Gunawan, Ibnu and Noertjahyana, Agustinus (2014) SECURITY RISK MANAGEMENT AT THE COMPUTER CENTER OF X UNIVERSITY. ARPN Journal of Engineering and Applied Sciences, VOL. 9 (NO. 12). pp. 2906-2911. ISSN 1819-6608

[img] PDF
Download (133Kb)


    The process of teaching and learning in an information technology based university cannot be separated from the accompanying information technology security risks. For that purpose, we need a risk analysis based on risk management standards that have been widely accepted and commonly used, such as NIST SP 800-30. The performed risk analysis is based on 10 domains of CISSP. So, there is synergy between the two standards that we employed. Besides, the synergy also occurs between the information technology security risks and the teaching and learning process. This paper presents how to create a questionnaire-based assessment of CISSP’s 10 domains mapped into NIST SP 800-30. In addition, this paper elaborates how the assessment of the questionnaires was executed and the result produced for X University. The research outputs that we generate are: a questionnaire-b ased assessment mapping CISSP’s 10 domains into NIST SP 800- 30, the ten major security risks that we discovered at the Computer Center of X University and the risk response planning to mitigate the discovered security risks.

    Item Type: Article
    Uncontrolled Keywords: NIST SP 800-30, CISSP, security, risk, assessment, mapping, information technology.
    Subjects: Q Science > QA Mathematics > QA76 Computer software
    Divisions: Faculty of Industrial Technology > Informatics Engineering Department
    Depositing User: Admin
    Date Deposited: 06 Jan 2015 22:49
    Last Modified: 06 Jan 2015 22:59
    URI: http://repository.petra.ac.id/id/eprint/16838

    Actions (login required)

    View Item