REFERENCES - Perpustakaan Digital ITB - WELCOME...
Transcript of REFERENCES - Perpustakaan Digital ITB - WELCOME...
xix
REFERENCES
Books:
ALARM., AIRMIC. & IRM, 2002, “A Risk Management Standard”, London, UK.
Ali, Masyhud., 2006, “Manajemen Risiko: Strategi Perankan dan Dunia Usaha
Menghadapi Tantangan Globalisasi Bisnis”, Jakarta, INA: PT RajaGrafindo
Persada.
Amsyah, Zulkfli., 2001, “Manajemen Sistem Informasi”, Jakarta: Gramedia Pustaka
Utama.
Crouhy, Michel., Galai, Dan., & Mark, Robert., 2001, “Risk Management”. New York,
USA: Mc-Graw-Hill.
Crouhy, Michel. Galai,.Dan., and Mark,Robert.2006. “The Essentials of Risk
Management”. Mc-Graw Hill. New York.
Djohanputro, Bramantyo., 2006, ”Manajemen Risiko Korporat Terintegrasi,
Memastikan Keamanan & Kelanggengan Perusahaan Anda, Jakarta, INA:
Penerbit PPM.
Hanafi, Mamduh., 2006, “Manajemen Risiko”, Yoyakarta, INA: UPP STIM YKPN.
Horcher, A. Karen., 2005, “Essentials of Financial Risk Management”. New Jersey,
USA: Wiley Inc.
Konrath, Larry F., 2006, “Auditing, A Risk Analysis Approach”. Mason, Ohio, USA:
South Western..
Kountur, Ronny., 2004, “Manajemen Risiko Operasional, Memahami Cara
Mengelola Risiko Operasional Perusahaan”. Jakarta, INA: Penerbit PPM.
Kountur, Ronny., 2004, “Manajemen Risiko”. Jakarta, INA: Penerbit PPM.
Lam, James., 2007. “Enterprise Risk Management”. New Jersey, INA: Willey Inc.
Laudon, Kenneth C. & Laudon, Jane P., 2006, “Management Information System,
Managing the Digital Firm, Ninth Edition”, New Jersey, USA: Pearson
Education.
Malhotra, Naresh K., 2006, “Market Research, an Applied Orientation”, New Jersey,
USA: Pearson Education.
Nugroho, B. Agung., 2005, ”Strategi Jitu Memilih Metode Statistik Penelitian Dengan
SPSS”, Yogyakarta, INA: CV Andi Offset.
Tampubolon, Robert., 2006, ”Manajemen Risiko, Pendekatn Kualitatif untuk Bank
Komersial”, Jakarta, INA: Elex Media Komputindo.
xx
Wideman, R. Max., 1992, “Project and Program Risk Management, A guide to
Managing Project Risks and Opportunity”, Sylva, North Carolina, USA:
Publication of Project Management Institute.
Bank Ekspor Indonesia Annual Report:
2005 Annual Report
Internet:
Bexi.co.id, 2007, Bank Ekspor Indonesia company profile and annual report, retrieved
on April 23, 2007 from
http://www.bexi.co.id
Investopedia.com, 2007, RTGS definitions, retrieved on July 28, 2007 from
http://www.investopedia.com
Pcmag.com, 2007, the best IDS software, retrieved on July 29, 2007 from
http://www.pcmag.com
Webopedia.com, 2007, proxy server and SMTP definitions, retrieved on July 25, 2007
from
http://www.webopedia.com/TERM/P/proxy_server.html
Washingtonpost.com, 2004, SWIFT code definitions, retrieved on July 25, 2007 from
http://www.washingtonpost.com
xxi
APPENDIX
xxii
APPENDIX A
Glossary
“Firewall is hardware or software which placed between an organization’s internal
network and an external network to prevent outsiders invading private networks.
(Laudon, Laudon. 2006: G6)
“Internet service provider (ISP) is a commercial organization with permanent
connection o the internet that sells temporary connection to subscribers.(Laudon,
Laudon. 2006: G7)
“Proxy server is a tool to intercepts all requests to the real server to see if it can
fulfill the requests itself. If not, it forwards the request to the real server
(webopedia.com, 2007).
“Private Branch eXchange (PBX) is a telephone exchange that serves a particular
business or office, as opposed to one that a common carrier or telephone company
operates for many businesses or for the general public. PBXs are also referred to
as:
o PABX - Private Automatic Branch eXchange
o EPABX - Electronic Private Automatic Branch Exchange”
(Laudon, Laudon. 2006: G10).
“Real Time Gross Settlement (RTGS) is an online system for settling transactions
of financial institutions, especially banks. RTGS systems are "push payment"
systems with transactions initiated by the paying bank” (investopedia.com, 2007).
“Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail
transmissions across the Internet (Kudlick, n.d retrieved from webopedia.com, n.d).
