OCTAVE ALLEGRO FRAMEWORK PROCESS IMPROVEMENT IN DETERMINING INFORMATION ASSET RISK MITIGATION PRIORITIES USING MULTI-CRITERIA DECISION MAKING (MCDM) METHOD

OCTAVE ALLEGRO FRAMEWORK PROCESS IMPROVEMENT IN DETERMINING INFORMATION ASSET RISK MITIGATION PRIORITIES USING MULTI-CRITERIA DECISION MAKING (MCDM) METHOD

The OCTAVE Allegro is one of the frameworks that provides clear, step-by-step guidance for the information security risk assessment process. This framework is also equipped with a worksheet, making it easier for both large and small organizational leaders to identify potential risks within their...

Full description

Saved in:
Bibliographic Details
Main Author: Yuli Pratiwi, Annisa
Format: Theses
Language:Indonesia
Online Access:https://digilib.itb.ac.id/gdl/view/80135
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Institut Teknologi Bandung
Language: Indonesia
Description
Summary:The OCTAVE Allegro is one of the frameworks that provides clear, step-by-step guidance for the information security risk assessment process. This framework is also equipped with a worksheet, making it easier for both large and small organizational leaders to identify potential risks within their organizations. However, the framework lacks a measurable mechanism for determining information security risk mitigation priorities. As a solution to this issue, research has been conducted to combine the OCTAVE Allegro framework with two Multi- Criteria Decision Making (MCDM) methods: Simple Additive Weighting (SAW) and Analytic Hierarchy Process (AHP). The combination of OCTAVE Allegro- MCDM has generated a better list of information security risk mitigation priorities than using only a relative risk matrix. Nevertheless, further improvement and examination using other MCDM methods is still needed. To complement previous research, this study reanalyzes the performance of the SAW method and three other MCDM methods—WPM, TOPSIS, and VIKOR—to generate a prioritized list of risk mitigation. The risk data used in this study were obtained from the BPS Provinsi Kalimantan Utara as a case study object through online questionnaire submissions. From the collected data, 24 lists of information security risks were processed using the four examined MCDM methods. The risk ranking results from these methods tend to be similar or not significantly different. This is proven by the similarity analysis results using the Pearson correlation method, which shows correlation values above 0.9 or close to 1 for each pair of MCDM methods. Additionally, sensitivity analysis on the model revealed that the criteria weight values significantly influence the ranking results. Furthermore, the same analysis indicates that the combination of OCTAVE Allegro-WPM is the most robust model compared to the other three methods.

Similar Items