Dasar Audit 2
Dasar Audit 2
Dasar Audit 2
AUDIT
Pertemuan 2
Pitrasacha Adytia, S.T., M.T.
STMIK WICIDA
THREATS DUE TO CYBERCRIME
• Step
• RISK ASSESMENT
RISK RE
EVALUATION • RISK MITIGATION
• RISK RE-EVALUATION
RISK ASSESMENT
• Risk assessment is a step in the risk management procedure
• Risk assessment is the determination of quantitative or qualitative value of the risk related
to a concrete situation and a recognized threat
• Identification of threats and vulnerabilities in the system
• Potential impact or magnitude of harm that a loss of CIA, would have on enterprise
operations or enterprise assets, should an identified vulnerability be exploited by a threat;
• The identification and analysis of security controls for the information system.
RISK ASSESMENT
• Risk assessment is the analysis of threats to resources (assets) and the determination of the
amount of protection necessary to adequately safeguard the resources, so that vital systems,
operations, and services can be resumed to normal status in the minimum time in case of a
disaster
1. Define Impact
2. Define Probability Having Risk
3. Risk Matrix
4. Rate The Risk
RISK ASSESSMENT 1 : DEFINE IMPACT
Maginuted Of Impact Impact Definition
High may result in the highly costly loss of major tangible assets or
resources
may significantly violate, harm, or impede an organization’s
mission, reputation, or interest;
may result in human death or serious injury.
Medium may result in the costly loss of tangible assets or resources
may violate, harm, or impede an organization’s mission, reputation,
or interest;
may result in human injury.
Low may result in the loss of some tangible assets or resources
may noticeably affect an organization’s mission, reputation, or
interest.
Impact Definition
People Multiple Fatalities or Permanent Disability
5 Asset Extensive Damage
Major Operation Critical Failure Preventing core Activities from being performed
Environment Massive and long term impact
People Single Fatality or permanent Total Disablity
4 Asset
Operation
Serious and Major Damage
Breakdown of key activities leading to reduction performance
Serious
Environment Major and mid term impact
1 Asset
Operation
Serious and Major Damage
Breakdown of key activities leading to reduction performance
Negligible
Environment Major and mid term impact
RISK ASSESSMENT 2 DEFINE PROBABILITY
HAVING RISK
Probability Definition
Probability 5. Probable 1 2 3 4 5
4. Likely 2 4 6 8 10
3. Possible 3 5 9 12 15
2. Unlikely 4 8 12 16 20
1. Very Unlikely 5 10 15 20 25
RISK ASSESSMENT 4 RATE THE RISK
IMPACT
Probability 5. Probable 1 2 3 4 5
4. Likely 2 4 6 8 10
3. Possible 3 5 9 12 15
2. Unlikely 4 8 12 16 20
1. Very Unlikely 5 10 15 20 25
1-6 : Low Minor issue of little concern with some small disruptions
7-14: Medium Requires attention, inconvenience and risk occur
15-25 : High Requires urgent attention , introduce control to reduce risk
RISK MITIGATION
RISK CONTROL
0% X Eliminate risk is impossible
40% Username + Password + Firewall + Encryption
+ Biometrics
50% Username + Password + Firewall + Encryption
• Risk assumption
• Risk avoidance
• Risk limitation
• Risk planning
• Research and Acknowledge
• Risk Transference
RISK MITIGATION STRATEGY
RISK RE EVALUATION
• Time Driven
• 6 months or 1 Year
• Event Driven
• Environment Change
• Environment Change
• Something change within organization
• Government Regulation
• Natural Disaster