Academic IS Risk Management using OCTAVE Allegro in Educational Institution

Gerardo, Vincentius; Fajar, Ahmad Nurul

doi:10.51519/journalisi.v4i3.319

Cited by 8 publications

(5 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This method, developed by the Carnegie Mellon University Software Engineering Institute (SEI), is often used by companies or institutions, both private and government. This method is quite popular for providing assessments of information system implementation such as storing and distributing information as well as detecting information security threats (Gerardo & Fajar, 2022). Identification of these risks is related to the organization's behavior in carrying out its business processes and provides an assessment of the weaknesses of the systems that have been implemented (Gala et al, 2020).…”

Section: Octave Allegromentioning

confidence: 99%

GOVERNANCE EVALUATION ELECTRONIC SECURITY SYSTEM (ESS) (Case Study: ABC Central Bank)

Aziz,

Ikhsanudin,

Hasibuan

2024

SinkrOn

View full text Add to dashboard Cite

As we know, the role of the security system has a very important role for a state institution to provide security and comfort in carrying out its functions, such as the ABC central bank. A good security system is a security system that is supported by a reliable electronic security system and is composed of several components such as a CCTV monitoring system, Access Control System (ACS), Security Alarm System (SAS), and Fire Alarm System (FAS). This system is very necessary to provide support for the duties of these state institutions to protect devices, data and electronic infrastructure from potential threats and security risks. The main functions of electronic security systems include prevention, detection, response to incidents, and recovery after disturbances/disasters. For this reason, efforts are needed to provide an evaluation of the system maturity level and information security management as a form of risk management to maintain the continuity of system use. This research uses the INDEKS KAMI 4.1 to map ESS governance maturity and the OCTAVE Allegro method to analyze information security management. From the analysis carried out, it has been concluded that the ESS implementation has been operated well in accordance with the security system requirements and has reached a good level of governance maturity. Information security management analysis carried out using the OCTAVE Allegro method has succeeded in identifying information security management with the result that information security management has been implemented well. This is proven by the existence of indicators, namely CCTV recording data, log systems as information assets that have been managed and distributed according to authority

show abstract

Section: Octave Allegromentioning

confidence: 99%

GOVERNANCE EVALUATION ELECTRONIC SECURITY SYSTEM (ESS) (Case Study: ABC Central Bank)

Aziz,

Ikhsanudin,

Hasibuan

2024

SinkrOn

View full text Add to dashboard Cite

show abstract

“…Assessment of the identified risks by applying the OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) method with mathematical calculations in the risk assessment analysis (Alsafwani, Fazea, & Alnajjar, 2024;Friman, 2024;Gerardo & Fajar, 2022). OCTAVE is an approach to risk evaluation from three aspects of information security, namely confidentiality, integrity, and availability that is comprehensive, systematic, directed, and self-conducted.…”

Section: Risk Assessmentmentioning

confidence: 99%

Chance Evaluation and Improvement of Get to Control Data Security Administration Based On ISO/IEC 27001 at Telkom University Jakarta Campus

Fachrur Rozi,

Agustav Wirabudi,

Arandiant Rozano

2024

IJSECS

View full text Add to dashboard Cite

The digital-based smart campus system, consisting of components such as the campus application, digital presence with QR code, and campus development dashboard, is one of the services offered by Telkom University Jakarta Campus. In addition, it utilizes artificial intelligence (AI) technology, especially image recognition, to support the Green Campus concept and increase environmental protection efforts, demonstrating the university's dedication to utilizing innovative technologies for a sustainable future. Therefore, the security of information assets is very important. Issues of confidentiality, integrity, and availability can arise if the information security system is not properly managed. This research aims to improve the security information system by conducting a risk assessment using the OCTAVE method. This risk assessment aims to identify the most significant impacts when risks occur and prioritize the most important risks. According to ISO/IEC 27001:2013, safety controls and targets are established. The results of this research are purpose and security management documents, risk management documents, and operational standards of procedures (SOPs). Risk management documents related to information security include risk assessment, risk identification, risk analysis, and evaluation at the campus. Standard Operational Procedures (SOP) documentation includes policy documents, work instructions, and work records that are consistent with the selection of objective controls and security controls for risk management.

show abstract

“…In [42], the authors utilized the OCTAVE allegro approach to evaluate the information system risk at the ed-tech organization to determine the risk mitigation priorities. In [43], the authors established a risk assessment model for universities based on OCTAVE allegro, assessed and evaluated the risk in Higher education Institutes, measured the risk severity, estimated the risk acceptance threshold, and enhanced risk management decision-making. The above facts, vulnerabilities in IoT devices, the significance of the Shodan search engine, and the effectiveness of the OCTAVE Allegro risk assessment methodology urged us to combine all three aspects and execute a massive vulnerability scan on connected IoT devices.…”

Section: Related Workmentioning

confidence: 99%

A Study on Internet of Things Devices Vulnerabilities using Shodan

Rajasekar¹,

Rajkumar²

2023

IJC

View full text Add to dashboard Cite

IoT has attracted a diverse range of applications due to its adaptability, flexibility, and scalability. However, the most significant barriers to IoT adoption are security, privacy, interoperability, and a lack of standards. Due to the persistent online connectivity and lack of security measures, adversaries can quickly attack IoT systems for various adversarial operations, financial gain, and access to sensitive data. We conducted a massive vulnerability scan on IoT devices using Shodan, the IoT search engine. The discovered vulnerabilities are analyzed using the Octave Allegro risk assessment method to determine the risk level (Critical, High, Moderate, Low, None), and the results are classified based on the vulnerabilities. The research findings are intriguing, shocking, and alarming, revealing the bitter reality that IoT devices are rapidly increasing while simultaneously eroding users' privacy on a never-before-seen scale. Our search discovered 13,558 webcams with outdated components, 11,090 devices disclosing NAT-PMP information, and 16,356 connected devices responding to remote telnet access. Around 2,456 IoT devices were found with the Heartbleed vulnerability, 674 with the Ticketbleed vulnerability, and 9,241 with expired SSL certificates. Nearly 18,638 IoT consumer devices are configured with insecure default settings; 11,481 devices with default SNMP agent community names; 4,987 devices running on non-standard ports; and 4,425 Cisco devices are configured with generic or default passwords.

show abstract

Academic IS Risk Management using OCTAVE Allegro in Educational Institution

Cited by 8 publications

References 7 publications

GOVERNANCE EVALUATION ELECTRONIC SECURITY SYSTEM (ESS) (Case Study: ABC Central Bank)

GOVERNANCE EVALUATION ELECTRONIC SECURITY SYSTEM (ESS) (Case Study: ABC Central Bank)

Chance Evaluation and Improvement of Get to Control Data Security Administration Based On ISO/IEC 27001 at Telkom University Jakarta Campus

A Study on Internet of Things Devices Vulnerabilities using Shodan

Contact Info

Product

Resources

About