Information Security Risk Strategy at PT. X Using NIST SP 800-30

Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi Pub Date : 2021-05-27 DOI:10.24843/jim.2021.v09.i03.p03

I. G. N. M. Putra Eryawan, Gusti Made Arya Sasmita, A. A. K. Agung Cahyawan Wiranatha

{"title":"Information Security Risk Strategy at PT. X Using NIST SP 800-30","authors":"I. G. N. M. Putra Eryawan, Gusti Made Arya Sasmita, A. A. K. Agung Cahyawan Wiranatha","doi":"10.24843/jim.2021.v09.i03.p03","DOIUrl":null,"url":null,"abstract":"Information security is a vital aspect that must be considered in use of information technology devices by active users. PT. X runs a business that applies information technology related to distribution aspects through company resource planning. Information technology formed assets IT infrastructure, information systems, operating procedures, and network infrastructure. This asset has a potential threat that causes disruption resulting losses. This problem arises to cope through the response to the risk strategy. NIST SP 800-30 method has a flexible risk perspective for the organization and federation standards of American security. Research is divided into risk measurement as a risk, risk mitigation as risk planning, and risk evaluation embodied risk reports. Results of the research show the value of risk through the calculation of the likelihood and impact matrix of the highest threat is at a low level is 14, medium at 12, and high of 4 are categorized good enough. \nKeywords: Risk Strategy, Information Security, NIST SP 800-30, Risk","PeriodicalId":32334,"journal":{"name":"Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.24843/jim.2021.v09.i03.p03","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Information security is a vital aspect that must be considered in use of information technology devices by active users. PT. X runs a business that applies information technology related to distribution aspects through company resource planning. Information technology formed assets IT infrastructure, information systems, operating procedures, and network infrastructure. This asset has a potential threat that causes disruption resulting losses. This problem arises to cope through the response to the risk strategy. NIST SP 800-30 method has a flexible risk perspective for the organization and federation standards of American security. Research is divided into risk measurement as a risk, risk mitigation as risk planning, and risk evaluation embodied risk reports. Results of the research show the value of risk through the calculation of the likelihood and impact matrix of the highest threat is at a low level is 14, medium at 12, and high of 4 are categorized good enough. Keywords: Risk Strategy, Information Security, NIST SP 800-30, Risk

查看原文本刊更多论文

基于NIST SP 800-30的PT. X信息安全风险策略

信息安全是活跃用户在使用信息技术设备时必须考虑的一个重要方面。PT.X经营着一家通过公司资源规划应用与分销相关的信息技术的公司。信息技术形成了资产—IT基础设施、信息系统、操作程序和网络基础设施。该资产具有潜在的威胁，会造成中断造成的损失。这个问题的产生是为了通过对风险策略的反应来应对。NIST SP 800-30方法对美国安全的组织和联邦标准具有灵活的风险视角。研究分为作为风险的风险测量、作为风险规划的风险缓解和包含风险评估的风险报告。研究结果表明，通过计算风险值的可能性和影响矩阵，最高威胁级别为低级别为14，中等级别为12，高级别为4。关键词：风险策略，信息安全，NIST SP 800-30，风险

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Jurnal Ilmiah Merpati Menara Penelitian Akademika Teknologi Informasi

自引率

0.00%

发文量

审稿时长

24 weeks