Individual
Session 01
To be Submitted Week 01
Personal Assignment 1
Session 1
Metode analisis kuantitatif (quantitative analysis method), yaitu metode analisis risiko yang
menggunakan angka numerik untuk menyatakan dampak dan probabilitas. Anda diminta untuk
menjelaskan pendekatan kuantitatif, dilakukan dengan melalui empat proses penting, meliputi:
1. Identifikasi nilai aset (asset value)
2. Penentuan ancaman, kelemahan (vulnerability) dan dampak
3. Perkiraan kecenderungan terjadi (likelihood of exploitation)
4. Perhitungan Annual Loss Exposure (ALE)
Jawab:
Berikut adalah penjelasan mengenai pendekatan kuantitatif dalam analisis risiko yang melibatkan
empat proses penting:
ALE adalah hasil dari perkalian antara nilai aset dengan probabilitas terjadinya ancaman
dan dampaknya. Ini adalah cara untuk menghitung estimasi kerugian tahunan yang
mungkin dialami jika ancaman tersebut terealisasi. ALE menggunakan algoritma enkripsi
otentikasi single-pass online yang menggunakan transformasi putaran AES dan jadwal
kunci AES-128. Ini mendukung data terkait opsional dan bergantung pada penggunaan
nonces untuk keamanan [19].
Dengan melakukan keempat proses ini, analisis risiko kuantitatif dapat memberikan gambaran
yang lebih terperinci dan numerik terkait dengan potensi risiko yang dihadapi, membantu
organisasi untuk mengambil keputusan yang lebih terinformasi dalam mengelola dan
mengurangi risiko yang ada.
References:
[1] E. Yunizal, J. Santoso, and K. Surendro, “Asset Identification in Information Security Risk
Assessment Using Process Mining,” Int J Adv Sci Eng Inf Technol, vol. 12, no. 4, p. 1441, Jul.
2022, doi: 10.18517/ijaseit.12.4.14865.
[2] I. Kotenko, E. Doynikova, A. Fedorchenko, and V. Desnitsky, “Automation of Asset Inventory
for Cyber Security: Investigation of Event Correlation-Based Technique,” Electronics (Basel),
vol. 11, no. 15, p. 2368, Jul. 2022, doi: 10.3390/electronics11152368.
[3] J. Breier and F. Schindler, “Assets Dependencies Model in Information Security Risk
Management,” 2014, pp. 405–412. doi: 10.1007/978-3-642-55032-4_40.
[4] B. Muslim, “Quantitative Risk Analysis of Asset Information Technology at STT Pagaralam,”
Conference SENATIK STT Adisutjipto Yogyakarta, vol. 4, Nov. 2018, doi:
10.28989/senatik.v4i0.186.
[5] S. Toshmatov, I. Yarashov, A. Otakhonov, and A. Ismatillayev, “Designing an algorithmic
formalization of threat actions based on a Functioning table,” in 2022 International
Conference on Information Science and Communications Technologies (ICISCT), IEEE, Sep.
2022, pp. 1–5. doi: 10.1109/ICISCT55600.2022.10146987.
[6] S. Toshmatov, I. Yarashov, A. Otakhonov, and A. Ismatillayev, “Designing an algorithmic
formalization of threat actions based on a Functioning table,” in 2022 International
Conference on Information Science and Communications Technologies (ICISCT), IEEE, Sep.
2022, pp. 1–5. doi: 10.1109/ICISCT55600.2022.10146987.
[7] M. Shen, X. Gao, and M. Peng, “Effects of Malware Attacks on the Cascading Failure of Cyber-
physical Power System,” J Phys Conf Ser, vol. 1624, no. 6, p. 062005, Oct. 2020, doi:
10.1088/1742-6596/1624/6/062005.
[8] A. Kumar, N. Ojha, and N. K. Srivastava, “Factors Affecting Malware Attacks: An Empirical
Analysis,” Purushartha - A Journal of Management , Ethics and Spirituality, vol. 10, no. 02,
Oct. 2017, doi: 10.21844/pajmes.v10i02.10569.
[9] S. Selvaganapathy and S. Sadasivam, “Malware Attacks on Electronic Health Records,” 2021,
pp. 589–599. doi: 10.1007/978-981-33-6981-8_47.
[10] S. Tasmin, A. K. Sarmin, M. Shalehin, and A. K. M. B. Haque, “Combating the Phishing
Attacks,” 2022, pp. 106–137. doi: 10.4018/978-1-7998-9426-1.ch006.
[11] Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing Attacks: A Recent Comprehensive
Study and a New Anatomy,” Front Comput Sci, vol. 3, Mar. 2021, doi:
10.3389/fcomp.2021.563060.
[12] Prof. B. V. Jadhav, Mansi Mahamuni, Akshata Ghodke, Akshata Ghodke, and Vrushali Chavan,
“Detection of DDoS Attack,” International Journal of Advanced Research in Science,
Communication and Technology, pp. 498–500, Mar. 2023, doi: 10.48175/IJARSCT-8872.
[13] G. Nayak, A. Mishra, U. Samal, and B. K. Mishra, “Depth Analysis On DoS & DDoS
Attacks,” in Wireless Communication Security, Wiley, 2022, pp. 159–182. doi:
10.1002/9781119777465.ch9.
[14] X. Huang, “Application of Computer Data Mining Technology Based on AKN Algorithm in
Denial of Service Attack Defense Detection,” Wirel Commun Mob Comput, vol. 2022, pp. 1–
12, Feb. 2022, doi: 10.1155/2022/4729526.
[15] O. Kalugina, I. Barankova, and U. Mikhailova, “Development of a Tool for Modeling Security
Threats of an Enterprise Information System,” in 2020 International Conference on Electrical,
Communication, and Computer Engineering (ICECCE), IEEE, Jun. 2020, pp. 1–5. doi:
10.1109/ICECCE49384.2020.9179449.
[16] S. Boulares, K. Adi, and L. Logrippo, “Insider Threat Likelihood Assessment for Access Control
Systems: Quantitative Approach,” 2017, pp. 135–142. doi: 10.1007/978-3-319-51966-1_9.
[17] P. H. Meland, D. A. Nesheim, K. Bernsmed, and G. Sindre, “Assessing cyber threats for
storyless systems,” Journal of Information Security and Applications, vol. 64, p. 103050, Feb.
2022, doi: 10.1016/j.jisa.2021.103050.
[18] M. Jouini, L. B. A. Rabai, and R. Khedri, “A Multidimensional Approach towards a Quantitative
Assessment of Security Threats,” Procedia Comput Sci, vol. 52, pp. 507–514, 2015, doi:
10.1016/j.procs.2015.05.024.
[19] P. V Shevchenko, J. Jang, M. Malavasi, G. W. Peters, G. Sofronov, and S. Trück, “The nature of
losses from cyber-related events: risk categories and business sectors,” J Cybersecur, vol. 9,
no. 1, Jan. 2023, doi: 10.1093/cybsec/tyac016.