A Hybrid Asset-Based IT Risk Management Framework

Information security has become one of the most important responsibilities of all organizations due to increasing cyber threats. Attackers take advantage of systems vulnerabilities; therefore, system administrators should be aware of potential threats to take necessary actions to protect their organizations and stakeholders. At this point, a risk assessment is needed to discover possible threats for vulnerable systems of the organization and to implement strategies for the business goals. This study proposes a hybrid risk management framework using both qualitative and quantitative methods to analyze risk within organizations and reduce them with practical countermeasures. Based on this framework, case studies have been carried out considering three hypothetical companies identifying possible information security risks, and these risks have been reduced to an acceptable level by applying the proposed risk analysis methodology.

An Overview of the IT Risk Management Methodologies for Securing Information Assets

Effective information asset management is the basis of information security as well as many other issues. IT risk assessments work well with the proper handling of asset values, and also it is for effectively securing information assets. There is also a wide variety of risk assessment methodologies. This chapter presents information about the overall IT risk management process and methodologies. Best practices are mentioned and occasionally compared based on the requirements of the information technology (IT) sector in practice. This chapter will provide deep knowledge about the IT risk management approach and construction to implementers, risk owners, IT auditors, executive managers, and other IT staff.

IT Risk Management dalam Operasional untuk Peningkatan Layanan Informasi Pesanan

<p><em>Seharusnya dampak risiko IT yang timbul pada operasional di sebuah organisasi yang terjadi tidak bisa diabaikan begitu saja. Tak terkecuali yang sering terjadi pada restoran atau kafe. Masalah operasional yang sering ditemui adalah masalah jaminan informasi terkait pelayanan. Karena mempengaruhi tingkat kepercayaan pelanggan terhadap setiap layanan yang diberikan pihak restoran atau kafe. Setelah dilakukan manajemen tersebut, ternyata didapat bahwa kepercayaan pelanggan terkait jaminan informasi dapat diturunkan lagi menjadi 2 problems research yaitu terkait informasi yang pasti mengenai informasi status layanan, dan yang kedua terkait informasi seberapa cepat layanan yang akan pelanggan dapatkan. Sehingga di rancanglah sebuah sistem layanan informasi pesanan yang dapat menjamin kepercayaan pelanggan akan layanan informasi untuk setiap prosesnya. sehingga restoran akhirnya dapat mengurangi risiko yang dapat terjadi pada operasionalnya. Dari hasil mitigasi telah menghasilkan evaluasi bahwa risiko R2, R3, R4, R5, R6, dan R7 telah berhasil di mitigasi dengan hasil Eliminate. Dan untuk R1 dengan hasil Reduce. Dari hasil ini disimpulkan bahwa sistem yang diusulkan sebagai sebuah mitigation action plan telah terbukti dapat memitigasi risiko operasional terkait proses pesanan.</em></p>

Third-Party Monitoring and Risk Management: A Literature Review

Although risk management is prevalent in organizations, agency theory studies on contractual relationships in firms fail to address it. Risk reduction is mostly discussed within the context of monitoring, understood as insight into the activities of subordinates. Hence, this literature review discusses 18 main analytical studies on monitoring, reviewing whether they can be reinterpreted as depicting risk management, thereby allowing for the transfer of gained insights. Accordingly, only Meth, B. (1996). Reduction of outcome variance: optimality and incentives. Contemp. Account. Res. 13: 309–328 and Dürr, O., Nisch, M., and Rohlfing-Bastian, A. (2020). Incentives in optimized teams for projects with uncertain returns. Rev. Account. Stud. 25: 313–341, can be reinterpreted as such, bearing the following risk management implications: (1) risk management is vital for firms, as firm’s risk affects employee incentive contracts, firm’s utility, and optimal firm size; (2) risk attitudes of risk managers are crucial for designing incentive contracts, with incentives necessary for more (less) risk-averse agents to encourage risk-taking (risk reduction); and (3) risk management should be delegated as a task separate from other managerial activities. The other studies do not depict risk management. Therefore, many research subjects remain open, such as organizing risk management in hierarchies, delegating risk management as a task and incentivizing it when a firm’s outcome is unavailable for contracting, and establishing the connection between the performance measures and the risk of a firm.

