Information Security Risk Assessment for the Malaysian Aeronautical Information
                                                  Management System


                                         Alfian Alwi & Khairul Akram Zainol Ariffin


                                                          Abstract



               Aviation-related information management system as well as other information systems
               suffer from  the  problem  of  security  risk.  This  security  risk  is  not  an  aviation-  specific
               problem  and  this  paper  aims  to  study  on  the  existing  risks  for  the  Malaysian
               Aeronautical  Information  Management  System  in  the  Civil  Aviation  Authority  of
               Malaysia. The aims of this paper is to provide an overall risk level rating for the future
               implementation of information security risk management systems, while highlighting the
               advantages of ISO 27005 standards. The risk assessment activities will start with risk
               identification,  followed  by  risk  estimation.  The  third  step  is  the  risk  evaluation  which
               addresses the result analysis and several contributions of the study as efforts toward
               initiating ISO certification process.


























                                                                                                            3