CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Analysis Risk Assessment on Hospital Management Information System using Octave Allegro Framework

by Arinda Diahapsari, Imam Riadi
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 184 - Number 24
Year of Publication: 2022
Authors: Arinda Diahapsari, Imam Riadi
10.5120/ijca2022922286

Arinda Diahapsari, Imam Riadi . Analysis Risk Assessment on Hospital Management Information System using Octave Allegro Framework. International Journal of Computer Applications. 184, 24 ( Aug 2022), 27-34. DOI=10.5120/ijca2022922286

@article{ 10.5120/ijca2022922286,
author = { Arinda Diahapsari, Imam Riadi },
title = { Analysis Risk Assessment on Hospital Management Information System using Octave Allegro Framework },
journal = { International Journal of Computer Applications },
issue_date = { Aug 2022 },
volume = { 184 },
number = { 24 },
month = { Aug },
year = { 2022 },
issn = { 0975-8887 },
pages = { 27-34 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume184/number24/32462-2022922286/ },
doi = { 10.5120/ijca2022922286 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:22:18.939280+05:30
%A Arinda Diahapsari
%A Imam Riadi
%T Analysis Risk Assessment on Hospital Management Information System using Octave Allegro Framework
%J International Journal of Computer Applications
%@ 0975-8887
%V 184
%N 24
%P 27-34
%D 2022
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Hospital Management Information Systems (SIMRS) is an information system that supports the service process in hospital both in terms of coordination, reporting, and administrative procedures. However, in the Hospital Management Information System (SIMRS) it is necessary to carry out a risk assessment to find out what threats can occur, in this research case study a risk assessment was carried out using the framework OCTAVE AllegroThe application of the OCTAVE Allegro method is carried out in agencies that already have and apply information technology. The OCTAVE Allegro method has eight steps which are divided into four phases, namely the phase of determining criteria, the asset profile phase, the threat identification phase, and the risk identification and mitigation phase. The steps in the OCTAVE Allegro method include determining risk measurement criteria, creating an information asset profile, identifying information asset containers, identifying the scope of concern, analyzing threat scenarios, identifying risks, analyzing risks, and taking a mitigation approach. Based on the results of the research on the Hospital Management Information System (SIMRS) after taking interview data and observing the risk assessment obtained from a private hospital in Yogyakarta, the results of the mitigated were 4 and accept 3 with a relatively high-risk value found in the Technical Container with a value of 18, which is due to a disruption in the service system caused by a down server, causing all service activities at the hospital to be disrupted or even stopped. The recommendation for this risk threat is to increase the capacity of web hosting or it can also be done by IP filtering several illegal IPs that enter the system and performing maintenance, monitoring, and control.