ANALYSIS OF BANK PERFORMANCE WITH INFORMATION TECHNOLOGY PERSPECTIVE

XYZ Bank provides several digital banking services for various segments, including the D-Bank mobile banking application, XYZ Online Banking, D-Card Mobile for credit card management, D-Financial for SMEs, D-BisMart. for the supply chain, as well as XYZ Trade Connect and Cash Connect for various customer businesses. It is known that 1) IT risk on the D-Bank application is still high. This can be seen from the number of risk events for IT system failure in its application. 2) The handling of IT problems is still not optimal, this can be seen from customer complaints that often reappear in the D-Bank application, such as failed logins, failed transactions and slow performance. 3) Lack of handling of IT Security services. This can be seen from the number of cyber-attacks that have successfully entered the D-Bank application. The final result shows that there are several domains and principles that need to be considered by management in order to improve the performance of information technology.

JURNAL IT RISK MANAGEMENT ANALISIS RESIKO TEKNOLOGI INFORMASI PADA TOKO PUNTADEWA OUTDOOR

Puntadewa outdoor merupakan sebuah perusahaan yang bergerak dalam bidang penyediaan dan penjualan perlengkapan luar ruangan, toko tersebut sudah menggunakan penerapan SI/TI dalam menunjang aktivitas bisnis yang dijalankan. Toko tersebut menggunakan aplikasi SmartConsole yang digunakan untuk menunjang penjualan, mendata stok barang, serta mendata pengeluaran sehari-hari yang dibutuhkan. Namun dalam dunia manajemen pasti selalu ada kemungkinan risiko yang mungkin dapat terjadi dan dapat mengganggu aktivitas bisnis dalam penggunaan sistem tersebut. Dengan begitu analisis risiko sangat diperlukan terhadap sumber daya SI/TI yang terdapat pada toko tersebut. Dengan menggunakan ISO 31000 diharapkan dapat meminimalisir risiko yang terdapat pada aplikasi SmartConsole. Hasil dari analisis risiko ini berupa analisis kemungkinan risiko, mengelompokkan kemungkinan – kemungkinan risiko berdasarkan dampak nya sehingga menghasilkan usulan tindakan risiko terhadap kemungkinan risiko yang terdapat pada aplikasi SmartConsole, dengan begitu toko tersebut dapat memperlakukan kemungkinan risiko yang ada sesuai dengan prioritas level risikonya dan dapat mencegah serta meminimalisir sehinga tidak mengganggu aktivitas bisnis.

Compliance control as a mechanism for ensuring the economic security of businesses in e-commerce

Subject. The article focuses on organizational and methodological issues of internal compliance control in e-commerce businesses. Objectives. We refine the design and technique of internal compliance control for e-commerce businesses. Methods. The study relies upon methods of analysis and generalization, grouping, systematization, risk-based, systems and business process approaches. Results. We devised the five-component compliance control sysem, determined its principles and functions ensuring the economic security of e-commerce businesses. We suggest conducting compliance procedures intended to mitigate IT risks and accounting for the specifics of e-commerce business processes. Conclusions and Relevance. In e-commerce, compliance control serves for identifying and monitoring compliance risks, ensuring safe operations of businesses, which is vital for people. The information system for IT risk protection was found to underlie compliance control, while control procedures can be classified into general and applied. The findings can be used to set up a reliable and effective compliance system for e-commerce businesses in order to prevent economic abuses and crime.

Risk Management In Protecting Banking Sensitive Information at XYZ Bank Using COBIT5 Framework

POJK No.18 / POJK.03 / 2016 concerning the Implementation of Risk Management for Commercial Banks is addressed to the management and board of directors of Banks to improve provisions regarding compromised customer information disclosure to the public, and breaches of customer information have led to the need for risk management practices in the use of Information Technology (IT). Risk Control Assessment (RCA) is based on the COBIT 5 framework to assess risks associated with the use of Information Technology Asset in XYZ Bank. By mapping the RCA and the provisions of POJK No.18 / POJK.03 / 2016, it can help management obtain information on the level of compliance of the Bank with provisions relating to Banking sensitive information.

