Risk Mitigation Plan in API Integration Using NIST SP 800 - 37
DOI:
https://doi.org/10.61841/xmt4s111Keywords:
Risk, NIST 800-37, intergation, API, mitigationAbstract
Integrating the backend system or external system in recent business system is a must. Complexity in operational system makes company or organization should have a good plan in integration. The best and easy way in integration is using application programming interface (API) that can help us integrating the system without doing lots of modification. But, integrating the API or the system using API can lead into some risky situation, such as data format problem, security, or non-standard API development issue. The risk issue need to encounter by preparing proper mitigation plan. It can be done by implementing framework for risk management or assessment such as explained on NIST SP 800-37 documents. On this research, we implement the risk assessment on integration problem at PT.X, which provide online services and needs to process data from customer, sales, and financial information. The data analysis from risk assessment shows that there are three top risks need to resolve which are accountability, hesitating over API utilization, and lack of Security. Based on this result, we also propose some mitigation plan to reduce the impact, such as establish roles and responsibility for API development and maintenance, socialized and promote API utilization, and increase the security capability.
Downloads
References
[1] Darmawi, H., 2014. Manajemen Risiko. Jakarta: Bumi Aksara.
[2] Gondodiyoto, Sanyoto. (2007). Audit Sistem Informasi Pendekatan COBIT.
[3] Idroes, F. N. (2008). Manajemen Risiko Perbankan: Pemahaman Pendektan 3
[4] Internet Banking And Commerce
[5] Jakarta: Penerbit Mitra Wacana.
[6] Kasidi, 2014. Manajemen Risiko. Bogor: Ghalia IndonesiaMedia. Pilar Kesepakatan Bassel II Terkait Aplikasi Regulasi dan Pelaksanaannya di Indonesia. Jakarta: Rajawali Pers
[7] Pinontoan, J. H. (2010). Manajemen Risiko TI Konsep-konsep. Majalah PC
[8] Stoneburner, G., Goguen, A. & Feringa, A., 2002. Risk Management Guide for Information Technology Systems Recommendation of the National Institute of Standards and Technology Special Publication 800-30.
[9] Wolingpirayat, J.2007. E-payment Strategies of Bank Card Innovation. Journal of Internet Banking And Commerce
[10] Yu, D., Ebadi, A.G., Jermsittiparsert, K., Jabarullah, N., Vasiljeva, M.V., & Nojavan, S. (2019) Risk- constrained Stochastic Optimization of a Concentrating Solar Power Plant, IEEE Transactions on Sustainable Energy, https://doi.org/ 10.1109/TSTE.2019.2927735.
[11] Michael, S.; Purba, J., 2007, Membongkar Teknologi Pemrograman Web service, Gava Media, Yogyakarta
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
- Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.
