Risk Assesment in BINUS - A Discussion on What can Stop Business from ERP Perspective

Risk mitigation :

1. Confidentiality:

• · Keylogger might applied to the website so the fraudster can record the username and password typed by user : Use On Screen Keyboard and Anti-Keylogger

• · Internal information theft – from Staff to staff or trading to competitors : Double layered verification for internal data transaction to external devices or sources, e.g. using unique code for every custodian so anyone did data transaction could be traced by the code

• · Hacking to accounts might occured : Do penetration test periodically to see any holes and update the system security

• · Password made by Staff too familiar to their behavior so it is easily can be guessed or discover from close persons : Use password that is difficult, mix upper and lower case and characters also helps. E.g. andialfani to è 4n12iAlF4n1

• · Shoulder surfing migth happened while Staff is entering the password not alone or in a secured place : hide the characters in password with symbols. E.g 4n12iAlF4n1

2. Integrity:

• · Virus injection via USB data transaction : “no external device plug in” policy. This term is usually used to prevent virus or data theft. Every data transaction can be done via online such as email, platform, etc

• · False data entry on purpose to break the first security layer (hacking without external application/ program) : Use CAPTCHA to prevent attackers from entering the ERP system

• · Script kiddy attempt by renagades : Block any script writing media (backdoor, command prompt, etc)

• · Lost connection in data entry process cause failure data updates : Can be refreshed after the user get connection back

• · System update from maintenance cause broken data : The system should be always thoroughly checked before release

3. Availability :

• · Natural Disaster on server room – Flood, Tsunami, etc : The server room is in a building and on higher level of ground so it might not be flooded, or place it to another area

• · Data locked caused by malware attack e.g. Ransomeware Wannacry : Make a team who expertise in breaking malware for worst case event (incident or disaster)

• · Some features sometimes cannot be reached without any reasons, e.g. mail : Refresh connection to check if it is caused by the fail network

• · Files stored in the account may not be available to other Staffs when needed : only authorized persons can see to other data

• · Unstable connection cause data cannot be accessed : It should can be accessed with html version, there should be an option appear to change into html version if the connection down

- In collaboration with Angelica -