Penilaian Risiko Sistem Informasi Fakultas Teknik Universitas Diponegoro Menggunakan Metode Failure Mode Effect And Analysis Berbasis Framework ISO 27001

The data leakage and misuse of information by unauthorized parties that had happened forces the protection of security of information system in the Faculty of Engineering Diponegoro University (SIFT UNDIP) to be improved. This research aims to identify the risks, to analyze security of information system management, and to  determine risk priority in SIFT UNDIP. This research is conducted using Failure Mode Effect and Analysis method based on ISO 27001 framework. Analysis results show that there are 25 risk agents in SIFT UNDIP which are categorized into four types of assets. The highest risk in High Level Risk category is the risk of dependence on employees which has Risk Priority Number value of 80.

[1]  Chalifa Chazar,et al.  STANDAR MANAJEMEN KEAMANAN SISTEM INFORMASI BERBASIS ISO/IEC 27001:2005 , 2015 .

[2]  Ahmad Nurul Fajar,et al.  Evaluation of ISO 27001 implementation towards information security of cloud service customer in PT. IndoDev Niaga Internet , 2018, Journal of Physics: Conference Series.

[3]  George Q. Huang,et al.  Web-based failure mode and effect analysis (FMEA) , 1999 .

[4]  Princely Ifinedo,et al.  The effects of national culture on the assessment of information security threats and controls in financial services industry , 2014, Int. J. Electron. Bus. Manag..

[5]  Matthias Goeken,et al.  Ontology-Based Evaluation of ISO 27001 , 2010, I3E.

[6]  Candiwan Candiwan,et al.  Information Security Assessment Using ISO/IEC 27001:2013 Standard on Government Institution , 2018, Trikonomika.

[7]  E. W. Berghout,et al.  Evaluation of Information Technology , 1997 .

[8]  M Mufadhol KERAHASIAAN DAN KEUTUHAN KEAMANAN DATA DALAM MENJAGA INTEGRITAS DAN KEBERADAAN INFORMASI DATA , 2009 .

[9]  Shuchih Ernest Chang,et al.  Exploring organizational culture for information security management , 2007, Ind. Manag. Data Syst..

[10]  H. Triandis,et al.  Measurement in Cross-Cultural Psychology , 1985 .

[11]  J. B. Bowles,et al.  Functional reasoning in a failure modes and effects analysis (FMEA) expert system , 1993, Annual Reliability and Maintainability Symposium 1993 Proceedings.

[12]  M. Angela Sasse,et al.  CISOs and organisational culture: Their own worst enemy? , 2013, Comput. Secur..