Simple and Multi Risk Assessment Framework for Information Security using Process Flow Diagram

Sainstek Jurnal Sains dan Teknologi Pub Date : 2023-06-30 DOI:10.31958/js.v15i1.9249

Edri Yunizal, J. Santoso, K. Surendro

{"title":"Simple and Multi Risk Assessment Framework for Information Security using Process Flow Diagram","authors":"Edri Yunizal, J. Santoso, K. Surendro","doi":"10.31958/js.v15i1.9249","DOIUrl":null,"url":null,"abstract":"Organizations need a simple risk assessment framework to understand them. In contrast, risk analysis requires some mathematical tools to be able to estimate risk based on understanding and availability. In practice, the assets, for which the risk will be calculated, are dependent on one another, resulting in inevitable complexity. We propose a framework that addresses these three situations with a process flow diagram. Simplicity is obtained from a conceptual model based on data flow diagrams which are widely used in information system design. This conceptual model can be translated into several risk models at once: graph, Boolean algebra, Boole’s algebra, and set theory. The complexity of asset dependencies is overcome when translating the conceptual model to the risk model. Solutions were shown in case studies of information systems for COVID-19 personal protective equipment in Indonesia, which require the construction of a simple information system, support multiple risk models, and take into account asset dependencies. The multi-risk model enables implementation proofing by testing the risk models used in each other.","PeriodicalId":31905,"journal":{"name":"Sainstek Jurnal Sains dan Teknologi","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Sainstek Jurnal Sains dan Teknologi","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.31958/js.v15i1.9249","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Organizations need a simple risk assessment framework to understand them. In contrast, risk analysis requires some mathematical tools to be able to estimate risk based on understanding and availability. In practice, the assets, for which the risk will be calculated, are dependent on one another, resulting in inevitable complexity. We propose a framework that addresses these three situations with a process flow diagram. Simplicity is obtained from a conceptual model based on data flow diagrams which are widely used in information system design. This conceptual model can be translated into several risk models at once: graph, Boolean algebra, Boole’s algebra, and set theory. The complexity of asset dependencies is overcome when translating the conceptual model to the risk model. Solutions were shown in case studies of information systems for COVID-19 personal protective equipment in Indonesia, which require the construction of a simple information system, support multiple risk models, and take into account asset dependencies. The multi-risk model enables implementation proofing by testing the risk models used in each other.

查看原文本刊更多论文

基于过程流程图的信息安全简易多风险评估框架

组织需要一个简单的风险评估框架来理解它们。相比之下，风险分析需要一些数学工具，以便能够基于理解和可用性来估计风险。在实践中，要计算风险的资产是相互依赖的，导致不可避免的复杂性。我们提出一个框架，用流程流程图来处理这三种情况。基于数据流图的概念模型在信息系统设计中得到了广泛的应用。这个概念模型可以同时转化为几个风险模型:图、布尔代数、布尔代数和集合论。在将概念模型转换为风险模型时，克服了资产依赖关系的复杂性。解决方案以印度尼西亚的COVID-19个人防护装备信息系统为例，要求构建一个简单的信息系统，支持多种风险模型，并考虑到资产依赖性。多风险模型通过测试彼此使用的风险模型来实现验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Sainstek Jurnal Sains dan Teknologi

自引率

0.00%

发文量

审稿时长

8 weeks