Development of Application Security Standard for Compliance to Information Security Standard, PT. XYZ, Jakarta

Siagian, Irwin Lawrencius and Lukas, Lukas and Lim, Charles (2016) Development of Application Security Standard for Compliance to Information Security Standard, PT. XYZ, Jakarta. Masters thesis, Swiss German University.

[img]
Preview
Text
Irwin Siagian 22014112 TOC.pdf

Download (1MB) | Preview
[img] Text
Irwin Siagian 22014112 1.pdf
Restricted to Registered users only

Download (1MB)
[img] Text
Irwin Siagian 22014112 2.pdf
Restricted to Registered users only

Download (3MB)
[img] Text
Irwin Siagian 22014112 3.pdf
Restricted to Registered users only

Download (2MB)
[img] Text
Irwin Siagian 22014112 4.pdf
Restricted to Registered users only

Download (6MB)
[img] Text
Irwin Siagian 22014112 5.pdf
Restricted to Registered users only

Download (328kB)
[img]
Preview
Text
Irwin Siagian 22014112 Ref.pdf

Download (676kB) | Preview

Abstract

Application is a critical part on business process. Unfortunately, most of organization only concern with security control on infrastructure and general security control on logical access. There are many threats to application exist today that targeted the confidentiality, integrity, and availability of data especially on internet application. Security control on infrastructure and logical access is not enough to ensure the information or data is well protected on business process. Application security becomes a very important aspect in order to defence or protecting sensitive data, assets, and reputation against threats to business process. To ensure the security on the application from design phase until production phase, it is needed a standard that contains a security requirements for application and it is called Application Security Standard. To develop an application security standard, author using a hybrid threat modeling analysis process to identify and categorize threats on application. Also, with threat modeling analysis, security control against threats can be defined. Hybrid threat modeling is a combination and modification from some threat modeling process.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Application; Application Security Standard; Hybrid Threat Modeling; Threat; STRIDE; OWASP; Data Flow Diagram
Subjects: T Technology > T Technology (General) > T58.5 Information technology
Divisions: Faculty of Engineering and Information Technology > Department of Information Technology
Depositing User: Atroridho Rizky
Date Deposited: 13 Jul 2020 14:53
Last Modified: 13 Jul 2020 14:53
URI: http://repository.sgu.ac.id/id/eprint/1143

Actions (login required)

View Item View Item