Abstract:
The goal of this project is to develop a tool in web portal for the purpose of risk
assessment and risk treatment process. RAQuM is the tool that can be used by Risk
Assessor in organization to do the risk assessment by using qualitative method which
focus more to an organization who comply with ISO/IEC 27001:2005 and ISO/IEC
27005:2008 compliance. Risk Assessment of information security is an important
assessment method and decision mechanism in the process of making information
security system. In this project, all the important data was collected in order to
identify the requirement needed in developing the RAQuM. A preliminary study
revealed that information asset identification is an essential phase in risk assessment
process which also contributes to security risk assessment. The proposed tool
involves direct research which is based on risk assessment and risk treatment
process, qualitative method, exactly mention in ISO/IEC27005:2008. PHP language
has been chosen as the programming language in developing RAQuM as PHP can be
easily be use along with MySQL which MySQL has been chosen as the database for
RAQuM. Black-box and user acceptance testing has been chosen as the testing
method in order to find out how well RAQuM works.