| Peer-Reviewed

Risk Management Information Technology Based on ISO 31000:2018 at Institute of Philosophy and Creative Technology, Ledalero

Received: 6 July 2022     Accepted: 29 July 2022     Published: 5 August 2022
Views:       Downloads:
Abstract

Risk is defined as a state of uncertainty, where an undesirable situation occurs and causes a loss for an agency. Therefore, risks need to be managed properly. Risk management is all activities to manage risks or threats that can occur in an agency. One of the standard risk management tools is the ISO 31000:2018. There have been many studies that present how to analyze IT risk management in an agency using the ISO 31000:2018 framework with various methods. From the many articles on risk management in an institution or organization, this framework becomes a reference for analyzing IT risk management in higher education institutions. This research is a case study conducted at the Institute of Philosophy and Creative Technology (IPCT) at Ledalero. The IT risk management analysis work process used is ISO 31000:2018. The methods used in this study were interviews given to the head of the IT division, direct observation, and an open questionnaire given to all work units at IPCT. The purpose of this research is to identify IT assets, identify risks and their impacts, analyze, and treatment risks. The results of this study indicate that the risk impact of 28 elements which is the elaboration of 3 main factors, namely 2 elements are in the Low-Medium category with a scale (0.36-0.42), 5 elements are included in the Medium-Low category with a scale range (0.25-0.34), 7 elements are included in the Minimum-Low category with a scale range ((0.00-0.14), and the most are in the Low-Low category with a scale range (0.15-0.24) which is as many as 14 elements.

Published in American Journal of Computer Science and Technology (Volume 5, Issue 3)
DOI 10.11648/j.ajcst.20220503.13
Page(s) 170-177
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2022. Published by Science Publishing Group

