PEMERINGKATAN RISIKO KEAMANAN SISTEM JARINGAN KOMPUTER POLITEKNIK KOTA MALANG MENGGUNAKAN CVSS DAN FMEA
Betta Wahyu Retna Mulya(1*); Avinanta Tarigan(2);
(1) Universitas AMIKOM
(2) Universitas Gunadarma
(*) Corresponding Author
AbstractThe vulnerability of a computer network system is a weakness, lack or hole in the system, which can be exploited by attackers to carry out an attack that may endanger the confidentiality, integrity or availability of a system. The filling process requires a security vulnerability analysis according to the severity to determine the priority scales of handling. The analysis used in determining priority scales of handling is the combination of CVSS and FMEA-based analysis method. The analysis result from both methods shows that the numbers of risk priority and vulnerability become a benchmark in risk prioritizing and mitigation the risk to Politeknik Kota Malang party, with the priority order: ‘Singa’, ‘Sierra’, ‘Dino’, and ‘Leopard’. The priority scales show that the vulnerability levels, that must be handled, have number range between 40% up to 60%. The combination of CVSS and FMEA methods can determine the handling level based on the potential impacts caused by the vulnerability in computer network system of Politeknik Kota Malang. Keywordsnetwork computer system; vulnerability; CVSS; FMEA; mitigation
|
Full Text:PDF |
Article MetricsAbstract view: 1217 timesPDF view: 1194 times |
Digital Object Identifierhttps://doi.org/10.33096/ilkom.v10i2.311.190-200 |
Cite |
References
F. Masykur, "ANALISIS VULNERABILITY WEB BASED APPLICATION MENGGUNAKAN NESSUS", Prosiding SENATEK, Fakultas Teknik, Universitas Muhammadiyah Purwokerto, p. 320-326, 2015.
F. Li, Q. Huang, J. Zhu, and Z. Peng, “Network Security Risk Assessment Based on Item Response Theory,” Proceedings of the 8th International Conference on Mobile Multimedia Communications, 2015.
G. Spanos and L. Angelis, “Impact Metrics of Security Vulnerabilities: Analysis and Weighing,” Information Security Journal: A Global Perspective, vol. 24, no. 1-3, pp. 57–71, Mar. 2015..
C. McNab, Network security assessment: know your network, 2nd ed. Sebastopol, CA: OReilly, 2017.
K. Ankunda, " The Application Of The Pareto Principle In Software Engineering", pp. 1-12, 2011.
“Penetration Testing for IT Infrastructure,” Core Security, 11-Dec-2017. [Online]. Available: https://www.coresecurity.com/content/penetration-testing. [Accessed: 27-Jan-2018].
Refbacks
- There are currently no refbacks.
Copyright (c) 2018 Betta Wahyu Retna Mulya, Avinanta Tarigan
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.