Information security risk management in small-scale organisations: A case study of secondary schools computerised information systems

Moses, M. Balasingh; Abdullah, Hanifa; Nienaber, Rita C.

doi:10.1109/issa.2013.6641062

Cited by 7 publications

(6 citation statements)

References 67 publications

(172 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Saat ini teknologi informasi bukan hanya digunakan untuk mendukung proses bisnis, namun juga digunakan untuk mendukung strategi bisnis organisasi dan meningkatkan kualitas layanan [1]. Di dalam organisasi, informasi merupakan salah satu aset takberwujud (intangiable asset) yang harus dilindungi untuk menjamin kelangsungan organisasi [2]. Dalam penggunaannya, dimungkinkan terjadinya suatu peristiwa yang tidak diinginkan sehingga penting bagi organisasi untuk mengelola risiko yang dapat membahayakan aset informasi [3].…”

Section: Pendahuluanunclassified

Penilaian Risiko Aset Informasi dengan Metode OCTAVE Allegro: Studi Kasus ICT Fakultas Ilmu Komputer Universitas Sriwijaya

2021

View full text Add to dashboard Cite

Informasi yang merupakan aset berharga bagi organisasi sangat penting dikelola risikonya agar dapat mempertahankan kelangsungan bisnis. ICT Fakultas Ilmu Komputer Universitas Sriwijaya (Fasilkom Unsri) memiliki aset informasi yang harus dilindungi terhadap ancaman baik dari pihak luar maupun dalam. Namun, sayangnya ICT Fasilkom Unsri belum pernah melakukan penilaian risiko dan belum memiliki prosedur secara formal/tertulis mengenai mitigasi risiko. Oleh karena itu, ICT Fasilkom Unsri belum mengetahui tindakan apa yang tepat untuk mengurangi risiko yang akan terjadi. Metode OCTAVE Allegro digunakan untuk membantu organisasi mengidentifikasi, menganalisis, dan mengambil tindakan mitigasi. Berdasarkan hasil penelitian, 5 dari 7 aset informasi yang dikelola oleh ICT Fasilkom Unsri dianggap sebagai aset yang kritikal. Setelah diidentifikasi dan dianalisis, ditemukan 73 risiko keamanan informasi Tindakan yang dapat diambil antara lain, 61 risiko dimitigasi/ditunda, 3 risiko ditunda/diterima, dan 3 risiko diterima. Dengan mengetahui penilaian risiko dari tiap-tiap aset informasi, ICT Fasilkom Unsri dapat membuat keputusan dalam pengurangan risiko secara tepat sesuai dengan kemungkinan-kemungkinan risiko yang akan terjad

show abstract

Section: Pendahuluanunclassified

Penilaian Risiko Aset Informasi dengan Metode OCTAVE Allegro: Studi Kasus ICT Fakultas Ilmu Komputer Universitas Sriwijaya

2021

View full text Add to dashboard Cite

show abstract

“…There are many proposed RA methodologies in the literature that are built on those methodologies where each method has its own objectives, steps, structure and level of application. Based on the OCTAVE methodology and in the context of educational organizations for example , authors of [43] proposed risk assessment framework for a university computing environment and [44] performed an ISRM study in order to educate management and users of a computer information system in secondary schools on how to protect their information assets and reduce risks to their information systems through risk management. In the former, the risk assessment proposed needed skilled individuals that understand statistics, probabilities and information technology.…”

Section: Related Workmentioning

confidence: 99%

The Design and Evaluation of a User-Centric Information Security Risk Assessment and Response Framework

