Information Systems Risk Management: Litterature Review

Amraoui, Soumaya; Elmaallam, Mina; Bensaid, Hicham; Kriouile, Abdelaziz

doi:10.5539/cis.v12n3p1

Cited by 11 publications

(6 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In a sense, negative campaigns on social media as a novel attack vector should already be a concern of the personnel in charge of information systems (IS) risk within public utility companies. A preliminary literature review (Amraoui, Elmaallam, Bensaid & Kriouile, 2019), however, shows that this is not yet the case. In fact, if information systems are, de facto, socio-technical systems, organizational overlapping should bring IS people to work more closely with marketing and social media managers.…”

Section: Discussionmentioning

confidence: 92%

Targeting Reputation: A New Vector for Attacks to Critical Infrastructures

Giacomello¹,

Preka²

2021

CIS

View full text Add to dashboard Cite

A substantial portion of critical information infrastructures in advanced economies comprises former public utilities, which in the 1980s/90s were fully or partially privatized, a change justified mainly on economic efficiency grounds. This entailed that these utility companies had to compete in the free market, thus being exposed to the same risks/opportunities as private companies. Much like businesses in other industrial sectors, utility companies have increasingly joined social media over the last decade, as ‘digital’ visibility through social networking platforms, such as Facebook, Twitter, and Instagram has become fundamental. The new (privatized) utilities have relied on marketing and ad campaigns to promote their business and generate revenues. Trust and reputation for companies are primary resources to attract new customers and/or keep old ones, especially for companies with a wide customer base. Trust and reputation are difficult assets to preserve on social media, as they can be subject to negative attacks, including fake campaigns. This paper is a probe that explores a potential attack vector to critical infrastructures via weakening customer and investor trust in (the now private) utilities by blemishing CII-utilities’ reputation on social media. More specifically, the paper considers the possibility of attacks that have the potential to undermine the stability and reliability of critical infrastructures and advances a preliminary justification of why that may happen. We do this by looking at cases in which negative social media campaigns with fake content have been successfully implemented via digital tools.

show abstract

Section: Discussionmentioning

confidence: 92%

Targeting Reputation: A New Vector for Attacks to Critical Infrastructures

Giacomello¹,

Preka²

2021

CIS

View full text Add to dashboard Cite

show abstract

“…The methodology that is used in this research is OCTAVE Allegro with the help of OCTAVE Allegro Worksheets to help understand to create risk assessment. Risk assessment itself is an essential part of risk management that is used to identify, analyze and evaluate a curtain risk [9]. In information technology, information security is a new term that is increasing awareness of access, usage, disclosure, disruption, modification, inspection, recording and destruction of data from an organization that can be accessed [10].…”

Section: Methodsmentioning

confidence: 99%

Academic IS Risk Management using OCTAVE Allegro in Educational Institution

Gerardo

Fajar

2022

Journal-ISI

View full text Add to dashboard Cite

Today, the use of technology is a common thing that is used to support everyday life. However, this technology also carries risks that can compromise the security of information in organizations. Kalbis Institute is a private campus in the East Jakarta area that has been established since 2012. The academic information system used there includes all actors in the campus environment. This risk analysis is carried out to see and understand what risks exist in the current information system. This risk analysis will assess how likely there are threats and vulnerabilities to information systems. This study uses the OCTAVE Allegro method with the help of the OCTAVE Allegro Worksheet. The purpose of this study is to conduct a risk analysis of the academic information system at Kalbis Institute. The result of this study is to look at risk assessments and recommendations for strategies to protect information systems within organization.

show abstract

“…Di dalamnya juga terdapat prinsip serta perspektif umum yang dapat menyatukan proses manajemen risiko dari berbagai standar, yang dikeluarkan oleh Organisasi Standardisasi Internasional (IOS) maupun lembaga lain (Barafort et al, 2019;Muzaimi et al, 2017). Penelitian dari Amraoui et al (2019) menyimpulkan bahwa ISO 31000:2018 adalah pendekatan paling komprehensif untuk manajemen risiko, yang mencakup perihal: komunikasi dan konsultasi, penentuan ruang lingkup, konteks dan kriteria, identifikasi risiko, analisis risiko, evaluasi risiko, manajemen risiko, pemantauan dan tinjauan, serta pencatatan dan pelaporan, seperti yang diilustrasikan pada Gambar 2 (International Organization for Standardization, 2018). Lebih lanjut tentang topik ini, pembaca dapat menggali lebih jauh dari penelitian sebelumnya (Amraoui et al, 2019;Barafort et al, 2017;Eskaluspita, 2020;Grusho et al, 2020;Schnitzler, 2018;Suyasa & Legowo, 2019;Wallin & Xu, 2008;Zhiwei & Zhongyuan, 2012), beserta referensi didalamnya, untuk mendapatkan gambaran tentang penerapan sistem manajemen keamanan informasi, dimana diawali dengan penetapan konteks dan pemahaman proses kritis, serta menilai sensitivitas aset, yang dilanjutkan dengan penilaian risiko yang meliputi identifikasi, analisis dan evaluasi risiko untuk membantu organisasi dalam mewaspadai kerentanan dan mengantisipasi kemungkinan ancaman (Zhiwei & Zhongyuan, 2012).…”

Section: Penelitian Terkaitunclassified

Hasil Penilaian Risiko Keamanan Informasi pada Laboratorium Klinik Berdasarkan Kriteria Kendali Dalam Penerapan ISO 27001

Susanto

2023

JRSI

View full text Add to dashboard Cite

Informasi merupakan bagian dari sistem informasi yang penting untuk dilindungi dari segi kerahasiaan, keutuhan dan ketersediaannya, dalam meningkatkan realibilitasnya. Apalagi informasi yang mengandung data diri dan kesehatan tentu tersedia di laboratorium klinik. Hal ini menjadi pertimbangan bagi manajemen laboratorium klinik untuk menyiapkan transformasi digital pada sistem layanannya. Penelitian ini bertujuan untuk menilai risiko keamanan informasi yang masih muncul pada sebuah laboratorium klinik yang terakreditasi ISO 15189 dan tersertifikasi ISO 9001, sebagai persiapan layanan berbasis digital. Dengan menggunakan pendekatan ISO 27001 yang disematkan pada metode kualitatif dalam penelitian ini, penilaian risiko dilakukan dengan identifikasi, analisis dan evaluasi melalui wawancara dengan pemilik proses pada laboratorium klinik di Jakarta. Sebagai hasilnya, ditemukan bahwa Departemen Busdev&TI memiliki risiko keamanan informasi terbesar (35 risiko dari total 384 risiko), yang memerlukan penanganan lebih lanjut berdasarkan selera risiko yang telah ditetapkan. Oleh karena itu, kewaspadaan pada penggunaan sistem informasi di laboratorium perlu ditingkatkan dari segi keamanan informasi.

show abstract

Information Systems Risk Management: Litterature Review

Cited by 11 publications

References 25 publications

Targeting Reputation: A New Vector for Attacks to Critical Infrastructures

Targeting Reputation: A New Vector for Attacks to Critical Infrastructures

Academic IS Risk Management using OCTAVE Allegro in Educational Institution

Hasil Penilaian Risiko Keamanan Informasi pada Laboratorium Klinik Berdasarkan Kriteria Kendali Dalam Penerapan ISO 27001

Contact Info

Product

Resources

About