首页    期刊浏览 2024年12月03日 星期二
登录注册

文章基本信息

  • 标题:Information Technology Risk Management Using ISO 31000 Based on ISSAF Framework Penetration Testing (Case Study: Election Commission of X City)
  • 本地全文:下载
  • 作者:I Gede Ary Suta Sanjaya ; Gusti Made Arya Sasmita ; Dewa Made Sri Arsa
  • 期刊名称:International Journal of Computer Network and Information Security
  • 印刷版ISSN:2074-9090
  • 电子版ISSN:2231-4946
  • 出版年度:2020
  • 卷号:12
  • 期号:4
  • 页码:30-40
  • DOI:10.5815/ijcnis.2020.04.03
  • 出版社:MECS Publisher
  • 摘要:Election Commission of X City is an institution that serves as the organizer of elections in the X City, which has a website as a medium in the delivery of information to the public and as a medium for the management and structuring of voter data in the domicile of X City. As a website that stores sensitive data, it is necessary to have risk management aimed at improving the security aspects of the website of Election Commission of X City. The Information System Security Assessment Framework (ISSAF) is a penetration testing standard used to test website resilience, with nine stages of attack testing which has several advantages over existing security controls against threats and security gaps, and serves as a bridge between technical and managerial views of penetration testing by applying the necessary controls on both aspects. Penetration testing is carried out to find security holes on the website, which can then be used for assessment on ISO 31000 risk management which includes the stages of risk identification, risk analysis, and risk evaluation. The main findings of this study are testing a combination of penetration testing using the ISSAF framework and ISO 31000 risk management to obtain the security risks posed by a website. Based on this research, obtained the results that there are 18 security gaps from penetration testing, which based on ISO 31000 risk management assessment there are two types of security risks with high level, eight risks of medium level security vulnerabilities, and eight risks of security vulnerability with low levels. Some recommendations are given to overcome the risk of gaps found on the website.
  • 关键词:ISO 31000 Framework;ISSAF Framework;Penetration Testing;Risk Management;Website
国家哲学社会科学文献中心版权所有