SECURITY RISK MANAGEMENT AT THE COMPUTER CENTER OF X UNIVERSITY

Gunawan, Ibnu and Noertjahyana, Agustinus and Rusli, Hartanto (2014) SECURITY RISK MANAGEMENT AT THE COMPUTER CENTER OF X UNIVERSITY. ARPN Journal of Engineering and Applied Sciences, VOL. 9 (NO. 12). pp. 2906-2911. ISSN 1819-6608

	PDF Download (133Kb)
	PDF (Paper - Agustinus) Download (3330Kb)
Preview	PDF (cek plagiasi - Agustinus) Download (1440Kb) | Preview

Abstract

The process of teaching and learning in an information technology based university cannot be separated from the accompanying information technology security risks. For that purpose, we need a risk analysis based on risk management standards that have been widely accepted and commonly used, such as NIST SP 800-30. The performed risk analysis is based on 10 domains of CISSP. So, there is synergy between the two standards that we employed. Besides, the synergy also occurs between the information technology security risks and the teaching and learning process. This paper presents how to create a questionnaire-based assessment of CISSP’s 10 domains mapped into NIST SP 800-30. In addition, this paper elaborates how the assessment of the questionnaires was executed and the result produced for X University. The research outputs that we generate are: a questionnaire-b ased assessment mapping CISSP’s 10 domains into NIST SP 800- 30, the ten major security risks that we discovered at the Computer Center of X University and the risk response planning to mitigate the discovered security risks.

Actions (login required)