Measurement of IT Risk Management Maturity Level in CEC Using IT Domain Risk Governance Framework

IT Risk Management has long been adopted and implemented in CEC. This is inseparable from the high need for reliable and trusted information technology services at CEC as a government institution that has primary task for eradicating corruption. With a good IT risk management is expected to reduce the impact if the IT risk occurs and impacted to overall business process in CEC. However, up to 15 years after the implementation of IT risk management has never been measured how the level of IT maturity risk management. In this research, Author will use the IT Risk Framework with the risk governance domain approach as a standard IT risk management framework to evaluate the implementation of IT risk management in CEC. The process of evaluating the level of IT maturity is based on the maturity model that has been defined in the IT risk framework.

Analisis Manajemen Risiko Startup pada Masa Pandemi COVID-19 Menggunakan COBIT® 2019

<p>Perkembangan <em>startup </em>berbasis teknologi informasi (TI) semakin meningkat dewasa ini. Sebagai penunjang keberhasilan bisnis perusahaan, TI memiliki risiko yang timbul di berbagai keadaan terutama di era pandemi COVID-19. Salah satu alternatif yang dapat dimanfaatkan untuk mengelola dan menjamin usaha yang lebih kondusif dan kredibel yaitu manajemen risiko yang tepat. Hal ini karena manejemen risiko menjadi hal yang penting pada bisnis dalam meningkatkan keuntungan dan mempertahankan kontinuitas bisnis, terutama dalam kondisi pandemi COVID-19. Pembahasan manajemen risiko TI secara umum sudah cukup banyak, namun penelitian manajemen risiko dalam menghadapi masa pandemi perlu dipertimbangkan. Hal ini dikarenakan pada masa pandemi ini, TI menjadi salah satu kunci agar bisnis dapat bertahan dan memenangkan kompetisi. Selain itu, pandemi COVID-19 termasuk dalam kasus luar biasa yang belum pernah terjadi dalam kurun waktu ratusan tahun, sehingga secara teknis risiko dari pandemi ini termasuk dalam risiko yang tidak terpikirkan sebelumnya oleh perusahaan. Tujuan penelitian ini untuk mengidentifikasi kondisi implementasi manajamen dan ancaman risiko terhadap proses bisnis pada sebuah perusahaan <em>startup </em>terutama di masa pandemi. Penelitian ini menggunakan metode kualitatif dengan mengacu pada COBIT® 2019 fokus domain DSS04 <em>Manage Continuity </em>dengan melakukan observasi awal terhadap kondisi perusahaan dan wawancara terhadap pemangku kepentingan perusahaan. Hasil penelitian menunjukkan bahwa perusahaan telah melakukan penyesuaian terhadap kebutuhan bisnis selama masa pandemi COVID-19 untuk memastikan keberlangsungan bisnis. Namun dalam pelaksanaannya belum ada pengukuran <em>risk management</em> untuk mengontrol apakah manajemen risiko yang dijalankan sudah tepat, sehingga diperlukan penerapan COBIT® 2019 dalam tata kelola bisnis perusahaan.</p><p> </p><p><em><strong>Abstract</strong></em></p><p><em>The development of information technology (IT) based startups is increasing nowadays. To support the company's business success, IT has risks arising from various circumstances, especially in the era of the COVID-19 pandemic. One alternative that can be used to manage and ensure a conducive and credible business is proper risk management. This is because risk management is important for businesses in increasing profits and maintaining business continuity, especially in the conditions of the COVID-19 pandemic. There is a lot of discussion about IT risk management in general, but research on risk management in dealing with the pandemic needs to be considered. This is because during this pandemic, IT is one of the keys for businesses to survive and win the competition. In addition, the COVID-19 pandemic is included in an extraordinary case that has not occurred in hundreds of years, so that technically the risks from this pandemic are included in risks that were not thought of before by the company. The purpose of this study is to identify the conditions of management implementation and risk threats to business processes at a company startup, especially during the pandemic. This study uses a qualitative method with reference to COBIT® 2019 focused on the DSS04 Manage Continuity domain by conducting initial observations of the company's condition and interviews with company stakeholders. The results show that the company has made adjustments to business needs during the COVID-19 pandemic to ensure business continuity. However, in practice there is no risk management measurement to control whether the risk management is carried out properly, so it is necessary to implement COBIT® 2019 in corporate business governance.</em></p><p><em><strong><br /></strong></em></p>