{"title":"基于过程流程图的信息安全简易多风险评估框架","authors":"Edri Yunizal, J. Santoso, K. Surendro","doi":"10.31958/js.v15i1.9249","DOIUrl":null,"url":null,"abstract":"Organizations need a simple risk assessment framework to understand them. In contrast, risk analysis requires some mathematical tools to be able to estimate risk based on understanding and availability. In practice, the assets, for which the risk will be calculated, are dependent on one another, resulting in inevitable complexity. We propose a framework that addresses these three situations with a process flow diagram. Simplicity is obtained from a conceptual model based on data flow diagrams which are widely used in information system design. This conceptual model can be translated into several risk models at once: graph, Boolean algebra, Boole’s algebra, and set theory. The complexity of asset dependencies is overcome when translating the conceptual model to the risk model. Solutions were shown in case studies of information systems for COVID-19 personal protective equipment in Indonesia, which require the construction of a simple information system, support multiple risk models, and take into account asset dependencies. The multi-risk model enables implementation proofing by testing the risk models used in each other.","PeriodicalId":31905,"journal":{"name":"Sainstek Jurnal Sains dan Teknologi","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Simple and Multi Risk Assessment Framework for Information Security using Process Flow Diagram\",\"authors\":\"Edri Yunizal, J. Santoso, K. Surendro\",\"doi\":\"10.31958/js.v15i1.9249\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Organizations need a simple risk assessment framework to understand them. In contrast, risk analysis requires some mathematical tools to be able to estimate risk based on understanding and availability. In practice, the assets, for which the risk will be calculated, are dependent on one another, resulting in inevitable complexity. We propose a framework that addresses these three situations with a process flow diagram. Simplicity is obtained from a conceptual model based on data flow diagrams which are widely used in information system design. This conceptual model can be translated into several risk models at once: graph, Boolean algebra, Boole’s algebra, and set theory. The complexity of asset dependencies is overcome when translating the conceptual model to the risk model. Solutions were shown in case studies of information systems for COVID-19 personal protective equipment in Indonesia, which require the construction of a simple information system, support multiple risk models, and take into account asset dependencies. The multi-risk model enables implementation proofing by testing the risk models used in each other.\",\"PeriodicalId\":31905,\"journal\":{\"name\":\"Sainstek Jurnal Sains dan Teknologi\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Sainstek Jurnal Sains dan Teknologi\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.31958/js.v15i1.9249\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Sainstek Jurnal Sains dan Teknologi","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.31958/js.v15i1.9249","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Simple and Multi Risk Assessment Framework for Information Security using Process Flow Diagram
Organizations need a simple risk assessment framework to understand them. In contrast, risk analysis requires some mathematical tools to be able to estimate risk based on understanding and availability. In practice, the assets, for which the risk will be calculated, are dependent on one another, resulting in inevitable complexity. We propose a framework that addresses these three situations with a process flow diagram. Simplicity is obtained from a conceptual model based on data flow diagrams which are widely used in information system design. This conceptual model can be translated into several risk models at once: graph, Boolean algebra, Boole’s algebra, and set theory. The complexity of asset dependencies is overcome when translating the conceptual model to the risk model. Solutions were shown in case studies of information systems for COVID-19 personal protective equipment in Indonesia, which require the construction of a simple information system, support multiple risk models, and take into account asset dependencies. The multi-risk model enables implementation proofing by testing the risk models used in each other.