Data and Information Security Analysis in Risk Management Using OCTAVE-S Framework and ISO 27001:2022

Aura sevryan; Rini Indriati; Dwi Harini

doi:10.55506/icdess.v3i1.127

Authors

Aura sevryan UN PGRI Kediri
Rini Indriati UN PGRI Kediri
Dwi Harini UN PGRI Kediri

DOI:

https://doi.org/10.55506/icdess.v3i1.127

Keywords:

Academic system, ISO 27001 2022, OCTAVE-S, Data and information security

Abstract

This study examines security policies from a governance perspective within an institution to assess the level of security of assets, data, and information. The results of this study aim to analyse risks and assist the institution in mitigating those risks. This study uses a literature review of previous studies that focus on the OCTAVE-S Framework and ISO27001:2022. The subject of the study is the Academic System, while the object is UN PGRI Kediri University. The method used is based on ISO 27001:2022 and uses the OCTAVE-S framework. The research data was obtained by conducting interviews with university officials, particularly those responsible for the implementation and security of data and information. From the interview results, the assets were then identified, consisting of the categories of system information and applications, and the second was people (human resources). Next, a classification was made containing a description of the risk level, with the aim of conducting a stoplight assessment. The next step was to classify the interview results into 15 types of security practice evaluations and assign them a stoplight rating as defined earlier. Security aspects with a red stoplight rating were used to produce a risk mitigation document referring to ISO 27001:2022.

Downloads

Download data is not yet available.

References

Allen, C. (2023). Threat Modeling Methodology: OCTAVE. Retrieved November 28, 2024, dari https://www.iriusrisk.com/resources-blog/octave-threat-modeling-methodologies#:~:text=OCTAVE%2DS,(less%20than%20100%20people).

CIO Wiki. (2022). OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation). Retrieved November 28, 2023, dari https://cio-wiki.org/wiki/OCTAVE_%28Operationally_Critical_Threat,_Asset_and_Vulnerability_Evaluation%29?form=MG0AV3

Geograf. (2023, November 28). Pengertian Keamanan Data: Definisi dan Penjelasan Lengkap Menurut Ahli, dari https://geograf.id/jelaskan/pengertian-keamanan-data/?form=MG0AV3

Jamilatulain. (2024). Pengertian Sistem Akademik. Retrieved November 28, 2024, dari https://redasamudera.id/pengertian-sistem-akademik/?form=MG0AV3

Sinaga, R., & Taan, F. (2024). Penerapan ISO/IEC 27001:2022 dalam Tata Kelola Keamanan Sistem Informasi: Evaluasi Proses dan Kendala. NUANSA INFORMATIKA, 18, 46-54. DOI: https://doi.org/10.25134/ilkom.v18i2.205

Culot, G., Nassimbeni, G., Podrecca, M., & Sartor, M. (2021). The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda. Dalam TQM Journal (Vol. 33, Nomor 7). https://doi.org/10.1108/TQM-09-2020-0202 DOI: https://doi.org/10.1108/TQM-09-2020-0202

Galih, A. P. (2020). Keamanan Informasi (Information Security) Pada Aplikasi Perpustakaan IPusnas. AL Maktabah, 5(1). https://doi.org/10.29300/mkt.v5i1.3086 DOI: https://doi.org/10.29300/mkt.v5i1.3086

Kurniawan. (2013). MANAJEMEN RISIKO TEKNOLOGI INFORMASI.

Kurniawan, A. N., & Hanggara, B. T. (2020). Penerapan Manajemen Risiko Teknologi Informasi menggunakan Metode OCTAVE-S pada UPT Pusat Komputer Politeknik Negeri Malang. Pengembangan Teknologi Informasi dan Ilmu Komputer, 4(6).

Putri, T. S., Mutiah, N. M., & Prawira, D. P. (2022). ANALISIS MANAJEMEN RISIKO KEAMANAN INFORMASI MENGGUNAKAN NIST CYBERSECURITY FRAMEWORK DAN ISO/IEC 27001:2013 (Studi Kasus: Badan Pusat Statistik Kalimantan Barat). Coding Jurnal Komputer dan Aplikasi, 10(02). https://doi.org/10.26418/coding.v10i02.54972

Setiawan, I., Sutopo, M., & Azis, A. (2020). Manajamen Risiko SIMRS Menggunakan Metode OCTAVE-S dan Standar Pengendalian ISO/EIC 27001. 7(3), 593–600. http://jurnal.mdp.ac.id

Supriyo. (2017). MENEJMEN RISIKO DALAM PERFEKTIF ISLAM . 5, 130–142. DOI: https://doi.org/10.24127/ja.v5i1.853

Syamsuar, D., Firdaus, A., & Lonando, P. T. (2023). ANALISIS MANAJEMEN RISIKO IT PADA IKEST MUHAMMADIYAH PALEMBANG MENGGUNAKAN METODE OCTAVE – S. Journal of Information System Management (JOISM), 5(1). https://doi.org/10.24076/joism.2023v5i1.1077

Phirke, A., & Ghorpade-Aher, J. (2019). Best practices of auditing in an organization using ISO 27001 standard. International Journal of Recent Technology and Engineering, 8(2 Special Issue 3). https://doi.org/10.35940/ijrte.B1128.0782S319 DOI: https://doi.org/10.35940/ijrte.B1128.0782S319

Putri, T. S., Mutiah, N. M., & Prawira, D. P. (2022). ANALISIS MANAJEMEN RISIKO KEAMANAN INFORMASI MENGGUNAKAN NIST CYBERSECURITY FRAMEWORK DAN ISO/IEC 27001:2013 (Studi Kasus: Badan Pusat Statistik Kalimantan Barat). Coding Jurnal Komputer Dan Aplikasi, 10(02). https://doi.org/10.26418/coding.v10i02.54972 DOI: https://doi.org/10.26418/coding.v10i02.54972

Rido Butar Butar, F., Saputra, E., Marsal, A., Hamzah, M. L., Fronita, M., Studi, P., … Riau, K. (2023). Analisis Manajemen Risiko Keamanan Sistem Pengolahan Data Accurate Menggunakan Metode OCTAVE-S. Jurnal Sains Komputer & Informatika (J-SAKTI, 7(2).

Rohman, A. F., Ambarwati, A., & Setiawan, E. (2020). ANALISIS MANAJEMEN RISIKO IT DAN KEAMANAN ASET MENGGUNAKAN METODE OCTAVE-S IT RISK MANAGEMENT ANALYSIS AND ASSET SECURITY USING OCTAVE-S METHOD. Journal of Information Technology and Computer Science (INTECOMS), 3(2). DOI: https://doi.org/10.31539/intecoms.v3i2.1854

Setiawan, I. (2020). Risk Management SIMRS using OCTAVE-S Method and ISO/EIC 27001 Control Standards. JATISI (Jurnal Teknik Informatika Dan Sistem Informasi), 7(3). https://doi.org/10.35957/jatisi.v7i3.336 DOI: https://doi.org/10.35957/jatisi.v7i3.336

Syamsuar, D., Firdaus, A., & Lonando, P. T. (2023). ANALISIS MANAJEMEN RISIKO IT PADA IKEST MUHAMMADIYAH PALEMBANG MENGGUNAKAN METODE OCTAVE – S. Journal of Information System Management (JOISM), 5(1). https://doi.org/10.24076/joism.2023v5i1.1077 DOI: https://doi.org/10.24076/joism.2023v5i1.1077