Implementation Octave-S and Iso 27001controls in Risk Management Information Systems


  • Stephanus Stephanus Bina Nusantara University



risk management, ISO/EIC 27001, 2005, OCTAVE-S, risk assesment


Extensive use of information technology in companies put IT into a position which is of considerable concern, especially in large companies that put IT becomes a strategic part of the company. The importance of IT division, make the companies willing to pay big to get the benefits offered by IT itself, but on the other hand appears disappointment incurred from investments are not comparable with the results obtained. Until the threat appear and disrupt the business of the company. By doing risk management using the OCTAVE-S, particularly in smaller companies, can help companies to be growing, the company can find out the weaknesses and threats that may arise that could disrupt the company's business, helped by the standard controls that are owned by the ISO / EIC 27001 : 2005 helps companies to prepare implement ISO / EIC 27001:2005 later.


Plum Analytics


Alberts, C., Dorofee, A., Stevens, J., Woody, C. (2005). OCTAVE®-S Implementation Guide, Version 1.0. USA: Carnegie Mellon University.

Backhouse, J., Hsu, C. W., Silva, L. (2006). Circuits of power in creating de jure standards: Shaping an international information systems security standard. MIS Quarterly , 413-438.

Barlette, Y. (2006). Les comportements sécuritares des acteurs dans les systémes d'information despme. Université de Montpellier I .

Bornman, W., Labuschagne, L. (2004). A Comparative framework for evaluating information security risk management methods. Standard Bank Academy for Information Technology.

Coleman, J. (2004). Assessing Information Security Risk in Healthcare Organizations of Different Scale. Proceedings of the 18th International Congress and Exhibition, 125-130, Elsevier.

ENISA. (2006). Risk Management: Implementation principles and Inventories for Risk Management/Risk Assessment methods and tools. USA: ENISA.

Humfreys, T. (2005). State-of-the-art information security management system with ISO/IEC 27001:2005. ISO Management Systems, 15-18.

ISO, & EIC. (2005). International Standard, Information Technology - Security Techniques - Information Security Management System - Requirements. London: British Standard


Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC 17799. Information Management Journal, IV, 60-66.

Stoneburner, G., Goguen, A., Feringa, A. (2002). Risk Management Guide for Information Technology Systems. USA: National Institute of Standards and Technology.






Abstract 496  .
PDF downloaded 741  .