TY - GEN
T1 - The Design of Information Security Risk Management
T2 - 4th International Conference on Computer and Informatics Engineering, IC2IE 2021
AU - Anang, Agus
AU - Gandhi, Arfive
AU - Sucahyo, Yudho Giri
N1 - Funding Information:
This research was supported by PUTI Q2 grant "Digitalisation on Gig Worker: A Manifestation of digital Economy for Indonesia in Industry 4.0 Era" (NKB-1477/UN2.RST/HKp.05.00/2020). We would express our gratitude to the Faculty of Computer Science and Directorate of Research and Community Engagement, Universitas Indonesia.
Funding Information:
ACKNOWLEDGEMENT This research was supported by PUTI Q2 grant “Digitalisation on Gig Worker: A Manifestation of digital Economy for Indonesia in Industry 4.0 Era” (NKB-1477/ UN2.RST/HKp.05.00/2020). We would express our gratitude to the Faculty of Computer Science and Directorate of Research and Community Engagement, Universitas Indonesia.
Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Human Resource Information System (HRIS) as one of the vital information systems at XYZ University, is expected to provide support in accelerating the achievement of XYZ University's strategic goals as a healthy university based on Good University Governance (GUG) through accelerating the provision of relevant, timely, and quality information. However, the management of HRIS is still not in compliance with information security standards, as can be seen from several incidents and the management of these incidents, which are still accidental. The purpose of this study was to obtain a design for HRIS information security risk management. This study uses a qualitative method where data collection is done by interview, observation, and literature review. ISO/IEC 27005:2018 is used as an information security risk assessment, while risk control recommendation uses SNI ISO/IEC 27001:2013. This study resulted in 40 of these risks: 12 High risks, 19 Moderate risks, six Low risks, and three Very Low risks. The results of this study are the design of HRIS's information security risk management at XYZ University.
AB - Human Resource Information System (HRIS) as one of the vital information systems at XYZ University, is expected to provide support in accelerating the achievement of XYZ University's strategic goals as a healthy university based on Good University Governance (GUG) through accelerating the provision of relevant, timely, and quality information. However, the management of HRIS is still not in compliance with information security standards, as can be seen from several incidents and the management of these incidents, which are still accidental. The purpose of this study was to obtain a design for HRIS information security risk management. This study uses a qualitative method where data collection is done by interview, observation, and literature review. ISO/IEC 27005:2018 is used as an information security risk assessment, while risk control recommendation uses SNI ISO/IEC 27001:2013. This study resulted in 40 of these risks: 12 High risks, 19 Moderate risks, six Low risks, and three Very Low risks. The results of this study are the design of HRIS's information security risk management at XYZ University.
KW - HRIS
KW - information security risk management
KW - SNI ISO/IEC 27001:2013
KW - SNI ISO/IEC 27005:2018
UR - http://www.scopus.com/inward/record.url?scp=85124305335&partnerID=8YFLogxK
U2 - 10.1109/IC2IE53219.2021.9649035
DO - 10.1109/IC2IE53219.2021.9649035
M3 - Conference contribution
AN - SCOPUS:85124305335
T3 - Proceedings - 2021 4th International Conference on Computer and Informatics Engineering: IT-Based Digital Industrial Innovation for the Welfare of Society, IC2IE 2021
SP - 198
EP - 203
BT - Proceedings - 2021 4th International Conference on Computer and Informatics Engineering
A2 - Ismail, Iklima Ermis
A2 - Hermawan, Indra
A2 - Rasyidin, Muhammad Yusuf Bagus
A2 - Huzaifa, Malisa
A2 - Muharram, Asep Taufik
A2 - Marcheeta, Noorlela
A2 - Kurniawati, Dewi
A2 - Yuly, Ade Rahma
A2 - Agustin, Maria
A2 - Nalawati, Rizki Elisa
A2 - Nugrahadi, Dodon Turianto
A2 - Budiman, Irwan
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 14 September 2021
ER -