Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal International Journal of Advances in Data and Information Systems
I Wayan Novit Marhaendra Putra
School of Business and Management, Institut Teknologi Bandung, Indonesia
Computer Science & IT Electrical & Electronics Engineering

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Managing Inherent IT Business Risk against Cyber Threats: a Decision Analysis Case Study of an Oil and Gas Company I Wayan Novit Marhaendra Putra; Meditya Wasesa
International Journal of Advances in Data and Information Systems Vol. 5 No. 1 (2024): April 2024 - International Journal of Advances in Data and Information Systems
Publisher : Indonesian Scientific Journal

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.59395/ijadis.v5i1.1315

Abstract

XYZ, an anonymized oil and gas company, aims to enhance cyber resilience by strategically managing inherent risk profiles in cybersecurity, aligned with business needs and stakeholder expectations. This research addresses challenges including Information Security Control determination, proficiency improvement in risk management, and ISMS preparedness. Additionally, it tackles procurement strategy for Security Operations Control across XYZ Group, operating under PSC Gross Split, Cost Recovery, and Non-PSC statuses. Utilizing diverse frameworks such as problem tree analysis, stakeholders’ power-interest matrix, MITRE ATT&CK, NIST 800-53, COBIT 2019, ISO 27005:2022, KAMI 5.0, and SMART, data analysis includes risk documents, interviews, and cyber-attack data. The research establishes effective IS Control for risk mitigation, readiness for Information Security Management System ISMS implementation, strategic programs enhancing risk management capability, and refined Security Operations Control procurement. These outcomes, incorporated into a collaborative contract structure, significantly mitigate cyber threats and potential impacts, such as disruptions to operations, revenue reduction, increased costs, data theft, and non-compliance.
Co-Authors Meditya Wasesa