Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Neptunus: Jurnal Ilmu Komputer dan Teknologi Informasi
Ajeng Wahyuningtyas
Unknown Affiliation
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Analisis dan Manajemen Risiko Keamanan Aset Teknologi Informasi Menggunakan Metode OCTAVE dan FMEA Berbasis ISO 27001:2022: Studi Kasus : Perusahaan XYZ Ajeng Wahyuningtyas; Ni Made Ika Marini Mandenni; Muhammad Alam Pasirulloh
Neptunus: Jurnal Ilmu Komputer Dan Teknologi Informasi Vol. 3 No. 2 (2025): Mei : Neptunus : Jurnal Ilmu Komputer Dan Teknologi Informasi
Publisher : Asosiasi Riset Teknik Elektro dan Informatika Indonesia

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.61132/neptunus.v3i2.796

Abstract

The advancement of information technology has driven companies to adopt technology-based systems to enhance operational efficiency while also increasing the complexity of information security risks. This study aims to analyse risk factors associated with information security assets, identify potential threats, assess risks, and provide mitigation recommendations. The OCTAVE method was applied to identify threats, vulnerabilities, and critical information technology assets, while FMEA was used to determine risk mitigation priorities based on the Risk Priority Number (RPN). The mitigation recommendations were developed in accordance with ISO 27001:2022 standards. Data collection was conducted through interviews with XYZ company representatives, identifying 34 information security asset risks, including 6 hardware failure potentials, 6 software failure potentials, 14 data failure potentials, 4 human resource failure potentials, and 4 network failure potentials. The risk categorisation results revealed 5 high-level risks, 6 moderate-level risks, 20 low-level risks, and 3 very low-level risks. The mitigation recommendations include three ISO/IEC 27001:2022 clauses: Human Resource Controls, Physical Controls, and Information Technology Controls.
Co-Authors Muhammad Alam Pasirulloh Ni Made Ika Marini Mandenni