Keywords

Risk Management, Information Technology, ISO 31000:2018

References
[1] D. Deng, “Risk Perception and Acceptance of Information Technology Application Based on Numerical Simulation,” Proc. - 2016 Int. Conf. Smart City Syst. Eng. ICSCSE 2016, pp. 277–280, 2017, doi: 10.1109/ICSCSE.2016.0081.
[2] S. A. Grishaeva and V. I. Borzov, “Information security risk management,” Proc. 2020 IEEE Int. Conf. "Quality Manag. Transp. Inf. Secur. Inf. Technol. IT QM IS 2020, pp. 96–98, 2020, doi: 10.1109/ITQMIS51053.2020.9322901.
[3] X. Wang, J. Xu, M. Zheng, and L. Zhang, “Aviation Risk Analysis: U-bowtie Model Based on Chance Theory,” IEEE Access, vol. 7, pp. 86664–86677, 2019, doi: 10.1109/ACCESS.2019.2926210.
[4] G. Xie, G. Zeng, Y. Liu, J. Zhou, R. Li, and K. Li, “Fast Functional Safety Verification for Distributed Automotive Applications during Early Design Phase,” IEEE Trans. Ind. Electron., vol. 65, no. 5, pp. 4378–4391, 2018, doi: 10.1109/TIE.2017.2762621.
[5] G. Xie et al., “Reliability enhancement toward functional safety goal assurance in energy-aware automotive cyber-physical systems,” IEEE Trans. Ind. Informatics, vol. 14, no. 12, pp. 5447–5462, 2018, doi: 10.1109/TII.2018.2854762.
[6] T. J. Leung and J. Rife, “Refining fault trees using aviation definitions for consequence severity,” IEEE Aerosp. Electron. Syst. Mag., vol. 32, no. 3, pp. 4–14, 2017, doi: 10.1109/MAES.2017.150171.
[7] S. V. Aleksandrova, V. A. Vasiliev, and M. N. Aleksandrov, “Information systems and technologies in quality management,” Proc. 2020 IEEE Int. Conf. "Quality Manag. Transp. Inf. Secur. Inf. Technol. IT QM IS 2020, pp. 173–175, 2020, doi: 10.1109/ITQMIS51053.2020.9322959.
[8] E. Lima, A. L. Lorena, and A. P. Costa, “Structuring the Asset Management Based on ISO 55001 and ISO 31000: Where to Start,” Proc. - 2018 IEEE Int. Conf. Syst. Man, Cybern. SMC 2018, pp. 3094–3099, 2019, doi: 10.1109/SMC.2018.00524.
[9] B. Barafort, A. L. Mesquida, and A. Mas, “ISO 31000-based integrated risk management process assessment model for IT organizations,” J. Softw. Evol. Process, vol. 31, no. 1, pp. 1–15, 2019, doi: 10.1002/smr.1984.
[10] V. Laine, F. Goerlandt, O. V. Banda, M. Baldauf, Y. Koldenhof, and J. Rytkönen, “A risk management framework for maritime Pollution Preparedness and Response: Concepts, processes and tools,” Mar. Pollut. Bull., vol. 171, no. July, 2021, doi: 10.1016/j.marpolbul.2021.112724.
[11] N. N. Aniskina and A. V. Sorokin, “Risk management in running erp-based process model of integrated group of companies,” Proc. 2020 IEEE Int. Conf. "Quality Manag. Transp. Inf. Secur. Inf. Technol. IT QM IS 2020, no. Figure 1, pp. 180–183, 2020, doi: 10.1109/ITQMIS51053.2020.9322891.
[12] O. Rodríguez-Espíndola, S. Chowdhury, P. K. Dey, P. Albores, and A. Emrouznejad, “Analysis of the adoption of emergent technologies for risk management in the era of digital manufacturing,” Technol. Forecast. Soc. Change, vol. 178, no. February 2021, p. 121562, 2022, doi: 10.1016/j.techfore.2022.121562.
[13] K. Buganová and J. Šimíčková, “Risk management in traditional and agile project management,” Transp. Res. Procedia, vol. 40, pp. 986–993, 2019, doi: 10.1016/j.trpro.2019.07.138.
[14] A. Rot, “Enterprise Information Technology,” Encycl. Supply Chain Manag., vol. II, pp. 1–7, 2016, doi: 10.1081/e-escm-120050486.
[15] F. A. Alijoyo, “Risk Management Maturity Assessment based on ISO 31000 – A pathway toward the Organization’s Resilience and Sustainability Post COVID-19: The Case Study of SOE Company in Indonesia,” pp. 125–142, 2021, doi: 10.33422/3rd.icmef.2021.02.134.
[16] I. I. Livshitz, P. A. Lontsikh, N. P. Lontsikh, E. Y. Golovina, and O. M. Safonova, “The effects of cyber-security risks on added value of consulting services for IT-security management systems in holding companies,” Proc. 2020 IEEE Int. Conf. "Quality Manag. Transp. Inf. Secur. Inf. Technol. IT QM IS 2020, pp. 119–122, 2020, doi: 10.1109/ITQMIS51053.2020.9322883.
[17] A. Y. Wicaksono, “Applying ISO:31000:2018 as Risk Management Strategy on Heavy Machinery Vehicle Division,” Int. J. Sci. Eng. Inf. Technol., vol. 4, no. 2, pp. 198–202, 2020, doi: 10.21107/ijseit.v4i2.6871.
[18] M. Urbanek, V. Adamec, B. Schullerova, and J. Kohoutek, “Risk identification of implementation of ITS to real traffic,” Transp. Res. Procedia, vol. 45, no. 2019, pp. 787–794, 2020, doi: 10.1016/j.trpro.2020.02.093.
[19] G. H. S. Rampini, H. Takia, and F. T. Berssaneti, “Critical success factors of risk management with the advent of ISO 31000 2018 - Descriptive and content analyzes,” Procedia Manuf., vol. 39, pp. 894–903, 2019, doi: 10.1016/j.promfg.2020.01.400.
