PEMERINGKATAN RISIKO KEAMANAN SISTEM JARINGAN KOMPUTER POLITEKNIK KOTA MALANG MENGGUNAKAN CVSS DAN FMEA


Betta Wahyu Retna Mulya(1*); Avinanta Tarigan(2);

(1) Universitas AMIKOM
(2) Universitas Gunadarma
(*) Corresponding Author

  

Abstract


The vulnerability of a computer network system is a weakness, lack or hole in the system, which can be exploited by attackers to carry out an attack that may endanger the confidentiality, integrity or availability of a system. The filling process requires a security vulnerability analysis according to the severity to determine the priority scales of handling. The analysis used in determining priority scales of handling is the combination of CVSS and FMEA-based analysis method. The analysis result from both methods shows that the numbers of risk priority and vulnerability become a benchmark in risk prioritizing and mitigation the risk to Politeknik Kota Malang party, with the priority order: ‘Singa’, ‘Sierra’, ‘Dino’, and ‘Leopard’. The priority scales show that the vulnerability levels, that must be handled, have number range between 40% up to 60%. The combination of CVSS and FMEA methods can determine the handling level based on the potential impacts caused by the vulnerability in computer network system of Politeknik Kota Malang.


Keywords


network computer system; vulnerability; CVSS; FMEA; mitigation

  
  

Full Text:

PDF
  

Article Metrics

Abstract view: 1114 times
PDF view: 1124 times
     

Digital Object Identifier

doi  https://doi.org/10.33096/ilkom.v10i2.311.190-200
  

Cite

References


F. Masykur, "ANALISIS VULNERABILITY WEB BASED APPLICATION MENGGUNAKAN NESSUS", Prosiding SENATEK, Fakultas Teknik, Universitas Muhammadiyah Purwokerto, p. 320-326, 2015.

F. Li, Q. Huang, J. Zhu, and Z. Peng, “Network Security Risk Assessment Based on Item Response Theory,” Proceedings of the 8th International Conference on Mobile Multimedia Communications, 2015.

G. Spanos and L. Angelis, “Impact Metrics of Security Vulnerabilities: Analysis and Weighing,” Information Security Journal: A Global Perspective, vol. 24, no. 1-3, pp. 57–71, Mar. 2015..

C. McNab, Network security assessment: know your network, 2nd ed. Sebastopol, CA: OReilly, 2017.

K. Ankunda, " The Application Of The Pareto Principle In Software Engineering", pp. 1-12, 2011.

“Penetration Testing for IT Infrastructure,” Core Security, 11-Dec-2017. [Online]. Available: https://www.coresecurity.com/content/penetration-testing. [Accessed: 27-Jan-2018].


Refbacks

  • There are currently no refbacks.


Copyright (c) 2018 Betta Wahyu Retna Mulya, Avinanta Tarigan

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.