Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal International Journal of Electrical, Computer, and Biomedical Engineering (IJECBE)
Hidayatullah, Diar Eka Risqi
Unknown Affiliation
Computer Science & IT Electrical & Electronics Engineering Materials Science & Nanotechnology Medicine & Pharmacology

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Design and Analysis of Information Security Risk Management Based on ISO 27005: Case Study on Audit Management System (AMS) XYZ Internal Audit Department Hidayatullah, Diar Eka Risqi; Kunthi, Raisiffah; Harwahyu, Ruki
International Journal of Electrical, Computer, and Biomedical Engineering Vol. 2 No. 3 (2024)
Publisher : Universitas Indonesia

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.62146/ijecbe.v2i3.81

Abstract

Information security is an important aspect and supported by a report issued by the Internal Audit Foundation entitled Risk in Focus 2024 Global Summary. Biggest risk that will be faced in 2024 is Cybersecurity and Data Security with a score of 73% for the global average. Based on a report issued by International Business Machine (IBM) entitled Cost of a Data Breach Report 2023, takes an average of 204 days to find out about a data leak by an affected agency or organization, and takes 73 days to overcome the data leak. To realize this digitalization, an Audit Management System (AMS) system was implemented which can accommodate the audit process starting from the Planning, Execution and Reporting stages as well as follow-up process for recommendations process. Using AMS is not without risks, access to AMS can be done without a Virtual Private Network (VPN). In this research, a risk assessment was carried out based on the ISO/IEC 27005:2022 standard by proposing a method for calculating consequences based on the classification of data in the system and a method for calculating possibilities based on business processes that have an impact on system vulnerabilities and risks that need to be mitigated. ISO/IEC 27002:2022 will be used to anticipate risks. Results of the risk examination revealed that there were 24 risks with 1 very high-level risk, 3 high level risks, 8 medium level risks, 11 low level risks, and 1 very low-level risk in the XYZ internal audit department.
Co-Authors Harwahyu, Ruki Kunthi, Raisiffah