”SWIFT Code is a standard format of Bank Identifier Codes approved by the
International Organization for Standardization. It is the unique identification code
of a particular Bank. It can be found on the Account Statements. It is necessary for
sending money across countries” (washingtonpost.com, 2005).
xxiii
APPENDIX B
Research Approval Letter from BEI
xxiv
APPENDIX C
BEI Risk Management Roadmap
xxv
APPENDIX D
BEI Risk Management Reporting
xxvi
APPENDIX E
BEI Risk Management Capital Allocation
xxvii
APPENDIX F
BEI Operational Risk Management Database
xxviii
xxix
APPENDIX G
BEI IT Infrastructure Description
xxx
xxxi
APPENDIX H
The Questionnaire
xxxii
xxxiii
APPENDIX I
The Questionnaire Result
Probability Measurement
Risks RMD1 RMD2 RMD3 RMD TISD OAD IAD Total Probability Score
Weight 35% 30% 20% 15%
1 3 1 1 1.67 1 1 1 1.23
2 3 1 1 1.67 1 1 1 1.23
3 2 3 1 2.00 1 1 1 1.35
4 2 2 1 1.67 0 1 1 0.93
5 3 2 2 2.33 0 1 1 1.17
6 2 2 2 2.00 1 1 1 1.35
7 3 3 2 2.67 0 1 1 1.28
8 2 3 2 2.33 1 1 2 1.62
9 2 3 2 2.33 3 1 2 2.22
10 2 2 1 1.67 1 2 1 1.43
11 2 3 2 2.33 1 1 2 1.62
12 3 3 2 2.67 2 2 1 2.08
13 3 3 2 2.67 1 2 1 1.78
14 3 2 1 2.00 0 2 1 1.25
15 2 3 2 2.33 1 2 1 1.67
16 2 2 1 1.67 0 2 1 1.13
17 2 3 1 2.00 1 2 1 1.55
18 2 3 2 2.33 0 2 1 1.37
19 3 2 1 2.00 0 1 1 1.05
Probability Average 1.44
Probability Rank Table
Probability
Rank Risks
Total Probability
Score
1 Miss data entry 2.22
2 Hardware working systems failures 2.08
3 Network and electricity (internet or intranet) broke down 1.78
4 Software working systems failures 1.67
5 Lack of maintenance staff 1.62
6 Error reporting failures 1.62
7 Telecommunication tools failures 1.55
8 Systems maintenance failures 1.43
9 Physical assets damage (hardware, software, and application modules) caused
by force majeure 1.37
10 Company and secret information robbery 1.35
11 Password (access code authorization) misuses 1.35
12 Data manipulation 1.28
13 Hacking via internet 1.25
14 Unauthorized transaction 1.23
15 Unauthorized access to limited area 1.23
16 Hardware robbery 1.17
17 Website failures 1.13
18 Cyber terrorism 1.05
19 Systems misuses 0.93
xxxiv
Severity Measurement
Risks RMD1 RMD2 RMD3 RMD TIS ODA IAT Total Severity Score
Weight 35% 30% 20% 15%
1 3 1 1 1.67 1 1 1 1.23
2 3 1 1 1.67 1 1 1 1.23
3 3 3 1 2.33 1 1 1 1.47
4 3 1 1 1.67 1 1 1 1.23
5 3 1 2 2.00 1 1 1 1.35
6 2 1 1 1.33 1 1 1 1.12
7 3 1 1 1.67 1 1 1 1.23
8 3 1 1 1.67 1 1 1 1.23
9 2 2 2 2.00 3 1 1 1.95
10 2 1 1 1.33 1 2 1 1.32
11 2 2 2 2.00 1 1 1 1.35
12 3 2 1 2.00 1 2 1 1.55
13 3 2 1 2.00 2 2 1 1.85
14 3 1 1 1.67 0 2 1 1.13
15 2 2 2 2.00 2 2 1 1.85
16 2 1 1 1.33 0 2 1 1.02
17 2 2 2 2.00 1 2 1 1.55
18 2 2 1 1.67 1 2 1 1.43
19 3 1 1 1.67 0 1 1 0.93
Severity Average 1.37
Severity Rank Table
Severity
Rank Risks
Total Severity
Score
1 Miss data entry 1.95
2 Network and electricity (internet or intranet) broke down 1.85
3 Software working systems failures 1.85
4 Hardware working systems failures 1.55
5 Telecommunication tools failures 1.55
6 Company and secret information robbery 1.47
7 Physical assets damage (hardware, software, and application modules) caused by
force majeure 1.43
8 Hardware robbery 1.35
9 Error reporting failures 1.35
10 Systems maintenance failures 1.32
11 Unauthorized transaction 1.23
12 Unauthorized access to limited area 1.23
13 Systems misuses 1.23
14 Data manipulation 1.23
15 Lack of maintenance staff 1.23
16 Hacking via internet 1.13
17 Password (access code authorization) misuses 1.12
18 Website failures 1.02
19 Cyber terrorism 0.93