TY - GEN
T1 - IT Infrastructure Security Risk Assessment using the Center for Internet Security Critical Security Control Framework
T2 - 3rd International Conference on Computer and Informatics Engineering, IC2IE 2020
AU - Winarno, Heru
AU - Yasin, Fatah
AU - Prasetyo, Muhamad Aries
AU - Rohman, Fathur
AU - Shihab, Muhammad Rifki
AU - Ranti, Benny
N1 - Funding Information:
This study was funded by the 2020 PUTI Research Grant, Universitas Indonesia.
Publisher Copyright:
© 2020 IEEE.
Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.
PY - 2020/9/15
Y1 - 2020/9/15
N2 - PT. XYZ is an insurance company that currently provides a variety of services using electronic systems in 80 service offices throughout Indonesia. At the end of 2019, the company experienced an IT security incident. The core application was hit by a malware attack that caused slow system performance and disruption of insurance operational services. These events have a negative impact on the company both operationally and to customers, so that it becomes a serious concern of management. Therefore, this research aims to see how companies develop infrastructure to ensure the reliability and improvement of IT security. The research methodology used is a qualitative approach by collecting data through documentation and interview studies. Based on the results of the assessment, there were 16 out of 20 controls that exceeded the threshold value. These results illustrate that the security of the IT infrastructure of PT. XYZ is very weak. Therefore, the company must carry out 13 recommendations for improvement that will be carried out in stages. This research is expected to be a lesson for other organizations especially insurance companies to improve the reliability and security of IT infrastructure.
AB - PT. XYZ is an insurance company that currently provides a variety of services using electronic systems in 80 service offices throughout Indonesia. At the end of 2019, the company experienced an IT security incident. The core application was hit by a malware attack that caused slow system performance and disruption of insurance operational services. These events have a negative impact on the company both operationally and to customers, so that it becomes a serious concern of management. Therefore, this research aims to see how companies develop infrastructure to ensure the reliability and improvement of IT security. The research methodology used is a qualitative approach by collecting data through documentation and interview studies. Based on the results of the assessment, there were 16 out of 20 controls that exceeded the threshold value. These results illustrate that the security of the IT infrastructure of PT. XYZ is very weak. Therefore, the company must carry out 13 recommendations for improvement that will be carried out in stages. This research is expected to be a lesson for other organizations especially insurance companies to improve the reliability and security of IT infrastructure.
KW - critical security control center of internet security
KW - insurance
KW - malware
KW - risk assessment
KW - risk assessment method
UR - http://www.scopus.com/inward/record.url?scp=85098945396&partnerID=8YFLogxK
U2 - 10.1109/IC2IE50715.2020.9274594
DO - 10.1109/IC2IE50715.2020.9274594
M3 - Conference contribution
AN - SCOPUS:85098945396
T3 - 2020 3rd International Conference on Computer and Informatics Engineering, IC2IE 2020
SP - 404
EP - 409
BT - 2020 3rd International Conference on Computer and Informatics Engineering, IC2IE 2020
A2 - Hermawan, Indra
A2 - Rasyidin, Muhammad Yusuf Bagus
A2 - Huzaifa, Malisa
A2 - Ermis Ismail, Iklima
A2 - Muharram, Asep Taufik
A2 - Mardiyono, Anggi
A2 - Marcheeta, Noorlela
A2 - Kurniawati, Dewi
A2 - Yuly, Ade Rahma
A2 - Suhanda, Ariawan Andi
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 15 September 2020 through 16 September 2020
ER -