An Information System Risk Management of a Higher Education Computing Environment

Artika Arista, Khairun Nisa Meiah Ngafidin


Cyber risks, data loss or data leakage, loss exposure are one of the most customer and business significant threats. Those data contained information and were stored in electronic form that made them vulnerable to be hacked. The major target of hackers intruding is the higher education institutions. Therefore, many organizations perform information system risk management to identify their weaknesses and enforce the security of their system. The study aims to identify, analyze, and measure the risks associated with information systems specifically evolve in the higher education sector environment. Then it provides solutions and recommendations for the higher education sector to improve the quality of their information systems. Information system risk management was performed in the computing environment of the Faculty of Medicine, X University. It was conducted using the OCTAVE Allegro framework. The framework can streamline and optimize the information system risk management process through eight steps and various worksheets and questionnaire sheets for guidelines. After completing all the required data, the analysis was conducted to determine the critical information assets for the organization. The results showed that there were 8 (eight) critical information assets. One of them is the Student Profile. It was continued to be assessed using a chronological approach of information system risk management for improving security awareness and formulating mitigation strategies as the control actions. This paper's analysis and results are expected to contribute to the implementation of information system risk management for real case applications in different sectors.


Information system risk management; OCTAVE Allegro; higher education sector.

Full Text:



J. S. Suroso and M. A. Fakhrozi, “Assessment of Information System Risk Management with Octave Allegro at Education Institution,” in Procedia Computer Science, 2018, vol. 135, pp. 202–213. doi: 10.1016/j.procs.2018.08.167.

G. Strupczewski, “Defining cyber risk,” Safety Science, vol. 135, no. December 2020, 2021, doi: 10.1016/j.ssci.2020.105143.

S. A. Talesh, “Data Breach, Privacy, and Cyber Insurance: How Insurance Companies Act as ‘Compliance Managers’ for Businesses,” Law & Social Inquiry, vol. 43, no. 2, pp. 417–440, 2018.

P. J. O. Management Studies Kuzmenko, O. v Kubálek, J. Bozhenko, V. v Kushneryov, and I. Vida, “An Approach to Managing Innovation to Protect Financial Sector Against Cybercrime,” vol. 24, no. 2, 2021, doi: 10.17512/pjms.2021.24.2.17.

H. Tao et al., “Economic perspective analysis of protecting big data security and privacy,” Future Generation Computer Systems, vol. 98, pp. 660–671, 2019, doi: 10.1016/j.future.2019.03.042.

D. K. Citron and D. Solove, “Risk and Anxiety : A Theory of Data Breach Harms,” Texas Law Review, vol. 96:737, 2018.

M. Setapa, M. Mamat, H. A. Bakar, S. N. S. Yusuf, and S. Kazemian, “Enterprise Risk Management: Impact on Performance of Private Higher Educational Institutions In Malaysia,” Polish Journal of Management Studies, vol. 22, no. 1, pp. 485–501, 2020, doi: 10.17512/pjms.2020.22.1.31.

C. Joshi and U. Kumar, “Information security risks management framework – A step towards mitigating security risks in university network,” Journal of Information Security and Applications, vol. 35, pp. 128–137, 2017, doi: 10.1016/j.jisa.2017.06.006.

L. Paoli, J. Visschers, and C. Verstraete, “The impact of cybercrime on businesses : A novel conceptual framework and its application to Belgium,” Crime, Law and Social Change, 2018.

W. Sardjono, E. Selviyanti, W. G. Perdana, and Maryani, “Modeling of development of performance evaluation on health information systems implementation,” in Journal of Physics: Conference Series, Mar. 2020, vol. 1465, no. 1. doi: 10.1088/1742-6596/1465/1/012025.

T. Hidayat, O. Rukmana, and A. A. Nurrahman, “Design information system of registration and scheduling information laboratory of information systems and the decision of Bandung Islamic University,” in Journal of Physics: Conference Series, Feb. 2020, vol. 1469, no. 1. doi: 10.1088/1742-6596/1469/1/012134.

E. Selviyanti and W. Sardjono, “Risk management information systems assessment at the television broadcasting company,” in Journal of Physics: Conference Series, Mar. 2020, vol. 1465, no. 1. doi: 10.1088/1742-6596/1465/1/012016.

T. Žužek, L. Rihar, T. Berlec, and J. Kušar, “Standard project risk analysis approach,” Business Systems Research, vol. 11, no. 2, pp. 149–158, Oct. 2020, doi: 10.2478/bsrj-2020-0021.

P. F. de A. Lima and C. Verbano, “Project Risk Management Implementation in SMEs: A Case Study from Italy,” Journal of Technology Management & Innovation, vol. 14, no. 1, 2019, [Online]. Available:

H. Očevčić, K. Nenadić, K. Šolić, and T. Keser, “The Impact of Information System Risk Management on the Frequency and Intensity of Security Incidents,” 2017.

O. v. Kondratyeva, O. A. Kondratyeva, and I. A. Kondratev, “The Risk Management Methodology of the Quality Reducing Process of Enterprise Management Information Systems Service Support,” in IOP Conference Series: Earth and Environmental Science, Mar. 2021, vol. 666, no. 6. doi: 10.1088/1755-1315/666/6/062128.

N. M. S. Algheriani, V. D. Majstorovic, S. Kirin, and V. Spasojevic Brkic, “Risk model for integrated management system,” Tehnicki Vjesnik, vol. 26, no. 6, pp. 1833–1840, Nov. 2019, doi: 10.17559/TV-20190123142317.

T. Karkoszka, “Risk Management System in Metallurgical Production,” Metalurgija, vol. 60, no. 1–2, pp. 133–136, 2021.

W. Zhu and Y. Jia, “The Research on Safety Management Information System of Railway Passenger Based on Risk Management Theory,” in IOP Conference Series: Earth and Environmental Science, Jan. 2018, vol. 108, no. 4. doi: 10.1088/1755-1315/108/4/042067.

B. Irvin Lamarca, “Cybersecurity Risk Assessment of the University of Northern Philippines using PRISM Approach,” in IOP Conference Series: Materials Science and Engineering, Jun. 2020, vol. 769, no. 1. doi: 10.1088/1757-899X/769/1/012066.

A. Amini and N. Jamil, “A Comprehensive Review of Existing Risk Assessment Models in Cloud Computing,” in Journal of Physics: Conference Series, Jun. 2018, vol. 1018, no. 1. doi: 10.1088/1742-6596/1018/1/012004.

P. Foroudi, Q. Yu, S. Gupta, and M. M. Foroudi, “Enhancing university brand image and reputation through customer value co-creation behaviour,” Technological Forecasting and Social Change, vol. 138, pp. 218–227, Jan. 2019, doi: 10.1016/j.techfore.2018.09.006.



  • There are currently no refbacks.

Published by INSIGHT - Indonesian Society for Knowledge and Human Development