[20] U. R. de Oliveira, F. A. S. Marins, H. M. Rocha, and V. A. P. Salomon, “The ISO 31000 standard in supply chain risk management,” J. Clean. Prod., vol. 151, pp. 616–633, 2017, doi: 10.1016/j.jclepro.2017.03.054.
[21] H. Y. Syahputri and M. L. Kitri, “Enterprise Risk Management Analysis of Group XYZ Based on ISO 31000:2018 Framework,” Asian J. Account. Financ., vol. 2, no. 3, pp. 1–12, 2020, [Online]. Available: http://myjms.moe.gov.my/index.php/ajafin.
[22] I. I. Gutandjala, A. Gui, S. Maryam, and V. Mariani, “Information System Risk Assessment and Management (Study Case at XYZ University),” Proc. 2019 Int. Conf. Inf. Manag. Technol. ICIMTech 2019, vol. 1, no. August, pp. 602–607, 2019, doi: 10.1109/ICIMTech.2019.8843748.
[23] T. Parviainen, F. Goerlandt, I. Helle, P. Haapasaari, and S. Kuikka, “Implementing Bayesian networks for ISO 31000:2018-based maritime oil spill risk management: State-of-art, implementation benefits and challenges, and future research directions,” J. Environ. Manage., vol. 278, no. October 2020, 2021, doi: 10.1016/j.jenvman.2020.111520.
[24] K. Kapsa, “Risk management in biogas plants based on new norm ISO 31000:2018,” Transp. Econ. Logist., vol. 77, pp. 59–72, 2018, doi: 10.26881/etil.2018.77.06.
[25] D. G. Rosado, J. Moreno, L. E. Sánchez, A. Santos-Olmo, M. A. Serrano, and E. Fernández-Medina, “MARISMA-BiDa pattern: Integrated risk analysis for big data,” Comput. Secur., vol. 102, p. 102155, 2021, doi: 10.1016/j.cose.2020.102155.
[26] T. Królikowski and A. Ubowska, “TISAX - Optimization of IT risk management in the automotive industry,” Procedia Comput. Sci., vol. 192, pp. 4259–4268, 2021, doi: 10.1016/j.procs.2021.09.202.
[27] I. R. Management, “A Risk Practitioners Guide to ISO 31000 : 2018,” Inst. Risk Manag., p. 20, 2018.
[28] E. F. Ramly and M. S. Osman, “Development of Risk Management Framework - Case Studies,” Int. Conf. Ind. Eng. Oper. Manag., no. 2015, pp. 2542–2551, 2018.
[29] P. Jain, H. J. Pasman, S. Waldram, E. N. Pistikopoulos, and M. S. Mannan, “Process Resilience Analysis Framework (PRAF): A systems approach for improved risk and safety management,” J. Loss Prev. Process Ind., vol. 53, pp. 61–73, 2018, doi: 10.1016/j.jlp.2017.08.006.
[30] G. Stoneburner, A. Goguen, and A. Feringa, “Risk Management Guide for Information Technology Systems Recommendations,” Comput. Secur. Div. Inf. Technol. Lab. Natl. Inst. Stand. Technol. Gaithersbg., p. 54, 2002.
[31] H. Chung, S. P. Cho, and Y. Jang, “Standardizations on IT risk analysis service in NGN,” Int. Conf. Adv. Commun. Technol. ICACT, pp. 410–413, 2014, doi: 10.1109/ICACT.2014.6778992.
[32] Maniah and S. Milwandhari, “Risk Analysis of Cloud Computing in the Logistics Process,” Proceeding - 2020 3rd Int. Conf. Vocat. Educ. Electr. Eng. Strength. Framew. Soc. 5.0 through Innov. Educ. Electr. Eng. Informatics Eng. ICVEE 2020, pp. 3–7, 2020, doi: 10.1109/ICVEE50212.2020.9243247.
[33] B. Author, J. Hallows, M. Wideman, I. Author, A. Jolyon, and A. Jolyon, “Information Systems Project Management, Second Edition How to Deliver Function and Value in Information Technology Projects,” Inf. Syst., pp. 1–8, 2007.
[34] A. Elzamly and B. Hussin, “An enhancement of framework software risk management methodology for successful software development,” J. Theor. Appl. Inf. Technol., vol. 62, no. 2, pp. 410–423, 2014.
[35] V. Burkov, I. Burkova, S. Barkalov, and T. Averina, “Project Risk Management,” Proc. - 2020 2nd Int. Conf. Control Syst. Math. Model. Autom. Energy Effic. SUMMA 2020, pp. 145–148, 2020, doi: 10.1109/SUMMA50634.2020.9280817.
[36] U. R. De Oliveira, L. Aparecida Neto, P. A. F. Abreu, and V. A. Fernandes, “Risk management applied to the reverse logistics of solid waste,” J. Clean. Prod., vol. 296, 2021, doi: 10.1016/j.jclepro.2021.126517.
[37] J. Masso, F. J. Pino, C. Pardo, F. García, and M. Piattini, “Risk management in the software life cycle: A systematic literature review,” Comput. Stand. Interfaces, vol. 71, no. March 2019, p. 103431, 2020, doi: 10.1016/j.csi.2020.103431.
[38] I. Lavrnić, A. Bašić, and D. Viduka, “Risk assessment of a solar attack according to ISO 31000 standard,” Eng. Rev., vol. 41, no. 1, pp. 120–128, 2021, doi: 10.30765/ER.1566.
[39] X. L. Pavlova and S. O. Shaposhnikov, “Risk management for university competitiveness assurance,” Proc. 2019 IEEE Conf. Russ. Young Res. Electr. Electron. Eng. ElConRus 2019, pp. 1440–1443, 2019, doi: 10.1109/EIConRus.2019.8657275.
[40] A. Syihabuddin, Y. Suryanto, and M. Salman, “Risk Management in Data Centers Using ISO 31000 Case Study : XYZ Agency,” 1st STEEEM 2019, vol. 1, no. 1, pp. 341–352, 2019.
Cite This Article
  • APA Style

