Risk Management Design and Analysis on Agile Development Project using ISO 31000 Integrated with ISO 27005: A Case Study of SiREV Application
|
Keywords:
Agile Method, Information Security, Risk Management, ISO 31000:2018, ISO 27005:2018
AbstractImplementing e-government in Indonesia, one example of technology adoption in the government sector is the digitalization of business processes within government agencies. SiREV application is an information system used by auditor XYZ Agency in carrying out business processes in the field of supervision. In developing this application, the agile method was chosen to accommodate several reasons starting from requirements that could not be determined at the beginning of the work implementation and changes to the application in the future that needed to be made to adapt to needs. Several obstacles are encountered in its implementation which are the familiarity of using agile methods and the security of the information while developing it. To conduct this research, we use ISO 31000:2018 and ISO 27005:2018 framework to assess the risks. This study aims to assess risk in agile project with ISO 31000 and ISO 27005 so that XYZ Agency has a design of risk management related to agile implementation in project development and information security. The results of this research showed that 24 risks were identified, consisting of 11 risks related to agile implementation and 13 risks related to information security. After doing risk evaluation from these 24 risks, 13 risks need to be handled because they are outside the organization's risk appetite, while the other 11 risks do not need to be handled because they are within the organization's risk appetiteDownloads
Download data is not yet available.
ReferencesPresiden Republik Indonesia. (2018). Peraturan Presiden Nomor 95 Tahun 2018 tentang Sistem Pemerintahan Berbasis Elektronik. Buganová, K., & Šimíčková, J. (2019). Risk management in traditional and agile project management. Transportation Research Procedia, 40, 986-993. https://doi.org/10.1016/j.trpro.2019.07.138 Lunesu, M. I., Tonelli, R., Marchesi, L., & Marchesi, M. (2021). Assessing the risk of software development in agile methodologies using simulation. IEEE Access, 9, 134240-134258. https://doi.org/10.1109/ACCESS.2021.3115941 Tavares, B. G., da Silva, C. E. S., & de Souza, A. D. (2019). Risk management analysis in Scrum software projects. International Transactions in Operational Research, 26(5), 1884-1905. https://doi.org/10.1111/itor.12401 Elbanna, A., & Sarker, S. (2015). The risks of agile software development: learning from adopters. IEEE Software, 33(5), 72-79. https://doi.org/10.1109/MS.2015.150 Andrat, H., & Jaswal, S. (2015, December). An alternative approach for risk assessment in Scrum. In 2015 International Conference on Computing and Network Communications (CoCoNet) (pp. 535-539). IEEE. https://doi.org/10.1109/CoCoNet.2015.7411239 Khurana, S. K., & Wassay, M. A. (2023, April). Towards Challenges Faced in Agile Risk Management Practices. In 2023 International Conference on Inventive Computation Technologies (ICICT) (pp. 937-942). IEEE. https://doi.org/10.1109/ICICT57646.2023.10134188 Rampini, G. H. S., Takia, H., & Berssaneti, F. T. (2019). Critical success factors of risk management with the advent of ISO 31000 2018-Descriptive and content analyzes. Procedia Manufacturing, 39, 894-903. https://doi.org/10.1016/j.promfg.2020.01.400 Syihabuddin, A., Suryanto, Y., & Salman, M. (2019). Risk Management in Data Centers Using ISO 31000 Case Study: XYZ Agency. The 1st STEEEM 2019, 1(1), 341-352. Anes, V., Abreu, A., & Santos, R. (2020, July). A new risk assessment approach for agile projects. In 2020 International Young Engineers Forum (YEF-ECE) (pp. 67-72). IEEE. https://doi.org/10.1109/YEF-ECE49388.2020.9171808 Peciña, K., Estremera, R., Bilbao, A., & Bilbao, E. (2011, October). Physical and Logical Security management organization model based on ISO 31000 and ISO 27001. In 2011 Carnahan conference on security technology (pp. 1-5). IEEE. https://doi.org/10.1109/CCST.2011.6095894 SNI ISO_IEC 27005: 2022. (2023). Recker, J. (2021). Scientific research in information systems: a beginner's guide. Springer Nature. Al Fikri, M., Putra, F. A., Suryanto, Y., & Ramli, K. (2019). Risk assessment using NIST SP 800-30 revision 1 and ISO 27005 combination technique in profit-based organization: Case study of ZZZ information system application in ABC agency. Procedia Computer Science, 161, 1206-1215. https://doi.org/10.1016/j.procs.2019.11.234 Putra, I. M. M., & Mutijarsa, K. (2021). Designing information security risk management on bali regional police command center based on ISO 27005. In 2021 3rd East Indonesia Conference on Computer and Information Technology (EIConCIT) (pp. 14-19). IEEE. https://doi.org/10.1109/EIConCIT50028.2021.9431865 Zahedi, M. H., Kashanaki, A. R., & Farahani, E. (2023). Risk management framework in Agile software development methodology. International Journal of Electrical & Computer Engineering (2088-8708), 13(4). https://doi.org/10.11591/ijece.v13i4.pp4379-4387 CMMI Product Team. (2016). A Guide to Scrum and CMMI®: Improving Agile Performance with CMMI. CMMI Institute. |
Published
2024-12-31
Section
Articles
How to Cite
Sinulingga, R. M. A., Raharjo, T., & Trisnawaty, N. W. (2024). Risk Management Design and Analysis on Agile Development Project using ISO 31000 Integrated with ISO 27005: A Case Study of SiREV Application. Jurnal Informatika Ekonomi Bisnis, 6(4), 815-821. https://doi.org/10.37034/infeb.v6i4.1053
 This work is licensed under a Creative Commons Attribution 4.0 International License. |
