Risk Assessment Qualitative Method (Raqum) Tool For An Organization

Abstract

The goal of this project is to develop a tool in web portal for the purpose of risk assessment and risk treatment process. RAQuM is the tool that can be used by Risk Assessor in organization to do the risk assessment by using qualitative method which focus more to an organization who comply with ISO/IEC 27001:2005 and ISO/IEC 27005:2008 compliance. Risk Assessment of information security is an important assessment method and decision mechanism in the process of making information security system. In this project, all the important data was collected in order to identify the requirement needed in developing the RAQuM. A preliminary study revealed that information asset identification is an essential phase in risk assessment process which also contributes to security risk assessment. The proposed tool involves direct research which is based on risk assessment and risk treatment process, qualitative method, exactly mention in ISO/IEC27005:2008. PHP language has been chosen as the programming language in developing RAQuM as PHP can be easily be use along with MySQL which MySQL has been chosen as the database for RAQuM. Black-box and user acceptance testing has been chosen as the testing method in order to find out how well RAQuM works.