EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Information Security Risk Assessment Using Situational Awareness Frameworks and Application Tools

Nungky Awang Chandra, Kalamullah Ramli (), Anak Agung Putri Ratna and Teddy Surya Gunawan
Additional contact information
Nungky Awang Chandra: Electrical Engineering, The University of Indonesia, Depok 16424, Indonesia
Kalamullah Ramli: Electrical Engineering, The University of Indonesia, Depok 16424, Indonesia
Anak Agung Putri Ratna: Electrical Engineering, The University of Indonesia, Depok 16424, Indonesia
Teddy Surya Gunawan: Electrical and Computer Engineering Department, Kulliyyah of Engineering, International Islamic University Malaysia, P.O. Box 10, Kuala Lumpur 50728, Malaysia

Risks, 2022, vol. 10, issue 8, 1-26

Abstract: This paper describes the development of situational awareness models and applications to assess cybersecurity risks based on Annex ISO 27001:2013. The risk assessment method used is the direct testing method, namely audit, exercise and penetration testing. The risk assessment of this study is classified into three levels, namely high, medium and low. A high-risk value is an unacceptable risk value. Meanwhile, low and medium risk values can be categorized as acceptable risk values. The results of a network security case study with security performance index indicators based on the percentage of compliance with ISO 27001:2013 annex controls and the value of the risk level of the findings of the three test methods showed that testing with the audit method was 38.29% with a moderate and high-risk level. While the test results with the tabletop exercise method are 75% with low and moderate risk levels. On the other hand, the results with the penetration test method are 16.66%, with moderate and high-risk levels. Test results with unacceptable risk values or high-risk corrective actions are taken through an application. Finally, corrective actions have been verified to prove there is an increase in cyber resilience and security.

Keywords: situational awareness; audit; exercise; penetration test; risk (search for similar items in EconPapers)
JEL-codes: C G0 G1 G2 G3 K2 M2 M4 (search for similar items in EconPapers)
Date: 2022
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2227-9091/10/8/165/pdf (application/pdf)
https://www.mdpi.com/2227-9091/10/8/165/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jrisks:v:10:y:2022:i:8:p:165-:d:890711

Access Statistics for this article

Risks is currently edited by Mr. Claude Zhang

More articles in Risks from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jrisks:v:10:y:2022:i:8:p:165-:d:890711