword(s):  
Operating System ◽  
Risk Assessment ◽  
Information Systems ◽  
Information Security ◽  
Human Resources ◽  
Programming Language ◽  
Academic Community ◽  
Security Vulnerabilities ◽  
Language Data ◽  
Program Software

Infrastructure is an important thing in an organization/company that is used to support activities carried out within the organization. Infrastructure that includes STMIK Rosma, including hardware, software, data, and information, and human resources that support information systems. Hardware resources include PCs that are used for clients with application program software. Windows 10 professional 32 and 64 bit as the operating system. While the software on the server uses Linux OS and PHP programming language. Data and information include infrastructure data, device data, server data and data on staff, students and lecturers at STMIK Rosma. So the need for the sustainability of this system is increasingly important. Problems that have existed in the STMIK Rosma infrastructure, such as those related to information security vulnerabilities. If this problem cannot be fixed in a sustainable manner, it will have an impact or risk on the sustainability of this infrastructure, especially the academic community. This study uses NIST SP 800-30 as the method used to solve these problems. Keywords: Information Security, NIST SP 800-30, Infrastructure, Risk Assessment

scholarly journals Information security evaluation for Android mobile operating system

2020 ◽  
Vol 7 (6) ◽  
pp. 44-55 ◽  
Author(s):  
Dmitriy A. Izergin ◽  
Mikhail A. Eremeev ◽  
Shamil G. Magomedov ◽  
Stanislav I. Smirnov
Keyword(s):  
Operating System ◽  
Information Systems ◽  
Information Security ◽  
Mobile Devices ◽  
Data Exchange ◽  
Security Evaluation ◽  
Steady Increase ◽  
Special Importance ◽  
Monitoring And Control ◽  
Static And Dynamic Analysis

One of the main directions of information systems development is to increase the efficiency of collecting, processing and exchanging information through the introduction of modern data transfer technologies, automated remote monitoring and control. The cornerstone of this concept is mobile devices that solve the issue of operational data exchange and processing. Modern mobile services used including the exchange and processing of personalized, banking and critical data are the result of the steady increase in the number of crimes in the field of information security in relation to and using mobile devices. The widespread use of these devices for access to protected information contained in information systems has given special importance to the issue of information security.The subject of this research is to assess the current state of information security mechanisms for mobile operating systems that form the basis of the structure of episodic distributed mobile networks. The Android OS (operating system) was used as an example. The article discusses the problems of the development of a mobile ecosystem and methods aimed at solving them, the main vectors of malicious impact, ways of countering the means of static and dynamic analysis and modern protection mechanisms.

scholarly journals Analisis Penilaian Risiko Terhadap Penggunaan Sistem Informasi Akademik Pada Universitas Muhammadiyah Palembang Menggunakan Metode Octave Allegro

2021 ◽  
Vol 2 (1) ◽  
pp. 28-42
Author(s):  
Kholifah Kholifah ◽  
Reza Ade Putra ◽  
Fathiyah Nopriani
Keyword(s):  
Risk Assessment ◽  
Information Systems ◽  
Information Security ◽  
Risk Evaluation ◽  
Information Needs ◽  
Work Process ◽  
Crucial Information ◽  
Information Assets ◽  
Areas Of Concern ◽  
Academic Information

The development of technology in meeting information needs has been implemented at the Muhammadiyah University of Palembang where there are various information systems used in managing information as a basis for creating quality services and supporting optimization in the work process. However, apart from the perceived benefits, the increasing dependence on information systems is in line with the risks that can arise, one of which is the risk of information security where information is an important asset for an organization that needs to be protected and secured. As an effort to maintain and protect information security, it is necessary to carry out risk evaluation in order to identify and anticipate risks that can interfere with information security. This study aims to conduct a risk assessment analysis of the use of Academic Information Systems as a very crucial information system in a university. This risk assessment analysis uses the Octave Allegro method with the main focus on information assets which consists of 8 steps and is organized into 4 stages starting with determining drivers, developing information asset profiles, identifying threats, and identifying and mitigating risks. The results of this study are 10 (ten) areas of concern with a mitigation approach of 7 (seven) risks that must be reduced (mittigate), 2 (two) risks that can be deferred (defer), and 1 (one) risk. that can be accepted (accept). From the risk assessment carried out, recommendations are given to prevent / minimize the identified risks as an effort to maintain and improve information security.

