Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Proceeding International Conference on Digital Education and Social Science
Aura sevryan
UN PGRI Kediri
Computer Science & IT Economics, Econometrics & Finance Education Engineering Social Sciences

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Data and Information Security Analysis in Risk Management Using OCTAVE-S Framework and ISO 27001:2022 Aura sevryan; Rini Indriati; Dwi Harini
Proceeding International Conference on Digital Education and Social Science Vol. 3 No. 1 (2025): Proceeding International Conference on Digital Education and Social Science 202
Publisher : Asosiasi Pengelola Publikasi Ilmiah (APPI) PT PGRI

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.55506/icdess.v3i1.127

Abstract

This study examines security policies from a governance perspective within an institution to assess the level of security of assets, data, and information. The results of this study aim to analyse risks and assist the institution in mitigating those risks. This study uses a literature review of previous studies that focus on the OCTAVE-S Framework and ISO27001:2022. The subject of the study is the Academic System, while the object is UN PGRI Kediri University. The method used is based on ISO 27001:2022 and uses the OCTAVE-S framework. The research data was obtained by conducting interviews with university officials, particularly those responsible for the implementation and security of data and information. From the interview results, the assets were then identified, consisting of the categories of system information and applications, and the second was people (human resources). Next, a classification was made containing a description of the risk level, with the aim of conducting a stoplight assessment. The next step was to classify the interview results into 15 types of security practice evaluations and assign them a stoplight rating as defined earlier. Security aspects with a red stoplight rating were used to produce a risk mitigation document referring to ISO 27001:2022.
Co-Authors Dwi Harini Rini Indriati