Risk-assessment based academic information System security policy using octave Allegro and ISO 27002

Jufri, Muhammad; Hendayun, Mokhamad; Suharto, Toto

doi:10.1109/iac.2017.8280541

Cited by 12 publications

(7 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Especially for the FRAP method, the author of the FRAP method, explicitly stated that the FRAP method is not designed to assess the compliance of security requirements. [13], [14], [15], [20], [24] Qualita tive Both the FRAP and OCTAVE method is implemented to meet the business need and requires less time and resources. As mentioned earlier, the OCTAVE method has eight steps and needs knowledge from three levelssenior management, operational area management and staff.…”

Section: The Central Risk Analysis and Management Methods (Cramm)mentioning

confidence: 99%

Risk Assessment Method for Insider Threats in Cyber Security: A Review

Hashim¹,

Abidin²,

Puvanasvaran³

et al. 2018

ijacsa

View full text Add to dashboard Cite

Today's in manufacturing major challenge is to manage large scale of cybersecurity system, which is potentially exposed to a multitude of threats. The utmost risky threats are insider threats. An insider threat arises when a person authorized to perform certain movements in an organization decides to mishandle the trust and harm the organization. Therefore, to overcome these risks, this study evaluates various risk assessment method to assess the impact of insider threats and analyses the current gaps in risk assessment method. Based on the literature search done manually, we compare four methods which are NIST, FRAP, OCTAVE, and CRAMM. The result of the study shows that the most used by an organization is the NIST method. It is because NIST is a method that combines the involvement between human and system in term of collection data. The significance of this study contributes to developing a new method in analyzing the threats that can be used in any organization.

show abstract

Section: The Central Risk Analysis and Management Methods (Cramm)mentioning

confidence: 99%

Risk Assessment Method for Insider Threats in Cyber Security: A Review

Hashim¹,

Abidin²,

Puvanasvaran³

et al. 2018

ijacsa

View full text Add to dashboard Cite

show abstract

“…Security requirements have been widely studied for IT applications, e.g., (Dalpiaz et al 2016;Haley et al 2008;Ionita and Wieringa 2016;Jufri et al 2017;Li 2017;Meier et al 2003;Myagmar et al 2005;Schmitt and Liggesmeyer 2015;Sihwi et al 2016;Sindre and Opdahl 2005;Türpe 2017;Yu et al 2015). The most closely related research threads to our work are those concerned with early-stage security risk analysis.…”

Section: Security Requirements Engineeringmentioning

confidence: 99%

Using machine learning to assist with the selection of security controls during security assessment

et al. 2020

View full text Add to dashboard Cite

In many domains such as healthcare and banking, IT systems need to fulfill various requirements related to security. The elaboration of security requirements for a given system is in part guided by the controls envisaged by the applicable security standards and best practices. An important difficulty that analysts have to contend with during security requirements elaboration is sifting through a large number of security controls and determining which ones have a bearing on the security requirements for a given system. This challenge is often exacerbated by the scarce security expertise available in most organizations. [Objective] In this article, we develop automated decision support for the identification of security controls that are relevant to a specific system in a particular context. [Method and Results] Our approach, which is based on machine learning, leverages historical data from security assessments performed over past systems in order to recommend security controls for a new system. We operationalize and empirically evaluate our approach using real historical data from the banking domain. Our results show that, when one excludes security controls that are rare in the historical data, our approach has an average recall of ≈ 94% and average precision of ≈ 63%. We further examine through a survey the perceptions of security analysts about the usefulness of the classification models derived from historical data. [Conclusions] The high recall -indicating only a few relevant security controls are missed -combined with the reasonable level of precision -indicating that the effort required to confirm recommendations is not excessive -

show abstract

“…A risk is a critical vulnerability that leads to discrepancies in the application of information technology. The System's risk exposure was reviewed with respect to the confidentiality, integrity, and availability [6] [7].…”

Section: Literature Reviewmentioning

confidence: 99%

Implementing IT Risk in ITSM Tools using Octave Allegro Method Based at ITSMProject

Tristian*¹,

Wibowo²

2020

IJRTE

View full text Add to dashboard Cite

The purpose of this research is to identify and conduct risk analysis a Analyze risk on IT Service Management Information System Tools vulnerabilities at IT Service Management project, To obtain the level of vulnerability or weakness of information and to produce a strategic recommendation to overcome the vulnerability of information in the Project, OCTAVE Allegro was used as the method. Awareness of the importance of information system security and its assets to an organization and the impact that may arise from the destruction of the information system and its assets does not seem to be getting attention for most organizations and resulting low performance on Service Management while the evaluation and analysis process is more focused on the management of critical assets owned by the Project. Conclusion of the risk assessment is recommendations on the steps to be taken protect and manage the IT Service information system critical assets at IT Service management Project and also for a better service and achieve Service Level Agreement.

show abstract

Risk-assessment based academic information System security policy using octave Allegro and ISO 27002

Cited by 12 publications

References 1 publication

Risk Assessment Method for Insider Threats in Cyber Security: A Review

Risk Assessment Method for Insider Threats in Cyber Security: A Review

Using machine learning to assist with the selection of security controls during security assessment

Implementing IT Risk in ITSM Tools using Octave Allegro Method Based at ITSMProject

Contact Info

Product

Resources

About