2022
DOI: 10.3390/risks10080165
|View full text |Cite
|
Sign up to set email alerts
|

Information Security Risk Assessment Using Situational Awareness Frameworks and Application Tools

Abstract: This paper describes the development of situational awareness models and applications to assess cybersecurity risks based on Annex ISO 27001:2013. The risk assessment method used is the direct testing method, namely audit, exercise and penetration testing. The risk assessment of this study is classified into three levels, namely high, medium and low. A high-risk value is an unacceptable risk value. Meanwhile, low and medium risk values can be categorized as acceptable risk values. The results of a network secu… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
3
2
1

Relationship

0
6

Authors

Journals

citations
Cited by 9 publications
(2 citation statements)
references
References 43 publications
0
2
0
Order By: Relevance
“…This lack of achievement in the compliance clause is due to a lack of compliance with LAZNAS. The compliance clause poses the threat of data breach and business continuity [16], which will affect business continuity if this is not addressed immediately. Therefore, enhancing employee training and awareness programs for information security, and improving incident response and recovery procedures are recommended.…”
Section: 472mentioning
confidence: 99%
“…This lack of achievement in the compliance clause is due to a lack of compliance with LAZNAS. The compliance clause poses the threat of data breach and business continuity [16], which will affect business continuity if this is not addressed immediately. Therefore, enhancing employee training and awareness programs for information security, and improving incident response and recovery procedures are recommended.…”
Section: 472mentioning
confidence: 99%
“…Studies show that the ISO 27001 framework has been used to construct information security risk assessment methodologies [18] and capability maturity model assessment tools for organizations [19]. One study categorized the ISO 27001 controls based on their effectiveness in supporting organizations in evaluating and enhancing their ISMS conduct, as well as providing an understanding of relevant security flaws [20].…”
Section: B the Iso/iec 27001:2022 In The Iso 27000 Family Of Standardsmentioning
confidence: 99%