Information Security Risk Assessment and Mitigation Prioritization at the Naval Base Data Center Using the OCTAVE Allegro Framework Combined with the Delphi Method

Hadi Mardiyanto; Yoyok Nurkarya S; Hadi Prasutiyon

doi:10.55927/ijis.v4i5.278

Authors

Hadi Mardiyanto STTAL Bumimoro
Yoyok Nurkarya S STTAL Bumimoro
Hadi Prasutiyon Hang Tuah University

DOI:

https://doi.org/10.55927/ijis.v4i5.278

Keywords:

Information Security, Risk Assessment, OCTAVE Allegro, Delphi Method, ISO/IEC 27002:2022, Data Center

Abstract

The purpose of this study is to analyze potential risks that may threaten the security of the Naval Base Data Center, a facility crucial to supporting naval operational tasks. Risk assessment was conducted using the OCTAVE Allegro framework integrated with the Delphi method, and mitigation steps were formulated in accordance with ISO/IEC 27002:2022 to ensure effective risk management. Fifteen information‐security experts participated via the Delphi process to identify fourteen principal risk factors affecting data confidentiality, integrity, and availability. The analysis revealed that the greatest risks stem from cyber threats—particularly ransomware attacks—and unauthorized administrative access. Based on the risk evaluation, recommended mitigations include strengthening security controls, updating hardware and software infrastructure, and providing ongoing personnel training. It is anticipated that these findings will offer a more systematic guide for managing information‐security risks at naval data centers and will reinforce safeguards to support more secure operational continuity

References

27002:2013, I. (2013). ISO 27002 : 2013 Code of practice for information security controls ISO 27002 : 2013 Code of practice for information security controls. 1–114.

Almanasreh, E., Moles, R., & Chen, T. F. (2018). Research in Social and Administrative Pharmacy Evaluation of methods used for estimating content validity. Research in Social and Administrative Pharmacy, xxxx, 0–1. https://doi.org/10.1016/j.sapharm.2018.03.066

Annisa Y. (2024). PERBAIKAN PROSES PENENTUAN PRIORITAS MITIGASI RISIKO ASET INFORMASI PADA KERANGKA KERJA OCTAVE ALLEGRO MENGGUNAKAN METODE MULTI-CRITERIA DECISION MAKING (MCDM).

Aulia Faradilla Setyowardhani, Ida Nurlela, Jenyta Primaranti, V., & Ghrandiaz, Y. (2023). Analisis Resiko Keamanan Informasi Website Repository Digital Library Menggunakan Framework ISO/IEC 27001 & 27002: Studi Kasus Perguruan tinggi X. Jurnal Riset Multidisiplin Dan Inovasi Teknologi, 2(01), 327–373. https://doi.org/10.59653/jimat.v2i01.500

Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research, 253(1), 1–13. https://doi.org/https://doi.org/10.1016/j.ejor.2015.12.023

Budarsa, N., Indrawan, G., & Gunadi, A. (2022). ANALISIS RISIKO KEAMANAN INFORMASI MENGGUNAKAN METODE OCTAVE ALLEGRO DAN ANALYTICAL HIRARCHY PROCESS PADA DATA CENTER PEMERINTAH KABUPATEN BULELENG. Jurnal Ilmu Komputer Indonesia (JIK), 7(1).

Buzan, B. (2008). People, States & Fear: An agenda for international security studies in the post-Cold War period: An Agenda for International Security Studies in the Post-cold War Era (ECPR Classics). 311. http://www.amazon.co.uk/People-States-Fear-international-International/dp/0955248817

Caralli, R. A., Stevens, J. F., Young, L. R., & Wilson, W. R. (2007). The OCTAVE Allegro Guidebook, v1.0. http://www.sei.cmu.edu/publications/pubweb.html

Christian, L. (2015). Model Application of Accounting Information Systems of Spare Parts Sales and Purchase on Car Service Company. ComTech: Computer, Mathematics and Engineering Applications, 6(3), 371. https://doi.org/10.21512/comtech.v6i3.2227

Flanagan, T., Ashmore, R., Banks, D., & MacInnes, D. (2016). The Delphi method: Methodological issues arising from a study examining factors influencing the publication or non-publication of mental health nursing research. Mental Health Review Journal, 21(2), 85–94.

Ginting, A.J.B., Rahmadani, D., Sembiring, M.L., Saragih, L.S., & Putriku, A. E. (2024). Kemajuan Teknologi Informasi dalam Perkembangan Bisnis Global Advances in Information Technology in Global Business Development. Perkembangan Bisnis Global. Jurnal Kreativitas Ilmiah Mahasiswa, 2(4), 71–79.

Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Trans. Inf. Syst. Secur., 5(4), 438–457. https://doi.org/10.1145/581271.581274

Gunduz, M., & Elsherbeny, H. A. (2020). Operational framework for managing construction-contract administration practitioners’ perspective through modified Delphi method. Journal of Construction Engineering and Management, 146(3), 4019110.

