CFP last date
20 August 2024
Call for Paper
September Edition
IJCA solicits high quality original research papers for the upcoming September edition of the journal. The last date of research paper submission is 20 August 2024

Submit your paper
Know more
The week's pick
Responsive image
iHHO-SMOTe: A Cleansed Approach for Handling Outliers and Reducing Noise to Improve Imbalanced Data Classification

Khaled SH. Raslan Almohammady S. Alsharkawy K.R. Raslan
Random Articles
Reseach Article

Risk Assessment Analysis Website on Tech Company using OCTAVE Allegro Framework

by Akmal Rizqi Azhari, Imam Riadi
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 185 - Number 28
Year of Publication: 2023
Authors: Akmal Rizqi Azhari, Imam Riadi
10.5120/ijca2023923031

Akmal Rizqi Azhari, Imam Riadi . Risk Assessment Analysis Website on Tech Company using OCTAVE Allegro Framework. International Journal of Computer Applications. 185, 28 ( Aug 2023), 25-30. DOI=10.5120/ijca2023923031

@article{ 10.5120/ijca2023923031,
author = { Akmal Rizqi Azhari, Imam Riadi },
title = { Risk Assessment Analysis Website on Tech Company using OCTAVE Allegro Framework },
journal = { International Journal of Computer Applications },
issue_date = { Aug 2023 },
volume = { 185 },
number = { 28 },
month = { Aug },
year = { 2023 },
issn = { 0975-8887 },
pages = { 25-30 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume185/number28/32869-2023923031/ },
doi = { 10.5120/ijca2023923031 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:27:17.657646+05:30
%A Akmal Rizqi Azhari
%A Imam Riadi
%T Risk Assessment Analysis Website on Tech Company using OCTAVE Allegro Framework
%J International Journal of Computer Applications
%@ 0975-8887
%V 185
%N 28
%P 25-30
%D 2023
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Tech Company website is an information system service that supports the ongoing processes of service delivery in the organization, including administration, portfolio, and business process management. However, in the website's information system service, risk assessment needs to be conducted to identify potential threats. In this research study, risk assessment is performed using the OCTAVE Allegro framework. Tech Company is a private enterprise located in Yogyakarta. The aim of this study is to provide recommendations to Tech Company Mukti Yogyakarta regarding vulnerabilities and threats that occur. Risk assessment consists of several stages, including analyzing data obtained through interviews, responses from worksheets, and questionnaires filled out by employees working at Tech Company. The OCTAVE Allegro method is divided into 8 steps, which are building risk measurement criteria; developing a profile of the information assets owned; identifying containers within the information assets; identifying problem areas in the three aspects of the containers, namely technical, physical, and people; identifying threat scenarios; identifying risks; analyzing risks; and selecting mitigation and control approaches based on the suitability of the relative risk score calculations. The testing results conducted on the information system service of Tech Company yielded 4 containers with a mitigation approach, 2 containers with a defer approach, and 2 containers with an accept approach. The highest relative risk score was obtained in the Physical Container (PhC) with a total score of 28, mainly due to natural disasters. The lowest relative risk score was found in Technical Container (TC) 1 and 2, caused by disruptions in internet connectivity leading to service disruptions and temporary interruptions, as well as service interruptions caused by system updates

References
  1. Ramadhan, DL, Febriansyah, R., & Dewi, RS (2020). Risk Management Analysis Using ISO 31000 on Smart Canteen SMA XYZ. JURIKOM (Journal of Computer Rese arch),7(1),91.https://doi.org/10.30865/jurikom.v7i1.1791.
  2. Mahardika, KB, Wijaya, AF, & Cahyono, AD (2019). Information Technology Risk ManagementUsing Iso 31000 : 2018 (Case Study: Cv. Xy). Sebatik, 23(1), 277– 284. https://doi.org/10.46984/sebatik.v23i1.572
  3. Rohman, A., Ambarwati, A., & Setiawan, E. (2020). Analysis of IT Risk Management and Asset Security Using the Octave-S Method. INTECOMS: Journal of Information Technology and Computer Science, 3(2), 298-310.,1–13. https://doi.org/https://doi.org/https://doi. org/10. 31539/ int ecoms.v3i2.1854.
  4. Thenu, PP, Wijaya, AF, Rudianto, C., Kristen, U., & Wacana, S. (2020). Technology Risk Management Analysis Information technology risk Using COBIT 5 (Case Study: PT Global Infotech). 2(1), 1-13.
  5. Mark Talabis, JM (2012). Information Security Risk Assessment Toolkit.
  6. GM (2010). Management Information Systems, 10th Edition (10th Edition).McGraw- Hill/Irwin.
  7. Chopra, A., & Chaudhary, M. (2020). Implementing an Information Security Management System. In Implementing an Information Security Management System. https://doi.org/10.1007/978-1-4842-5413-4.
  8. Jake Kouns, DM (2010). Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams.
  9. Anderson, EJ (2013), Business Risk Management: Models and Analysis. Wiley.
  10. Prof. Dr. Sri Mulyani, Ak., C. (2017). System Analysis and Design Methods (p. 267). Systematics Servant.
  11. Ichsan, R., Falach, A., Abdurrahman, L., Santoso, I., & Si, S. (2021). Octave Allegro Risk Analysis and Information Security Control Design in Hospital Management Information System Billing Module Using Octave Allegro. 8(2), 2709–2722.
  12. Javaid, MI, & Iqbal, MMW (2017). A comprehensive people, process, and technology (PPT) application model for Information Systems (IS) risk management in small/medium enterprises (SME). International Conference on Communication Technologies, ComTech 2017, 78–90. https://doi.org/10.1109/COMTECH.2017.80 65754
  13. Jaya Putra, S., Nur Gunawan, M., Falach Sobri, A.,Muslimin, JM, Amilin, & Saepudin, D. (2020). Information Security Risk Management Analysis Using ISO 27005: 2011 for the Telecommunication Company. 2020 8th International Conference on Cyber and IT Service Management, https://doi.org/10.1109/CITSM50537.2020.9268845
  14. Matondang, N., Isnainiyah, IN, & Muliawatic, A. (2018). Analysis of Information System Data Security Risk Management (Case Study: XYZ Hospital). RESTI Journal (Systems Engineering and Information Technology), 2(1), 282–287. https://doi.org/10.29207/resti.v2i1.96
  15. Mishbahuddin. (2020). Improving Hospital Health Service Management. In Yogyakarta: Stairs of Knowledge (Issue November 2020).
  16. Hadion Wijoyo, Aris Ariyanto, Agus Sudarsono, KDW (2021). Management information System. In Angewandte Chemie International Edition, 6(11), 951–952. (Vol. 13, April Issue).
Index Terms

Computer Science
Information Sciences

Keywords

Risk Assessment Website Octave Allegro

Powered by PhDFocusTM