Gunawan, Ibnu and Noertjahyana, Agustinus and Rusli, Hartanto (2014) SECURITY RISK MANAGEMENT AT THE COMPUTER CENTER OF X UNIVERSITY. ARPN Journal of Engineering and Applied Sciences, VOL. 9 (NO. 12). pp. 2906-2911. ISSN 1819-6608
PDF Download (133Kb) | ||
PDF (Paper - Agustinus) Download (3330Kb) | ||
| PDF (cek plagiasi - Agustinus) Download (1440Kb) | Preview |
Abstract
The process of teaching and learning in an information technology based university cannot be separated from the accompanying information technology security risks. For that purpose, we need a risk analysis based on risk management standards that have been widely accepted and commonly used, such as NIST SP 800-30. The performed risk analysis is based on 10 domains of CISSP. So, there is synergy between the two standards that we employed. Besides, the synergy also occurs between the information technology security risks and the teaching and learning process. This paper presents how to create a questionnaire-based assessment of CISSP’s 10 domains mapped into NIST SP 800-30. In addition, this paper elaborates how the assessment of the questionnaires was executed and the result produced for X University. The research outputs that we generate are: a questionnaire-b ased assessment mapping CISSP’s 10 domains into NIST SP 800- 30, the ten major security risks that we discovered at the Computer Center of X University and the risk response planning to mitigate the discovered security risks.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | NIST SP 800-30, CISSP, security, risk, assessment, mapping, information technology. |
Subjects: | Q Science > QA Mathematics > QA76 Computer software |
Divisions: | Faculty of Industrial Technology > Informatics Engineering Department |
Depositing User: | Admin |
Date Deposited: | 06 Jan 2015 22:49 |
Last Modified: | 20 Jun 2023 16:24 |
URI: | https://repository.petra.ac.id/id/eprint/16838 |
Actions (login required)
View Item |