Alohali¹,

Clarke²,

Furnell³

2018

ijacsa

View full text Add to dashboard Cite

The risk of sensitive information disclosure and modification through the use of online services has increased considerably and may result in significant damage. As the management and assessment of such risks is a well-known discipline for organizations, it is a challenge for users from the general public. Users have difficulties in using, understanding and reacting to security-related threats. Moreover, users only try to protect themselves from risks salient to them. Motivated by the lack of risk assessment solutions and limited impact of awareness programs tailored for users of the general public, this paper aims to develop a structured approach to help in protecting users from threats and vulnerabilities and, thus, reducing the overall information security risks. By focusing on the user and that different users react differently to the same stimuli, the authors developed a user-centric risk assessment and response framework that assesses and communicates risk on both user and system level in an individualized, timely and continuous way. Three risk assessment models were proposed that depend on user-centric and behavior-related factors when calculating risk. This framework was evaluated using a scenario-based simulation of a number of users and results analyzed. The analysis demonstrated the effectiveness and feasibility of the proposed approach. Encouragingly, this analysis provided an indication that risk can be assessed differently for the same behavior based upon a number of user-centric and behavioralrelated factors resulting in an individualized granular risk score/level. This granular risk assessment, provided a more insightful evaluation of both risk and response. The analysis of results was also useful in demonstrating how risk is not the same for all users and how the proposed model is effective in adapting to differences between users offering a novel approach to assessing information security risks.

show abstract

“…NAS devices are also run by an operating system that meets the needs and design of the storage system.NAS storage systems have introduced a big range of benefits and advantages over other storage systems. Centrality, Efficiency, Scalability, Availability and simplicity are only some of the features that are provided by NAS storage systems (Moyo, Abdullah, Nienaber, 2013). Flexibility is an advantage in the sense that the NAS can be compatible with couple of industrial protocols and this turn into compatibility with multiple operating systems (Moyo, Abdullah, Nienaber, 2013).At the same time, a drawback of NAS is its inflexibility in the sense that it cannot be configured to be something NAS storage system components differ from DAS components for a simple reason that is the NAS is a computer by itself that have a CPU, memory, network cards and operating system in addition to the Storage Media.…”

Section: Storage Systems Typesmentioning

confidence: 99%

“…A lot of websites and non-specialized people mix between NAS and SAN because of the similarity in the terms that construct the acronyms. The reality is that SAN is totally a deferent technology that is similar to DAS from the point of view that it is an external storage array that is directly connected to more than one computer (Moyo, Abdullah, Nienaber, 2013). The array of Storage devices is a network by itself and that is why it is called Storage Area Network SAN but it has no network connectivity to the computers utilizing it unlike the NAS devices.…”

Section: Storage Systems Typesmentioning

confidence: 99%

Improving the Security of Storage Systems

Awad

Abdullah

2014

International Journal of Mobile Computing and Multimedia Communications

View full text Add to dashboard Cite

Developing security systems to protect the storage systems are needed. The main objective of this paper is to study the security of file storage server of an organization. Different kinds of security threats and a number of security techniques used to protect information will be examined. Thus, in this paper, an assessment plan for evaluating cyber security of local storage systems in organizations is proposed. The assessment model is based on the idea of cyber security domains and risk matrix. The proposed assessment model has been implemented on two prestigious and important organizations in the Kingdom of Bahrain. Storage systems of the assessed organizations found to have cyber security risks of different scales. This conclusion gives certainty to the fact that organizations are not capable of following the cyber security evolution and secure their storage systems from cyber security vulnerabilities and breaches. Organizations with local storage systems can improve the cyber security of their storage systems by applying certain techniques.

show abstract

Information security risk management in small-scale organisations: A case study of secondary schools computerised information systems

Cited by 7 publications

References 67 publications

Penilaian Risiko Aset Informasi dengan Metode OCTAVE Allegro: Studi Kasus ICT Fakultas Ilmu Komputer Universitas Sriwijaya

Penilaian Risiko Aset Informasi dengan Metode OCTAVE Allegro: Studi Kasus ICT Fakultas Ilmu Komputer Universitas Sriwijaya

The Design and Evaluation of a User-Centric Information Security Risk Assessment and Response Framework

Improving the Security of Storage Systems

Contact Info

Product

Resources

About