Dewa Made Sri Arsa

Work place: Department of Information Technology, Faculty of Engineering, Universitas Udayana, Indonesia

E-mail: dewamsa@unud.ac.id

Website:

Research Interests: Computer Architecture and Organization, Image Compression, Image Manipulation, Image Processing

Biography

Dewa Made Sri Arsa, is a lecturer at the Department of Information Technology, Faculty of Engineering, Udayana University Bali, Indonesia. Sri Arsa obtained his bachelor's degree in Computer Science, Udayana University, Bali in 2014 and obtained his master's degree in Computer Science, Indonesia University in 2016. Currently, he actively doing research in Image Processing, Machine Learning, and Optimization.

Email: dewamsa@unud.ac.id

Author Articles
Information Technology Risk Management Using ISO 31000 Based on ISSAF Framework Penetration Testing (Case Study: Election Commission of X City)

By I Gede Ary Suta Sanjaya Gusti Made Arya Sasmita Dewa Made Sri Arsa

DOI: https://doi.org/10.5815/ijcnis.2020.04.03, Pub. Date: 8 Aug. 2020

Election Commission of X City is an institution that serves as the organizer of elections in the X City, which has a website as a medium in the delivery of information to the public and as a medium for the management and structuring of voter data in the domicile of X City. As a website that stores sensitive data, it is necessary to have risk management aimed at improving the security aspects of the website of Election Commission of X City. The Information System Security Assessment Framework (ISSAF) is a penetration testing standard used to test website resilience, with nine stages of attack testing which has several advantages over existing security controls against threats and security gaps, and serves as a bridge between technical and managerial views of penetration testing by applying the necessary controls on both aspects. Penetration testing is carried out to find security holes on the website, which can then be used for assessment on ISO 31000 risk management which includes the stages of risk identification, risk analysis, and risk evaluation. The main findings of this study are testing a combination of penetration testing using the ISSAF framework and ISO 31000 risk management to obtain the security risks posed by a website. Based on this research, obtained the results that there are 18 security gaps from penetration testing, which based on ISO 31000 risk management assessment there are two types of security risks with high level, eight risks of medium level security vulnerabilities, and eight risks of security vulnerability with low levels. Some recommendations are given to overcome the risk of gaps found on the website.

[...] Read more.
Other Articles