An Information System Risk Management of a Higher Education Computing Environment

Abstract

Cyber risks, data loss or data leakage, loss exposure are one of the most customer and business significant threats. Those data contained information and were stored in electronic form that made them vulnerable to be hacked. The major target of hackers intruding is the higher education institutions. Therefore, many organizations perform information system risk management to identify their weaknesses and enforce the security of their system. The study aims to identify, analyze, and measure the risks associated with information systems specifically evolve in the higher education sector environment. Then it provides solutions and recommendations for the higher education sector to improve the quality of their information systems. Information system risk management was performed in the computing environment of the Faculty of Medicine, X University. It was conducted using the OCTAVE Allegro framework. The framework can streamline and optimize the information system risk management process through eight steps and various worksheets and questionnaire sheets for guidelines. After completing all the required data, the analysis was conducted to determine the critical information assets for the organization. The results showed that there were 8 (eight) critical information assets. One of them is the Student Profile. It was continued to be assessed using a chronological approach of information system risk management for improving security awareness and formulating mitigation strategies as the control actions. This paper's analysis and results are expected to contribute to the implementation of information system risk management for real case applications in different sectors.