{"title":"信息安全风险管理的设计:以XYZ大学人力资源信息系统为例","authors":"Agus Anang, Arfive Gandhi, Y. G. Sucahyo","doi":"10.1109/ic2ie53219.2021.9649035","DOIUrl":null,"url":null,"abstract":"Human Resource Information System (HRIS) as one of the vital information systems at XYZ University, is expected to provide support in accelerating the achievement of XYZ University's strategic goals as a healthy university based on Good University Governance (GUG) through accelerating the provision of relevant, timely, and quality information. However, the management of HRIS is still not in compliance with information security standards, as can be seen from several incidents and the management of these incidents, which are still accidental. The purpose of this study was to obtain a design for HRIS information security risk management. This study uses a qualitative method where data collection is done by interview, observation, and literature review. ISO/IEC 27005:2018 is used as an information security risk assessment, while risk control recommendation uses SNI ISO/IEC 27001:2013. This study resulted in 40 of these risks: 12 High risks, 19 Moderate risks, six Low risks, and three Very Low risks. The results of this study are the design of HRIS's information security risk management at XYZ University.","PeriodicalId":178443,"journal":{"name":"2021 4th International Conference of Computer and Informatics Engineering (IC2IE)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"The Design of Information Security Risk Management: A Case Study Human Resources Information System at XYZ University\",\"authors\":\"Agus Anang, Arfive Gandhi, Y. G. Sucahyo\",\"doi\":\"10.1109/ic2ie53219.2021.9649035\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Human Resource Information System (HRIS) as one of the vital information systems at XYZ University, is expected to provide support in accelerating the achievement of XYZ University's strategic goals as a healthy university based on Good University Governance (GUG) through accelerating the provision of relevant, timely, and quality information. However, the management of HRIS is still not in compliance with information security standards, as can be seen from several incidents and the management of these incidents, which are still accidental. The purpose of this study was to obtain a design for HRIS information security risk management. This study uses a qualitative method where data collection is done by interview, observation, and literature review. ISO/IEC 27005:2018 is used as an information security risk assessment, while risk control recommendation uses SNI ISO/IEC 27001:2013. This study resulted in 40 of these risks: 12 High risks, 19 Moderate risks, six Low risks, and three Very Low risks. The results of this study are the design of HRIS's information security risk management at XYZ University.\",\"PeriodicalId\":178443,\"journal\":{\"name\":\"2021 4th International Conference of Computer and Informatics Engineering (IC2IE)\",\"volume\":\"59 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 4th International Conference of Computer and Informatics Engineering (IC2IE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ic2ie53219.2021.9649035\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 4th International Conference of Computer and Informatics Engineering (IC2IE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ic2ie53219.2021.9649035","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The Design of Information Security Risk Management: A Case Study Human Resources Information System at XYZ University
Human Resource Information System (HRIS) as one of the vital information systems at XYZ University, is expected to provide support in accelerating the achievement of XYZ University's strategic goals as a healthy university based on Good University Governance (GUG) through accelerating the provision of relevant, timely, and quality information. However, the management of HRIS is still not in compliance with information security standards, as can be seen from several incidents and the management of these incidents, which are still accidental. The purpose of this study was to obtain a design for HRIS information security risk management. This study uses a qualitative method where data collection is done by interview, observation, and literature review. ISO/IEC 27005:2018 is used as an information security risk assessment, while risk control recommendation uses SNI ISO/IEC 27001:2013. This study resulted in 40 of these risks: 12 High risks, 19 Moderate risks, six Low risks, and three Very Low risks. The results of this study are the design of HRIS's information security risk management at XYZ University.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