    Maria Florentina Rumba, Robertus Mirsel, Fransiskus Xaverius Sabu. (2022). Risk Management Information Technology Based on ISO 31000:2018 at Institute of Philosophy and Creative Technology, Ledalero. American Journal of Computer Science and Technology, 5(3), 170-177. https://doi.org/10.11648/j.ajcst.20220503.13

    Copy | Download

    ACS Style

    Maria Florentina Rumba; Robertus Mirsel; Fransiskus Xaverius Sabu. Risk Management Information Technology Based on ISO 31000:2018 at Institute of Philosophy and Creative Technology, Ledalero. Am. J. Comput. Sci. Technol. 2022, 5(3), 170-177. doi: 10.11648/j.ajcst.20220503.13

    Copy | Download

    AMA Style

    Maria Florentina Rumba, Robertus Mirsel, Fransiskus Xaverius Sabu. Risk Management Information Technology Based on ISO 31000:2018 at Institute of Philosophy and Creative Technology, Ledalero. Am J Comput Sci Technol. 2022;5(3):170-177. doi: 10.11648/j.ajcst.20220503.13

    Copy | Download

  • @article{10.11648/j.ajcst.20220503.13,
      author = {Maria Florentina Rumba and Robertus Mirsel and Fransiskus Xaverius Sabu},
      title = {Risk Management Information Technology Based on ISO 31000:2018 at Institute of Philosophy and Creative Technology, Ledalero},
      journal = {American Journal of Computer Science and Technology},
      volume = {5},
      number = {3},
      pages = {170-177},
      doi = {10.11648/j.ajcst.20220503.13},
      url = {https://doi.org/10.11648/j.ajcst.20220503.13},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ajcst.20220503.13},
      abstract = {Risk is defined as a state of uncertainty, where an undesirable situation occurs and causes a loss for an agency. Therefore, risks need to be managed properly. Risk management is all activities to manage risks or threats that can occur in an agency. One of the standard risk management tools is the ISO 31000:2018. There have been many studies that present how to analyze IT risk management in an agency using the ISO 31000:2018 framework with various methods. From the many articles on risk management in an institution or organization, this framework becomes a reference for analyzing IT risk management in higher education institutions. This research is a case study conducted at the Institute of Philosophy and Creative Technology (IPCT) at Ledalero. The IT risk management analysis work process used is ISO 31000:2018. The methods used in this study were interviews given to the head of the IT division, direct observation, and an open questionnaire given to all work units at IPCT. The purpose of this research is to identify IT assets, identify risks and their impacts, analyze, and treatment risks. The results of this study indicate that the risk impact of 28 elements which is the elaboration of 3 main factors, namely 2 elements are in the Low-Medium category with a scale (0.36-0.42), 5 elements are included in the Medium-Low category with a scale range (0.25-0.34), 7 elements are included in the Minimum-Low category with a scale range ((0.00-0.14), and the most are in the Low-Low category with a scale range (0.15-0.24) which is as many as 14 elements.},
     year = {2022}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Risk Management Information Technology Based on ISO 31000:2018 at Institute of Philosophy and Creative Technology, Ledalero
    AU  - Maria Florentina Rumba
    AU  - Robertus Mirsel
    AU  - Fransiskus Xaverius Sabu
    Y1  - 2022/08/05
    PY  - 2022
    N1  - https://doi.org/10.11648/j.ajcst.20220503.13
    DO  - 10.11648/j.ajcst.20220503.13
    T2  - American Journal of Computer Science and Technology
    JF  - American Journal of Computer Science and Technology
    JO  - American Journal of Computer Science and Technology
    SP  - 170
    EP  - 177
    PB  - Science Publishing Group
    SN  - 2640-012X
    UR  - https://doi.org/10.11648/j.ajcst.20220503.13
    AB  - Risk is defined as a state of uncertainty, where an undesirable situation occurs and causes a loss for an agency. Therefore, risks need to be managed properly. Risk management is all activities to manage risks or threats that can occur in an agency. One of the standard risk management tools is the ISO 31000:2018. There have been many studies that present how to analyze IT risk management in an agency using the ISO 31000:2018 framework with various methods. From the many articles on risk management in an institution or organization, this framework becomes a reference for analyzing IT risk management in higher education institutions. This research is a case study conducted at the Institute of Philosophy and Creative Technology (IPCT) at Ledalero. The IT risk management analysis work process used is ISO 31000:2018. The methods used in this study were interviews given to the head of the IT division, direct observation, and an open questionnaire given to all work units at IPCT. The purpose of this research is to identify IT assets, identify risks and their impacts, analyze, and treatment risks. The results of this study indicate that the risk impact of 28 elements which is the elaboration of 3 main factors, namely 2 elements are in the Low-Medium category with a scale (0.36-0.42), 5 elements are included in the Medium-Low category with a scale range (0.25-0.34), 7 elements are included in the Minimum-Low category with a scale range ((0.00-0.14), and the most are in the Low-Low category with a scale range (0.15-0.24) which is as many as 14 elements.
    VL  - 5
    IS  - 3
    ER  - 

    Copy | Download

Author Information
  • Philosophy Faculty, Institute of Philosophy and Creative Technology, Ledalero, Indonesia

  • Philosophy Faculty, Institute of Philosophy and Creative Technology, Ledalero, Indonesia

  • Library Bureau, Institute of Philosophy and Creative Technology, Ledalero, Indonesia

  • Sections