IT Infrastructure Security Risk Assessment using the Center for Internet Security Critical Security Control Framework: A Case Study at Insurance Company

Heru Winarno, Fatah Yasin, Muhamad Aries Prasetyo, Fathur Rohman, Muhammad Rifki Shihab, Benny Ranti

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

PT. XYZ is an insurance company that currently provides a variety of services using electronic systems in 80 service offices throughout Indonesia. At the end of 2019, the company experienced an IT security incident. The core application was hit by a malware attack that caused slow system performance and disruption of insurance operational services. These events have a negative impact on the company both operationally and to customers, so that it becomes a serious concern of management. Therefore, this research aims to see how companies develop infrastructure to ensure the reliability and improvement of IT security. The research methodology used is a qualitative approach by collecting data through documentation and interview studies. Based on the results of the assessment, there were 16 out of 20 controls that exceeded the threshold value. These results illustrate that the security of the IT infrastructure of PT. XYZ is very weak. Therefore, the company must carry out 13 recommendations for improvement that will be carried out in stages. This research is expected to be a lesson for other organizations especially insurance companies to improve the reliability and security of IT infrastructure.

Original languageEnglish
Title of host publication2020 3rd International Conference on Computer and Informatics Engineering, IC2IE 2020
EditorsIndra Hermawan, Muhammad Yusuf Bagus Rasyidin, Malisa Huzaifa, Iklima Ermis Ismail, Asep Taufik Muharram, Anggi Mardiyono, Noorlela Marcheeta, Dewi Kurniawati, Ade Rahma Yuly, Ariawan Andi Suhanda
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages404-409
Number of pages6
ISBN (Electronic)9781728182476
DOIs
Publication statusPublished - 15 Sep 2020
Event3rd International Conference on Computer and Informatics Engineering, IC2IE 2020 - Depok, Indonesia
Duration: 15 Sep 202016 Sep 2020

Publication series

Name2020 3rd International Conference on Computer and Informatics Engineering, IC2IE 2020

Conference

Conference3rd International Conference on Computer and Informatics Engineering, IC2IE 2020
CountryIndonesia
CityDepok
Period15/09/2016/09/20

Keywords

  • critical security control center of internet security
  • insurance
  • malware
  • risk assessment
  • risk assessment method

Fingerprint Dive into the research topics of 'IT Infrastructure Security Risk Assessment using the Center for Internet Security Critical Security Control Framework: A Case Study at Insurance Company'. Together they form a unique fingerprint.

Cite this