University Information System Security Risk Assessment using NIST 800-30
Monika Evelin Johan1, Moh Fahrur Rizqon2, Ir. Jarot S. Suroso M. Eng3
1Monika Evelin Johan, Information System Management Department, BINUS Graduate Program – Master of Information Systems Management, Bina Nusantara University, Jakarta, Indonesia 11480.
2Moh Fahrur Rizqon, Information System Management Department, BINUS Graduate Program – Master of Information Systems Management, Bina Nusantara University, Jakarta, Indonesia 11480.
3Dr. Ir. Jarot S.Suroso, M.Eng., Information System Management Department, BINUS Graduate Program – Master of Information Systems Management, Bina Nusantara University, Jakarta, Indonesia 11480.
Manuscript received on 05 August 2019. | Revised Manuscript received on 14 August 2019. | Manuscript published on 30 September 2019. | PP: 8380-8285 | Volume-8 Issue-3 September 2019 | Retrieval Number: C6511098319/2019©BEIESP | DOI: 10.35940/ijrte.C6511.098319
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: A good and fast information system is supported by good information technology. To achieve its business goals, optimal and integrated information technology will support good quality services. The XYZ University Information System (UIS) provides a variety of information needed by students, lecturers, and all staff. But the system that is running is still experiencing problems in its use that can pose various risks. To prevent that, a risk assessment is carried out on the UIS to identify various possible risks and prevent them by forming a risk management. This research will be conducted using NIST 800-30. This standard is used with the aim of anticipating risks so that the organization does not experience losses. The preparation of UIS information security risk management carried out in this study has succeeded in identifying 32 risk scenarios, prioritizing risks, providing direction in managing risks and accepting processes whether risks are acceptable or should be mitigated.
Keywords: Information System Risk Assessment, NIST 800-30, Risk Management, University Information System.
Scope of the Article: Simulation Optimization and Risk Management