scholarly journals Method of Information Security Risk Assessment Based on Improved Fuzzy Theory of Evidence

2018 ◽  
Vol 14 (03) ◽  
pp. 188 ◽  
Author(s):  
Xuepeng Huang ◽  
Wei Xu
Keyword(s):  
Risk Assessment ◽  
Information Systems ◽  
Information Security ◽  
Fuzzy Sets ◽  
Fuzzy Theory ◽  
Security Risk ◽  
Basic Probability ◽  
Information Security Risk ◽  
Security Risk Assessment ◽  
Theory Of Evidence

<p>A method based on improved fuzzy theory of evidence was presented to solve the problem that there exist all kinds of uncertainty in the process of information security risk assessment. The hierarchy model for the information systems risk assessment was established firstly, and then fuzzy sets were introduced into theory of evidence. The basic probability assignments were constructed using the membership function of fuzzy sets, and the basic probability assignments were determined. Moreover, weight coefficients were calculated using entropy weight and empirical factor, which combined the objective weights with the subjective ones, and improved the validity and reliability. An illustration example indicates that the method is feasible and effective, and provides reasonable data for constituting the risk control strategy of the information systems security.</p>

Information Security Risk Assessment Analysis of Quantitative Methods

2014 ◽  
Vol 687-691 ◽  
pp. 2015-2018
Author(s):  
Liang Hu ◽  
Yun Gen Hu
Keyword(s):  
Risk Assessment ◽  
Information Technology ◽  
Information Systems ◽  
Information Security ◽  
Quantitative Methods ◽  
Security Risk ◽  
Widespread Application ◽  
Information Security Risk ◽  
Security Risk Assessment ◽  
Social Dependence

The development of information technology is increasingly widespread application of information systems and social dependence on information systems is constantly increasing. Therefore, information security has become an important aspect of the development of information technology has an important impact on economic development and social security. Effective information security risk assessment is an important measure to improve information technology.

scholarly journals Extending the basic functionality of Maltego based on the Canari framework and Shodan search engine

2020 ◽  
pp. 34-40
Author(s):  
Shohrukh R. Davlatov ◽  
Petr V. Kuchynski
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Search Engine ◽  
Programming Language ◽  
Fundamental Difference ◽  
The Internet ◽  
Security Audit ◽  
Building Relationships ◽  
Python Programming Language ◽  
Python Programming

The paper considers Maltego metasearch system, which is widely used for collecting data from open sources and automatically building relationships between various objects. The main characteristics and the algorithm of the Shodan search engine was studied, and also the fundamental difference between this system and traditional search engines was explained. The Shodan platform indexes information that is collected from response banners of devices which are connected to the internet, while Google, Yandex and similar services index only the content of websites. Based on the studied materials, an extension of the Maltego functionality was developed using the Canari framework and the Python programming language. This approach allows to combine the main advantages of the considered systems: a rich set of graphical tools of Maltego and a large open database of the Shodan system. The proposed option also allows to configure the system to fit any unique requirements that information security specialists need to conduct a security audit of information systems.

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

ANALYSIS OF THREATS TO INFORMATION SECURITY IN THE CONTEXT OF THE TRANSITION OF EMPLOYEES TO REMOTE OPERATION

2020 ◽  
Author(s):  
Вадим Георгиевич Ерышов ◽  
Никита Вадимович Ерышов
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Remote Operation ◽  
Mode Of Operation

В статье проведен анализ актуальных угроз информационной безопасности информационных систем, возникших при переходе сотрудников организаций на удаленный режим работы. The article analyzes the current threats to information security of information systems that occurred when employees of organizations switch to remote mode of operation.

Sign in / Sign up

Export Citation Format

Share Document