Istiningrum, A. A. (2012). Implementasi Penilaian Risiko Dalam Menunjang Pencapaian Tujuan Instansi Pendidikan. Jurnal Pendidikan Akuntansi Indonesia, 9(2). https://doi.org/10.21831/jpai.v9i2.963

Kaplan, R. S., Mikes, A., & others. (2012). Managing risks: a new framework. Harvard Business Review, 90(6), 48–60.

Karakikes, I., & Nathanail, E. (2020). Using the delphi method to evaluate the appropriateness of urban freight transport solutions. Smart Cities, 3(4), 1428–1447. https://doi.org/10.3390/smartcities3040068

Knight, F. H. (1921). RISK, UNCERTAINTY AND PROFIT. In Die 100 wichtigsten Werke der Ökonomie (pp. 108–109). https://doi.org/10.34156/9783791046006-108

Lakmini, N., Reilly, G. O., Cameron, P., & Alwis, S. De. (2023). International Journal of Disaster Risk Reduction Developing a hospital disaster preparedness evaluation tool for Sri Lanka - A modified Delphi study. International Journal of Disaster Risk Reduction, 95(July), 103866. https://doi.org/10.1016/j.ijdrr.2023.103866

Lee, J., Lee, S. H., & Chang, G. T. (2020). Expert consensus on the development of a health-related questionnaire for the pediatric field of Korean medicine: a Delphi study. BMC Complementary Medicine and Therapies, 20, 1–13.

Marisa, R. da silva; R. de C. (2021). Contributions of the Delphi technique to the validation of an occupational therapy assessment in the visual impairment field 1. Brazillian Journal of Occupational Theraphy, 1–15.

Mintrom, M. (2015). Herbert A . Simon , Administrative Behavior : A Study of Decision-Making. January 2016, 1–11. https://doi.org/10.1093/oxfordhb/9780199646135.013.22

Nurul, S., Shynta Anggrainy, & Siska Aprelyani. (2022). Faktor-Faktor Yang Mempengaruhi Keamanan Sistem Informasi: Keamanan Informasi, Teknologi Informasi Dan Network (Literature Review Sim). Jurnal Ekonomi Manajemen Sistem Informasi, 3(5), 564–573. https://doi.org/10.31933/jemsi.v3i5.992

Okoli, C., & Pawlowski, S. D. (2004). The Delphi method as a research tool: An example, design considerations and applications. Information and Management, 42(1), 15–29. https://doi.org/10.1016/j.im.2003.11.002

Pangestu, D. W. (2007). Teori Dasar Sistem Informasi Manajemen (SIM). IlmuKomputer. Com.

Parker, D. B. (1998). Fighting computer crime: a new framework for protecting information. John Wiley & Sons, Inc.

Prajanti, A. D., & Ramli, K. (2020). A Proposed Framework for Ranking Critical Information Assets in Information Security Risk Assessment Using the OCTAVE Allegro Method with Decision Support System Methods.

Puriwigati, A. N., & Buana, U. (2020). Sistem Informasi Manajemen-Keamanan Informasi. Jakarta. Retrieved Mei, 20, 2022.

Ramjanati, P., Kurnia Wijaya, F., & Son Muarie, M. (2021). Penilaian Risiko Keamanan Informasi Menggunakan Octave Allegro: Studi Kasus pada Perguruan Tinggi. 7(1).

Ramke, J., Evans, J. R., Habtamu, E., Mwangi, N., Silva, J. C., Swenor, B. K., Congdon, N., Faal, H. B., Foster, A., & Friedman, D. S. (2022). Grand Challenges in global eye health: a global prioritisation process using Delphi method. The Lancet Healthy Longevity, 3(1), e31–e41.

Roya, F., & Behrooz, F. (2017). Item Selection and Content Validity of the Risk Factors of Post-Intubation Tracheal Stenosis Observation Questionnaire for ICU-Admitted Patients Study design. 16(1), 22–33.

Stancine, K., Rocha, S., Silvestre, C. C., Maria, E., Jesus, S. De, Pereira, D., & Júnior, D. L. (2019). Development and content validation of an instrument to support pharmaceutical counselling for dispensing of prescribed medicines. September 2018, 1–8. https://doi.org/10.1111/jep.13102

Vuda, K. V., & Sarwat, A. I. (2023). Cyber-Secure Critical Infrastructure. 1–26.

Widyaksa, A., Subakti, U., Suharyo, O. S., Purnomo, J., & Susilo, A. K. (2024). Impact Assessment Of Minimum Essential Force ( MEF ) Achievement Of Indonesian Navy Using Integrated Delphi-Ahp-Topsis. Jurnal Maritime Research.