Risk assessment using NIST SP 800-30 revision 1 and ISO 27005 combination technique in profit-based organization: Case study of ZZZ information system application in ABC agency

Muhamad Al Fikri, Fandi Aditya Putra, Yohan Suryanto, Kalamullah Ramli

Research output: Contribution to journalConference article

Abstract

Risk management is a practical step in handling risk scenarios in an organization, including in the field of information security. There are many techniques used to carry out information security risk assessments. One of them is a combination technique using ISO 27005 and NIST SP 800-30 revision 1. Previous research proved that the combination technique could be implemented in a non-profit organization (government). However, the detailed risk assessment steps are not explained clearly yet. Thus, raising the question of whether this new approach can be utilized in a common organization or not (not only non-profit but also profit organization). This research focuses on information security risk assessment by implementing the combination technique in a profit organization using semi-quantitative methods. The result, the combination technique can be used in common organizations both profit and non-profit with clear step by step translation.

Original languageEnglish
Pages (from-to)1206-1215
Number of pages10
JournalProcedia Computer Science
Volume161
DOIs
Publication statusPublished - 1 Jan 2019
Event5th Information Systems International Conference, ISICO 2019 - Surabaya, Indonesia
Duration: 23 Jul 201924 Jul 2019

Keywords

  • Combination technique
  • Information security
  • Risk assessment

Fingerprint Dive into the research topics of 'Risk assessment using NIST SP 800-30 revision 1 and ISO 27005 combination technique in profit-based organization: Case study of ZZZ information system application in ABC agency'. Together they form a unique fingerprint.

  • Cite this