Information Technology Risk Measurement Using NIST (Case Study at Pt. Pintraco)

Author

Gui, Anderes ; Kristanto, Robbyn ; Haron, Hasnah ; Adrian, Ega

Author_Institution

Computerized Accounting Dept., Bina Nusantara Univ., Jakarta, Indonesia

fYear

2010

fDate

2-3 Dec. 2010

Firstpage

191

Lastpage

194

Abstract

The purpose of this study is to measure how big the risk level associated existing information technology at PT. Phintraco and how to minimize the risk of information technology. The research methodology used involves library research, documentation studies and interviews, collected data were analyzed using the NIST method. Results from this study indicate there are 13 types of risks that might occur, one of them at high risk (Malicious code) and there are two risks with a medium risk level (Information theft, server hangs). The conclusion was that risk controls has been applied quite good but still there are some weaknesses in it, among others: the password is not changed periodically, there is no documentation about the system, the right of access to the IT division is too free, antivirus programs inadequate.

Keywords

document handling; information retrieval; information technology; risk analysis; NIST method; antivirus programs inadequate; documentation studies; information technology; library research; risk measurement; Companies; Hardware; Information technology; NIST; Risk management; Security; Servers; Information Technology; Measurement; NIST; Risk;

fLanguage

English

Publisher

ieee

Conference_Titel

Advances in Computing, Control and Telecommunication Technologies (ACT), 2010 Second International Conference on

Conference_Location

Jakarta

Print_ISBN

978-1-4244-8746-2

Electronic_ISBN

978-0-7695-4269-0

Type

conf

DOI

10.1109/ACT.2010.57

Filename

5675809