ANALYSIS OF IT RISK MANAGEMENT IN DATA E - LEARNING AND IT ASSETS SECURITY USING NIST SP 800 - 30 Revisions 1

  • Riszullah Ramadhan Putra Universitas Narotama
Keywords: Risk Management, NIST SP 800-30 Revision 1, Information Security.

Abstract

Abstract

Information security is very important for companies and universities. Many negative impacts have been caused by universities if information security is not properly maintained. This study analyzes how university administrators can identify operational risk factors involved with e-Learning operations. The four main types of operational risks involved are data security risk, password security, process risk, and the risk of attacks from hackers.

eLINA (E-Learning Narotama University) has never conducted a risk management assessment on an online-based learning web. To protect the web, as well as maintain the continuity of business processes, this study will use the NIST SP 800-30 Revision 1 method, which consists of four processes, namely preparation for assessment, assessment, communicating results, and maintaining assessment. The final result of this assessment is a recommendation for a mitigation approach for the protection of the online learning system of Narotama University.

Keywords: Risk Management, NIST SP 800-30 Revision 1, Information Security.

References

[1] A. Elanda dan D. Tjahjadi, “Analisis Manajemen Resiko Sistem Keamanan Ids ( Intrusion Detection System ) Dengan Framework Nist ( National Institute Of Standards And Technology ) Sp 800-30 . ( Studi Kasus : Disinfolahtaau Mabes Tni Au ),” vol. 12, no. 1, hal. 1–13, 2018.
[2] H. B. Seta dan T. Rahayu, “MANAJEMEN RISIKO APLIKASI PEMBELAJARAN BERBASIS ONLINE,” hal. 7–12, 2017.
[3] S. Kasus dan S. Sumedang, “Manajemen Risiko Keamanan Informasi Menggunakan Framework NIST SP 800-30 Revisi 1,” vol. 02, no. 02, hal. 1–8, 2017.
[4] S. Patomviriyavong, B. Samphanwattanachai, dan T. Suwannoi, “eLearning Operational Risk Assessment and Management : A Case Study of the M . Sc . in Management Program,” hal. 1–5, 2006.
[5] M. P. Dr. Mamduh M. Hanafi, “Risiko, Proses Manajemen Risiko, dan Enterprise Risk Management,” hal. 1–40, 2018.
[6] J. W. Meritt, “A Method for Quantative Risk Analysis,” Proc. 22nd Natl. Inf. Syst. Secur. Conf., 1999.
[7] M. Mahfouz dan A. Adjei-quaye, “Information Security in an Organization Information Security in an Organization,” no. January, 2017.
[8] E. Llc, e-learning Concepts, Trends, Applications. 2014.
[9] J. Task dan F. Transformation, “Guide for Conducting Risk Assessments,” no. September, 2012.
Published
2019-09-18