Simple and Multi Risk Assessment Framework for Information Security using Process Flow Diagram
Abstract
Keywords
Full Text:
PDFReferences
Alpcan, T., & Bambos, N. (2009). Modeling dependencies in security risk management. Post-Proceedings of the 4th International Conference on Risks and Security of Internet and Systems, CRiSIS 2009, 113–116. https://doi.org/10.1109/CRISIS.2009.5411969
Amutio, M. A., Candau, J., & Mañas, J. (2014). Magerit-version 3, methodology for information systems risk analysis and management, book I-the method. Ministerio de Administraciones Públicas.
Bauchner, H., Fontanarosa, P. B., & Livingston, E. H. (2020). Conserving supply of personal protective equipment—A call for ideas. Jama, 323(19), 1911–1911.
Bayhaqi, A. (2020, April 27). Pemerintah Siapkan Sistem Informasi Satu Data untuk Covid-19 | merdeka.com. Merdeka.Com. https://www.merdeka.com/peristiwa/pemerintah-siapkan-sistem-informasi-satu-data-untuk-covid-19.html
Boole, G. (1854). An investigation of the laws of thought: On which are founded the mathematical theories of logic and probabilities. Dover Publications.
Breier, J. (2014). Asset valuation method for dependent entities. Journal of Internet Services and Information Security, 4(3).
Breier, J., & Schindler, F. (2014). Assets dependencies model in information security risk management. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8407 LNCS, 405–412. https://doi.org/10.1007/978-3-642-55032-4_40
Chen, B., Kalbarczyk, Z., Nicol, D. M., Sanders, W. H., Tan, R., Temple, W. G., Tippenhauer, N. O., Vu, A. H., & Yau, D. K. (2013). Go with the flow: Toward workflow-oriented security assessment. Proceedings of the 2013 New Security Paradigms Workshop, 65–76.
Cook, T. M. (2020). Personal protective equipment during the coronavirus disease (COVID) 2019 pandemic – a narrative review. Anaesthesia, 75(7), 920–927. https://doi.org/10.1111/anae.15071
Fernandez, A., & Garcia, D. F. (2016). Complex vs. simple asset modeling approaches for information security risk assessment: Evaluation with MAGERIT methodology. 2016 Sixth International Conference on Innovative Computing Technology (INTECH), 542–549.
Goforth, E., Yosri, A., El-Dakhakhni, W., & Wiebe, L. (2022). Infrastructure Asset Management System Optimized Configuration: A Genetic Algorithm–Complex Network Theoretic Metamanagement Approach. Journal of Infrastructure Systems, 28(4), 04022029.
Grahanusa Mediatama. (2020, April 9). Kepolisian tindak 18 kasus terkait APD, ini berbagai modus yang digunakan. kontan.co.id. http://nasional.kontan.co.id/news/kepolisian-tindak-18-kasus-terkait-apd-ini-berbagai-modus-yang-digunakan
GTPP COVID-19. (2020). Daftar Website Kabupaten/Kota—Konten Berguna | Gugus Tugas Percepatan Penanganan COVID-19. Covid19.Go.Id. https://covid19.go.id/p/konten/daftar-website-kabupaten-kota
Haimes, Y. Y. (2018). Risk modeling of interdependent complex systems of systems: Theory and practice. Risk Analysis, 38(1), 84–98. https://doi.org/10.1111/risa.12804
Infopublik. (2020). Polisi Ungkap 18 Kasus Penyimpangan dan Penyalahgunaan APD. http://infopublik.id/kategori/lawan-covid-19/448350/polisi-ungkap-18-kasus-penyimpangan-dan-penyalahgunaan-apd
Ionita, D. (2018). Model-Driven Information Security Risk Assessment of Socio-Technical Systems [PhD Thesis, University of Twente]. https://research.utwente.nl/en/publications/model-driven-information-security-risk-assessment-of-socio-techni
Khanmohammadi, K., & Houmb, S. H. (2010). Business process-based information security risk assessment. 2010 Fourth International Conference on Network and System Security, 199–206. https://doi.org/10.1109/NSS.2010.37
Kim, D., & Solomon, M. G. (2018). Fundamentals of Information Systems Security. Jones & Bartlett Learning.
Kohonen, R., Moronen, T., & Heimonen, G. I. (2011). Concepts, Stakeholders, and Value Chains in Smart Energi Business and Services. e-hub.
Kotenko, I., Doynikova, E., Fedorchenko, A., & Desnitsky, V. (2022). Automation of Asset Inventory for Cyber Security: Investigation of Event Correlation-Based Technique. Electronics, 11(15), 2368.
Lam, J. (2014). Enterprise risk management: From incentives to controls. John Wiley & Sons.
Landoll, D. J., & Landoll, D. (2005). The security risk assessment handbook: A complete guide for performing security risk assessments. CRC Press.
Loloei, I., Shahriari, H. R., & Sadeghi, A. (2012). A model for asset valuation in security risk analysis regarding assets dependencies. ICEE 2012 - 20th Iranian Conference on Electrical Engineering, 763–768. https://doi.org/10.1109/IranianCEE.2012.6292456
Lund, M. S., Solhaug, B., & Stølen, K. (2010). Model-driven risk analysis: The CORAS approach. Springer Science & Business Media.
