Information Security Risk Strategy at PT. X Using NIST SP 800-30

  • I Gusti Ngurah Made Putra Eryawan Udayana University
  • Gusti Made Arya Sasmita Udayana University
  • Anak Agung Ketut Agung Cahyawan Wiranatha Udayana University

Abstract

Information security is a vital aspect that must be considered in use of information technology devices by active users. PT. X runs a business that applies information technology related to distribution aspects through company resource planning. Information technology formed assets IT infrastructure, information systems, operating procedures, and network infrastructure. This asset has a potential threat that causes disruption resulting losses. This problem arises to cope through the response to the risk strategy. NIST SP 800-30 method has a flexible risk perspective for the organization and federation standards of American security. Research is divided into risk measurement as a risk, risk mitigation as risk planning, and risk evaluation embodied risk reports. Results of the research show the value of risk through the calculation of the likelihood and impact matrix of the highest threat is at a low level is 14, medium at 12, and high of 4 are categorized good enough.


Keywords: Risk Strategy, Information Security, NIST SP 800-30, Risk

Published
2021-05-27
How to Cite
PUTRA ERYAWAN, I Gusti Ngurah Made; ARYA SASMITA, Gusti Made; AGUNG CAHYAWAN WIRANATHA, Anak Agung Ketut. Information Security Risk Strategy at PT. X Using NIST SP 800-30. Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi), [S.l.], v. 9, n. 3, p. 213-225, may 2021. ISSN 2685-2411. Available at: <https://ojs.unud.ac.id/index.php/merpati/article/view/71122>. Date accessed: 21 nov. 2024. doi: https://doi.org/10.24843/JIM.2021.v09.i03.p03.

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.