SECURITY RISK MANAGEMENT AT THE COMPUTER CENTER OF X UNIVERSITY

The process of teaching and learning in an information technology based university cannot be separated from the accompanying information technology security risks. For that purpose, we need a risk analysis based on risk management standards that have been widely accepted and commonly used, such as N...

Full description

Saved in:
Bibliographic Details
Published in:ARPN journal of engineering and applied sciences 2014-12, Vol.9 (12), p.2906-2911
Main Authors: Gunawan, Ibnu, Noertjahyana, Agustinus, Rusli, Hartanto
Format: Article
Language:English
Subjects:
Assessments
Computer information security
Information technology
Learning
Risk
Risk analysis
Universities
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The process of teaching and learning in an information technology based university cannot be separated from the accompanying information technology security risks. For that purpose, we need a risk analysis based on risk management standards that have been widely accepted and commonly used, such as NIST SP 800-30. The performed risk analysis is based on 10 domains of CISSP. So, there is synergy between the two standards that we employed. Besides, the synergy also occurs between the information technology security risks and the teaching and learning process. This paper presents how to create a questionnaire-based assessment of CISSP's 10 domains mapped into NIST SP 800-30. In addition, this paper elaborates how the assessment of the questionnaires was executed and the result produced for X University. The research outputs that we generate are: a questionnaire-based assessment mapping CISSP's 10 domains into NIST SP 800-30, the ten major security risks that we discovered at the Computer Center of X University and the risk response planning to mitigate the discovered security risks.
ISSN:1819-6608
1819-6608