首页    期刊浏览 2024年12月12日 星期四
登录注册

文章基本信息

  • 标题:IT Risk Management Based on ISO 31000 and OWASP Framework using OSINT at the Information Gathering Stage (Case Study: X Company)
  • 本地全文:下载
  • 作者:Anak Agung Bagus Arya Wiradarma ; Gusti Made Arya Sasmita
  • 期刊名称:International Journal of Computer Network and Information Security
  • 印刷版ISSN:2074-9090
  • 电子版ISSN:2231-4946
  • 出版年度:2019
  • 卷号:11
  • 期号:12
  • 页码:17-29
  • DOI:10.5815/ijcnis.2019.12.03
  • 出版社:MECS Publisher
  • 摘要:The major IT developments lead to speed and mobility elevation of information access. One of them is using the website to share and gather information. Therefore, the mobility and information disclosure create a harmful vulnerability. Which is the leakage of information, whether organizational or sensitive information, such as bank accounts, phone number and many more. Security testing is necessarily needed on website usage. One of the website security testing method is penetration testing. Supporting framework that can be used in this method is OWASP Testing Guide Version 4. OTG Version 4 has 11 stages cover all aspects of website protection and security. Security testing is nicely done using tools / software. Tools with the concept of OSINT (Open Source Intelligence) are used to get better access and availability by using the characteristics of open source. The IT risk assessment analysis carried out by ISO 31000 framework and based on the results that have been obtained through penetration testing with OWASP framework. Significance & values of this research is finding the best and effective way to making IT risk management guidelines along with the combination of with OWASP & ISO 31000 framework, by doing website security assessment with penetration testing method based on OWASP framework to get the system vulnerabilities and analyze the risks that appears with the ISO 31000 framework. Also, the IT risk management guidelines consist of system improvement recommendations along with evaluation report which obtained from the collaboration analysis the OSINT concept, penetration testing methods, OWASP and ISO 31000 framework..
  • 关键词:Information Gathering;OSINT;OWASP;Penetration Testing;ISO 31000
国家哲学社会科学文献中心版权所有