IT Risk Management Based on ISO 31000 and OWASP Framework using OSINT (Case Study: Election Commission of X City)
Anak Agung Bagus Arya Wiradarma
No video of the event yet, sorry!
The rapid development of information and technology is leading to access and mobility escalation. One of them is the application of the website by Election Commission of X City institution as a media for deploying information to the public and managing voter data on the their website address. As a website that stores sensitive data, risk management processes are needed to improve the level of website security. Website security testing can be done with penetration testing methods. The supporting framework used in this method is OWASP Testing Guide Version 4 which has eleven stages with coverage of security and protection aspects of a website. The security testing is carried out technically using tools / software. Tools with the concept of Open Source Intelligence (OSINT) are used to get better access and availability by using the characteristics of open source. The results of penetration testing will get a security gap which will then be assessed using the ISO 31000 Framework, with three stages of risk assessment including risk identification, risk analysis, and risk evaluation to manage risk management processes and produce recommendations furthermore. The main significance & value of this research is finding the best and effective way to create IT risk management guidelines together with a combination analysis of the OWASP & ISO 31000 Framework, and the application of the OSINT concept. The testing results produces eleven risk points with a high level, fifteen risk points with a medium level, and six risk points with a low level.
- Date:
- Duration:
- 30 min
- Room:
- Conference:
- openSUSE Summit Dublin
- Language:
- English
- Track:
- Open Source Talk
- Difficulty:
- Medium