Visible to the public Security Risk Management Analysis using Failure Mode and Effects Analysis (FMEA) Method and Mitigation Using ISO 27002:2013 for Agency in District Government

TitleSecurity Risk Management Analysis using Failure Mode and Effects Analysis (FMEA) Method and Mitigation Using ISO 27002:2013 for Agency in District Government
Publication TypeConference Paper
Year of Publication2022
AuthorsMuhamad Nur, Gunawan, Lusi, Rahmi, Fitroh, Fitroh
Conference Name2022 10th International Conference on Cyber and IT Service Management (CITSM)
KeywordsFMEA, human factors, information technology, ISO standards, Management information systems, Metrics, Personnel, PMIS, pubcrawl, Resiliency, risk management, risk mitigation, Scalability, security, security risk management, Software
AbstractThe Personnel Management Information System is managed by the Personnel and Human Resources Development Agency on local government office to provide personnel services. The existence of a system and information technology can help ongoing business processes but can have an impact or risk if the proper mitigation is not carried out. It is known that the problems are damage to databases, servers, and computer equipment due to bad weather, network connections being lost due to power outages, data loss due to not having backup data, and human error. This resulted in PMIS being inaccessible for some time, thus hampering ongoing business processes and causing financial losses. This study aims to identify risks, conduct a risk assessment using the failure mode and effects analysis (FMEA) method, and provide mitigation recommendations based on the ISO/IEC 27002:2013 standard. The analysis results obtained 50 failure modes categorized into five asset categories, and six failure modes have a high level. Then provide mitigation recommendations based on the ISO/IEC 27002:2013 Standard, which has been adapted to the needs of Human Resources Development Agency. Thus, the results of this study are expected to assist and serve as material for local office government's consideration in making improvements and security controls to avoid emerging threats to information assets.
DOI10.1109/CITSM56380.2022.9935943
Citation Keymuhamad_nur_security_2022