The Octave Allegro Method in Risk Management Assessment of Educational Institutions


  • Jane Hom Ubon Ratchathani University
  • Boonsri Anong Sukhothai Thammathirat Open University
  • Kim Beom Rii Jisan College
  • Lee Kyung Choi University of Miyazaki
  • Kenita Zelina Universitas Raharja



Risk management, Information Systems, Assessment


Risk management is useful in overcoming various problems such as not optimal business processes, the company’s reputation down, financial loss, or bankruptcy of a company. In the application of information systems, most organizations or companies have not noticed the importance of information systems security as well as the assets and impacts that arise. For that, the risk management assessment is used in reducing the errors that occur in the information system of the company's business processes. The risk management assessment is applied to the information system along with its assets in evaluating the possibilities of menaces and vulnerabilities. The Risk management assessment analysis is applied to the academic information system in universities. The result of the risk assessment is the results of recommendations on the stages that need to be done in protecting the assets of information systems and information systems themselves.


P. Hills, “International Journal of Information Management,” Int. J. Inf. Manag. J. Inf. Prof., vol. 26, no. 1, pp. 1–2, 2006.

G. Christakos, Stochastic Environmental Research and Risk Assessment. Springer-Verlag, 1999.

J. A. O’Brien and G. M. Marakas, “Introduction to Information Systems (Vol. 13). New York City.” USA: McGraw-Hill/Irwin, 2005.

A. A. Rampini, S. Viswanathan, and G. Vuillemey, “Risk management in financial institutions,” J. Finance, vol. 75, no. 2, pp. 591–637, 2020.

K. Mhetre, B. A. Konnur, and A. B. Landage, “Risk management in construction industry,” Int. J. Eng. Res, vol. 5, pp. 153–155, 2016.

S. Alhawari, L. Karadsheh, A. N. Talet, and E. Mansour, “Knowledge-based risk management framework for information technology project,” Int. J. Inf. Manage., vol. 32, no. 1, pp. 50–65, 2012.

H. Stewart and J. Jürjens, “Information security management and the human aspect in organizations,” Inf. Comput. Secur., 2017.

B. Ali and A. I. Awad, “Cyber and physical security vulnerability assessment for IoT-based smart homes,” sensors, vol. 18, no. 3, p. 817, 2018.

A.-M. Suduc, M. Bîzoi, and F. G. Filip, “Audit for information systems security,” Inform. Econ., vol. 14, no. 1, p. 43, 2010.

R. L. Krutz, R. D. Vines, and E. M. Stroz, The CISSP Prep Guide: Mastering the ten domains of computer security. Citeseer, 2001.

C. Anderson, R. L. Baskerville, and M. Kaul, “Information security control theory: Achieving a sustainable reconciliation between sharing and protecting the privacy of information,” J. Manag. Inf. Syst., vol. 34, no. 4, pp. 1082–1112, 2017.

S. K. Pandey, “A comparative study of risk assessment methodologies for information systems,” Bull. Electr. Eng. Informatics, vol. 1, no. 2, pp. 111–122, 2012.

M. T. Jufri, M. Hendayun, and T. Suharto, “Risk-assessment based academic information System security policy using octave Allegro and ISO 27002,” in 2017 Second International Conference on Informatics and Computing (ICIC), 2017, pp. 1–6.

E. Goldman, “Challenges and Concerns for Implementing OCTAVE Allegro in a University Environment.” 2013.

T. Aven, “Foundational issues in risk assessment and risk management,” Risk Anal. An Int. J., vol. 32, no. 10, pp. 1647–1656, 2012.

R. A. Caralli, J. F. Stevens, L. R. Young, and W. R. Wilson, “Introducing octave allegro: Improving the information security risk assessment process,” Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst, 2007.

S. Santoso, J. Kauf, and N. Aristo, “The Information System Of Name Card Sales Based On Digital Marketing To Improve Creativepreneur On College E-Commerce Website”, Aptisi Transactions On Technopreneurship (ATT), vol. 1, no. 1, pp. 64-72, Mar. 2019.

E. Febriyanto, R. Naufal, and S. Sulistiawati, “Planning of the Web-based E-Raport Assessment System”, Aptisi Transactions On Technopreneurship (ATT), vol. 2, no. 1, pp. 48-58, Jan. 2020.

A. Alwiyah, C. Greisy, and A. Afitri, “Implementation Of Information Systems On E-commerce Websites As Media To Deliver Information”, Aptisi Transactions On Technopreneurship (ATT), vol. 1, no. 2, pp. 127-133, Aug. 2019.

T. Hariguna, E. Harahap, and S. Salsabila, “Implementation of Business Intelligence Using Highlights in the YII Framework based Attendance Assessment System”, Aptisi Transactions On Technopreneurship (ATT), vol. 1, no. 2, pp. 109-116, Aug. 2019.

Hariguna, Taqwa, Muhamad Yusup, and Agung Priyadi. 2019. “The Transaction Optimization Of Color Print Sales Through E-Commerce Website Based On Yii Framework On Higher Education.” Aptisi Transactions On Technopreneurship (ATT) 1(1): 1–10.

Santoso, Sugeng, Josch Kauf, and Nabila Cynthia Aristo. 2019. “The Information System of Name Card Sales Based on Digital Marketing to Improve Creativepreneur on College E-Commerce Website.” Aptisi Transactions On Technopreneurship (ATT) 1(1): 64–72.

Sunarya, Po Abas, Doucette David Bernard, and Dian Maharani Damanik. 2019. “Viewboard Implementation Based on Javascript Charts as a Media for Submitting Sales Information on a Green E-Commerce Website Light Cafe.” Aptisi Transactions On Technopreneurship (ATT) 1(1): 11–19.

. Zarlis, Muhammad, Eka Purnama Harahap, and Lina Naelal Husna. 2019. “Test Appraisal System Application Based on YII Framework as Media Input Student Value Final Project and Thesis Session at Higher Education.” Aptisi Transactions On Technopreneurship (ATT) 1(1): 73–81.

Additional Files



How to Cite

Hom, J., Anong, B., Rii, K. B., Choi, L. K., & Zelina, K. (2020). The Octave Allegro Method in Risk Management Assessment of Educational Institutions. Aptisi Transactions on Technopreneurship (ATT), 2(2), 167-179.