Gunawan, Ibnu and Noertjahyana, Agustinus and Rusli, Hartanto (2014) SECURITY RISK MANAGEMENT AT THE COMPUTER CENTER OF X UNIVERSITY. ARPN Journal of Engineering and Applied Sciences, VOL. 9 (NO. 12). pp. 2906-2911. ISSN 1819-6608
Publikasi1_01036_1734.pdf
Download (137kB)
5._Security_risk_management_-_PAPER.pdf
Download (3MB)
5._Security_risk_management_-_CP.pdf
Download (1MB)
Abstract
The process of teaching and learning in an information technology based university cannot be separated from the
accompanying information technology security risks. For that purpose, we need a risk analysis based on risk management
standards that have been widely accepted and commonly used, such as NIST SP 800-30. The performed risk analysis is
based on 10 domains of CISSP. So, there is synergy between the two standards that we employed. Besides, the synergy
also occurs between the information technology security risks and the teaching and learning process. This paper presents
how to create a questionnaire-based assessment of CISSP’s 10 domains mapped into NIST SP 800-30. In addition, this
paper elaborates how the assessment of the questionnaires was executed and the result produced for X University. The
research outputs that we generate are: a questionnaire-b
ased assessment mapping CISSP’s 10 domains into NIST SP 800-
30, the ten major security risks that we discovered at the Computer Center of X University and the risk response planning
to mitigate the discovered security risks.
| Item Type: | Article |
|---|---|
| Uncontrolled Keywords: | NIST SP 800-30, CISSP, security, risk, assessment, mapping, information technology. |
| Subjects: | Q Science > QA Mathematics > QA76 Computer software |
| Divisions: | Faculty of Industrial Technology > Informatics Engineering Department |
| Depositing User: | Admin |
| Date Deposited: | 06 Jan 2015 15:49 |
| Last Modified: | 20 Jun 2023 09:24 |
| URI: | https://repository.petra.ac.id/id/eprint/16838 |
