使用NIST进行信息技术风险度量(以Pintraco公司为例)

2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies Pub Date : 2010-12-02 DOI:10.1109/ACT.2010.57

A. Gui, R. Kristanto, Hasnah Haron, Ega Adrian

{"title":"使用NIST进行信息技术风险度量(以Pintraco公司为例)","authors":"A. Gui, R. Kristanto, Hasnah Haron, Ega Adrian","doi":"10.1109/ACT.2010.57","DOIUrl":null,"url":null,"abstract":"The purpose of this study is to measure how big the risk level associated existing information technology at PT. Phintraco and how to minimize the risk of information technology. The research methodology used involves library research, documentation studies and interviews, collected data were analyzed using the NIST method. Results from this study indicate there are 13 types of risks that might occur, one of them at high risk (Malicious code) and there are two risks with a medium risk level (Information theft, server hangs). The conclusion was that risk controls has been applied quite good but still there are some weaknesses in it, among others: the password is not changed periodically, there is no documentation about the system, the right of access to the IT division is too free, antivirus programs inadequate.","PeriodicalId":147311,"journal":{"name":"2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies","volume":"273 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Information Technology Risk Measurement Using NIST (Case Study at Pt. Pintraco)\",\"authors\":\"A. Gui, R. Kristanto, Hasnah Haron, Ega Adrian\",\"doi\":\"10.1109/ACT.2010.57\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The purpose of this study is to measure how big the risk level associated existing information technology at PT. Phintraco and how to minimize the risk of information technology. The research methodology used involves library research, documentation studies and interviews, collected data were analyzed using the NIST method. Results from this study indicate there are 13 types of risks that might occur, one of them at high risk (Malicious code) and there are two risks with a medium risk level (Information theft, server hangs). The conclusion was that risk controls has been applied quite good but still there are some weaknesses in it, among others: the password is not changed periodically, there is no documentation about the system, the right of access to the IT division is too free, antivirus programs inadequate.\",\"PeriodicalId\":147311,\"journal\":{\"name\":\"2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies\",\"volume\":\"273 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-12-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ACT.2010.57\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ACT.2010.57","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

本研究的目的是测量PT. Phintraco与现有信息技术相关的风险水平有多大，以及如何将信息技术风险最小化。使用的研究方法包括图书馆研究、文献研究和访谈，收集的数据使用NIST方法进行分析。本研究结果表明，可能发生的风险有13种，其中高风险的风险有1种(恶意代码)，中等风险的风险有2种(信息盗窃、服务器挂起)。结论是，风险控制已经得到了很好的应用，但仍然存在一些弱点，其中包括:密码没有定期更改，没有关于系统的文档，it部门的访问权限过于自由，防病毒程序不足。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Information Technology Risk Measurement Using NIST (Case Study at Pt. Pintraco)

The purpose of this study is to measure how big the risk level associated existing information technology at PT. Phintraco and how to minimize the risk of information technology. The research methodology used involves library research, documentation studies and interviews, collected data were analyzed using the NIST method. Results from this study indicate there are 13 types of risks that might occur, one of them at high risk (Malicious code) and there are two risks with a medium risk level (Information theft, server hangs). The conclusion was that risk controls has been applied quite good but still there are some weaknesses in it, among others: the password is not changed periodically, there is no documentation about the system, the right of access to the IT division is too free, antivirus programs inadequate.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies

自引率

0.00%

发文量