Development of information security risk assessment for nuclear regulatory authority perspective: Proposition of a system application design

We carried out information security assessment in the Indonesian Nuclear Regulatory Agency (Bapeten) with developed framework (NERA) in hybridization of the COBIT5 and NIST security frameworks to calculate the score of the institutional security adaptivity. We obtained the following results: (1) we calculated information's and documents mitigation risk and control recommendations, and (2) however, some functions show unexpected values. This fact indicates a possibility that there can be several combinations among the functions of the two frameworks. Therefore, we can conclude that we should select a good combination among the functions in the new frameworks.