References
  1. Anderson, EJ (2013), Business Risk Management: Models and Analysis. Wiley.
  2. Angraini, Megawati, & Haris, L. (2019). Risk Assessment on Information Assets an academic Application Using ISO 27001. 2018 6th International Conference on Cyber ​​and IT Service Management, CITSM 2018, Citsm, 1–4. https://doi.org/10.1109/CITSM.2018.8674294
  3. Caralli, RA, Stevens, JF, Young, LR, & Wilson, WR (2007). Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process.
  4. Chopra, A., & Chaudhary, M. (2020). Implementing an Information Security Management System. In Implementing an Information Security Management System. https://doi.org/10.1007/978-1-4842-5413-4
  5. Georgi Popov, Bruce K. Lyon, BH (2016). Risk Assessment: A Practical Guide to Assessing Operational Risks. Wiley.
  6. Gerson, A., Padang, R., Ambarwati, A., & Setiawan, E. (2021). IT Risk Management Assessment Using Quantitative and Qualitative Risk Analysis. 10, 527–537.
  7. Gusni, RSA, Kraugusteeliana, K., & Pradnyana, IWW (2021). Analysis of Information System Security Governance Using Cobit 2019. National Conference on Computer Science (KONIK) 2021, 2019, 434–439. https://prosiding.konik.id/index.php/konik/article/view/92
  8. Hadion Wijoyo, Aris Ariyanto, Agus Sudarsono, KDW (2021). Management information System. In Angewandte Chemie International Edition, 6(11), 951–952. (Vol. 13, April Issue). Independent Scholar.
  9. Ichsan, R., Falach, A., Abdurrahman, L., Santoso, I., & Si, S. (2021). Octave Allegro Risk Analysis and Information Security Control Design in Hospital Management Information System Billing Module Using Octave Allegro. 8(2), 2709–2722.
  10. Jake Kouns, DM (2010). Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams.
  11. James O'Brien, GM (2010). Management Information Systems, 10th Edition (10th Edition). McGraw-Hill/Irwin.
  12. Javaid, MI, & Iqbal, MMW (2017). A comprehensive people, process, and technology (PPT) application model for Information Systems (IS) risk management in small/medium enterprises (SME). International Conference on Communication Technologies, ComTech 2017, 78–90. https://doi.org/10.1109/COMTECH.2017.8065754
  13. Jaya Putra, S., Nur Gunawan, M., Falach Sobri, A., Muslimin, JM, Amilin, & Saepudin, D. (2020). Information Security Risk Management Analysis Using ISO 27005: 2011 for the Telecommunication Company. 2020 8th International Conference on Cyber ​​and IT Service Management, CITSM 2020. https://doi.org/10.1109/CITSM50537.2020.9268845
  14. Mahardika, KB, Wijaya, AF, & Cahyono, AD (2019). Information Technology Risk Management Using Iso 31000 : 2018 (Case Study: Cv. Xy). Sebatik, 23(1), 277–284. https://doi.org/10.46984/sebatik.v23i1.572
  15. Mark Talabis, JM (2012). Information Security Risk Assessment Toolkit.
  16. Matondang, N., Isnainiyah, IN, & Muliawatic, A. (2018). Analysis of Information System Data Security Risk Management (Case Study: XYZ Hospital). RESTI Journal (Systems Engineering and Information Technology), 2(1), 282–287. https://doi.org/10.29207/resti.v2i1.96
  17. Mishbahuddin. (2020). Improving Hospital Health Service Management. In Yogyakarta: Stairs of Knowledge (Issue November 2020).
  18. Mursid, CA, & Sutopo, W. (2017). Risk Management in the Process of Selecting Vendors Using ISO 31000 and Financial Statement Analysis: A Case Study of Bank Indonesia. IDEC National Seminars And Conferences, 1–14.
  19. Muttaqi, FK (nd). Hospital Information System Risk Management Using NIST SP 800-30 Framework (Case Study: RSIA Eria Bunda Pekanbaru). 30.
  20. Prof. Dr. Sri Mulyani, Ak., C. (2017). System Analysis and Design Methods (p. 267). Systematics Servant.
  21. Ramadhan, DL, Febriansyah, R., & Dewi, RS (2020). Risk Management Analysis Using ISO 31000 on Smart Canteen SMA XYZ. JURIKOM (Journal of Computer Research), 7(1), 91. https://doi.org/10.30865/jurikom.v7i1.1791
  22. Rohman, A., Ambarwati, A., & Setiawan, E. (2020). Analysis of IT Risk Management and Asset Security Using the Octave-S Method. INTECOMS: Journal of Information Technology and Computer Science, 3(2), 298-310., 1–13. https://doi.org/https://doi.org/https://doi.org/10.31539/intecoms.v3i2.1854
  23. Sardjono, W., & Cholik, MI (2018). Information Systems Risk Analysis Using Octave Allegro Method Based at Deutsche Bank. Proceedings of 2018 International Conference on Information Management and Technology, ICIMTech 2018, September, 38–42. https://doi.org/10.1109/ICIMTech.2018.8528108
  24. Setyawan, AA, & Wijaya, AF (2018). Analysis of Information Technology Risk Management at Diskominfo Salatiga City Using the Octave-S Method. National Seminar on Indonesian Information Systems, November, 59–64.
  25. Supriyadi, Y., & Hardani, CW (2018). Information system risk scenario using COBIT 5 for risk and NIST SP 800-30 Rev. 1 as a case study. Proceedings - 2018 3rd International Conference on Information Technology, Information Systems and Electrical Engineering, ICITISEE 2018, 287–291. https://doi.org/10.1109/ICITISEE.2018.8721034
  26. Suryanto. (2019). Risk Management and Insurance (Vol. 2). Open University.
  27. Thenu, PP, Wijaya, AF, Rudianto, C., Kristen, U., & Wacana, S. (2020). Technology Risk Management Analysis Information technology risk Using COBIT 5 (Case Study: PT Global Infotech). 2(1), 1-13.
Index Terms

Computer Science
Information Sciences

Keywords

SIMRS Risk assessment Octave Allegro Mitigation

Powered by PhDFocusTM