Merdeka. (2020). Kapolri Instruksikan Tindak Tegas Penimbunan & Penyalahgunaan Alat Kesehatan. Merdeka.Com. https://www.merdeka.com/peristiwa/kapolri-instruksikan-tindak-tegas-penimbunan-penyalahgunaan-alat-kesehatan.html
Muller, S. (2018). Risk Monitoring and Intrusion Detection for Industrial Control Systems [PhD Thesis]. University of Luxembourg, Luxembourg.
Muller, S., Harpes, C., Le Traon, Y., Gombault, S., & Bonnin, J.-M. (2017). Efficiently computing the likelihoods of cyclically interdependent risk scenarios. Computers & Security, 64, 59–68. https://doi.org/10.1016/j.cose.2016.09.008
Muller, S., Harpes, C., Le Traon, Y., Gombault, S., Bonnin, J.-M., & Hoffmann, P. (2016). Dynamic risk analyses and dependency-aware root cause model for critical infrastructures. International Conference on Critical Information Infrastructures Security, 163–175.
Naidoo, R. (2020). A multi-level influence model of COVID-19 themed cybercrime. European Journal of Information Systems, 29(3), 1–16. https://doi.org/10.1080/0960085X.2020.1771222
Nielsen, T. D., & Jensen, F. V. (2009). Bayesian networks and decision graphs. Springer Science & Business Media.
Porter, M. E., & Millar, V. E. (1985). How information gives you competitive advantage (Vol. 63). Harvard Business Review Reprint Service.
Rahmad, B. (2010). Analisa Risiko Keamanan Informasi dengan Mempertimbangkan Dependensi Skenario Threat dan Kontrol sebagai Pereduksi Likelihood dan Impact [PhD Thesis]. Institut Teknologi Bandung.
Rahmad, B., Supangkat, S. H., Sembiring, J., & Surendro, K. (2010). Threat Scenario Dependency-Based Model of Information Security Risk Analysis. IJCSNS, 10(8), 93.
Rahmad, B., Supangkat, S. H., Sembiring, J., & Surendro, K. (2012). Modeling asset dependency for security risk analysis using threat-scenario dependency. International Journal of Computer Science and Information Security, 10(4), 103.
Republika. (2020). Kapolri Terbitkan Instruksi Atasi Persoalan Alat Kesehatan | Republika Online. https://republika.co.id/berita/q8f8v4354/kapolri-terbitkan-instruksi-atasi-persoalan-alat-kesehatan
Schmidt, S., & Albayrak, S. (2010). A quantitative framework for dependency-aware organizational IT Risk Management. 2010 10th International Conference on Intelligent Systems Design and Applications, 1207–1212. https://doi.org/10.1109/ISDA.2010.5687022
Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of information security risk assessment (ISRA). Computers & Security, 57, 14–30. https://doi.org/10.1016/j.cose.2015.11.001
Tarjan, R. (1973). Enumeration of the elementary circuits of a directed graph. SIAM Journal on Computing, 2(3), 211–216. https://doi.org/10.1137/0202017
Tatar, Ü., & Karabacak, B. (2012). An hierarchical asset valuation method for information security risk analysis. International Conference on Information Society (i-Society 2012), 286–291. https://fuse.franklin.edu/facstaff-pub
Vesely, W. E., Goldberg, F. F., Roberts, N. H., & Haasl, D. F. (1981). Fault tree handbook (NUREG-0492; p. 209). Nuclear Regulatory Commission Washington DC. http://www.stormingmedia.us/37/3794/A379453.pdf{%}5Cnhttp://ocw.mit.edu/courses/aeronautics-and-astronautics/16-63j-system-safety-fall-2012/related-resources/MIT16{_}63JF12{_}faulttree.pdf{%}5Cnhttp://www.nrc.gov/reading-rm/doc-collections/nuregs/staff/sr0492/
Walpole, R. E., & Myers, R. H. (1995). Ilmu Peluang dan Statistika untuk Insinyur dan Ilmuwan. Instirut Teknologi Bandung.
Wang, L., Islam, T., Long, T., Singhal, A., & Jajodia, S. (2008). An attack graph-based probabilistic security metric. IFIP Annual Conference on Data and Applications Security and Privacy, 5094 LNCS, 283–296. https://doi.org/10.1007/978-3-540-70567-3_22
Wang, R., Li, H., Jing, J., Jiang, L., & Dong, W. (2022). WYSIWYG: IoT Device Identification Based on WebUI Login Pages. Sensors, 22(13), 4892.
Wildberger, N. (Director). (2019). Boolean algebra and set theory | Math Foundations 259.
Yourdon, E. (2006). Just enough structured analysis. Available in Wiki Format at: Http://Yourdon. Com/Strucanalysis/Wiki/Index. Php, 643. https://doi.org/10.3167/015597702782409310
Yunizal, E., Surendro, K., & Santoso, J. (2020). A Method of Simplifying the Asset Dependency Cycle in Security Risk Analysis. The 5th International Conference on Information Technology and Digital Applications (ICITDA 2020), 1077. https://doi.org/10.1088/1757-899x/1077/1/012002
DOI: http://dx.doi.org/10.31958/js.v15i1.9249
Refbacks
- There are currently no refbacks.
Copyright (c) 2023 Edri Yunizal
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Indexed by:
__________________________________________________________________________
Sainstek: Jurnal Sains dan Teknologi
ISSN 2085-8019 (print) | 2580-278x (online)
Published by Institut Agama Islam Negeri Batusangkar
Email: sainstek@iainbatusangkar.ac.id
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.