Information Security Breach Paper

1724 Words7 Pages

1. Introduction
Nowadays, information security becomes an important thing for the organization because the data and information is one asset that has a high economic value. This is demonstrated by the many security breaches continues to increase, both in terms of the number of incidents as well as financial losses. In 2014, PWC's survey stated the number of incidents of security breach incidents as much as 42,800,000 or 48% greater than in 2013, while the total financial losses increased by 34% compared to the year 2013 (pwc.com, 2014) [1].
Currently institution or organization must remain vigilant in the face of evolving threats. Many agencies and organizations recognize the importance of information security as one of the parts of the business …show more content…

Open Security Foundation released a survey which stated that as many as 35% of security breaches occur on Educational Institutions (opensecurityfoundation.org, 2014). Educational institutions are targeted by people who are not responsible because these institutions are a storehouse of personal data. Survey of IT leaders shows the challenges for the future education institutions, one of which is to protect the personal data of students, organizations and intellectual property that tops the list at 79% (edtechmagazine.com, 2014).
Based on Id-SIRTII source, in Figure 1 shows that the attack on the academy website (ac.id) in 2013 amounted to 18.98%, this figure has second position after the government website (go.id) that is equal to 27.42% [3]. Because the number of threats that occur in Educational Institutions and it continues to increase each year, the researchers want to know the information security risks in the scope of Higher Education in Indonesia, especially Bandung, with coverage of Academic Information Systems, because in this system a lot of data and critical information is …show more content…

Description of Likelihood Scale

For ease exploitation (vulnerability), its value refers to the value range of NIST standard SP 800-30. Low category (where a value of 0) means that the small vulnerability or appropriate security controls have been implemented completely. Medium with a value of 1 means that the vulnerability is moderate and appropriate security controls done partially. High with a value of 2 means that the vulnerability must receive attention and will result in an adverse impact, the relevant security controls are not implemented.
To obtain risk value then we use a risk matrix values as shown in Table 3, which adopted from ISO 27 005: 2011. For example, asset X with a value of 2 or Medium (M), with the threat of the possibility of threat Y with High category (value 2) and the vulnerability of asset X to Y is Z with the threat level M with a value of 1. Therefore, the value of the risk is = X + Y + Z = 2 + 2 + 1 = 5.
After getting the value of risk then that value be categorized into three namely Low Risk (value rsiko 0-2), Medium Risk (3-5) and High Risk (6-8) [4].

Table 3. Risk Value Matrix in ISO 27005:2011 Likehood of occurence-Threat Low Medium High Ease Of Exploitation L M H L M H L M