MANAJEMEN RISIKO TEKNOLOGI INFORMASI MENGGUNAKAN ISO 31000 BERBASIS KERANGKA KERJA PENGUJIAN PENETRASI ISSAF

PERDIANZA, MUHAMMAD EGI and Firdaus, Mgs Afriyan (2024) MANAJEMEN RISIKO TEKNOLOGI INFORMASI MENGGUNAKAN ISO 31000 BERBASIS KERANGKA KERJA PENGUJIAN PENETRASI ISSAF. Undergraduate thesis, Sriwijaya University.

[thumbnail of RAMA_57201_09031382126132_cover.jpg] Image
RAMA_57201_09031382126132_cover.jpg - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (52kB) | Request a copy
[thumbnail of RAMA_57201_09031382126132.pdf] Text
RAMA_57201_09031382126132.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (3MB) | Request a copy
[thumbnail of RAMA_57201_09031382126132_TURNITIN.pdf.pdf] Text
RAMA_57201_09031382126132_TURNITIN.pdf.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (3MB) | Request a copy
[thumbnail of RAMA_57201_09031382126132_0012028203_01_front_ref.pdf] Text
RAMA_57201_09031382126132_0012028203_01_front_ref.pdf - Accepted Version
Available under License Creative Commons Public Domain Dedication.
Download (631kB)
[thumbnail of RAMA_57201_09031382126132_0012028203_02.pdf] Text
RAMA_57201_09031382126132_0012028203_02.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (205kB) | Request a copy
[thumbnail of RAMA_57201_09031382126132_0012028203_03.pdf] Text
RAMA_57201_09031382126132_0012028203_03.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (181kB) | Request a copy
[thumbnail of RAMA_57201_09031382126132_0012028203_04.pdf] Text
RAMA_57201_09031382126132_0012028203_04.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (242kB) | Request a copy
[thumbnail of RAMA_57201_09031382126132_0012028203_05.pdf] Text
RAMA_57201_09031382126132_0012028203_05.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (97kB) | Request a copy
[thumbnail of RAMA_57201_09031382126132_0012028203_06_ref.pdf] Text
RAMA_57201_09031382126132_0012028203_06_ref.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (159kB) | Request a copy
[thumbnail of RAMA_57201_09031382126132_0012028203_07_lamp.pdf] Text
RAMA_57201_09031382126132_0012028203_07_lamp.pdf - Accepted Version
Restricted to Repository staff only
Available under License Creative Commons Public Domain Dedication.
Download (3MB) | Request a copy

Abstract

Information security is critical for higher education institutions, which manage large amounts of sensitive data in the digital age. Data breach incidents in Indonesia's academic sector reached 2,217 in 2021. A university website with 36 web-based information system services was found to have been defaced. SQL injection and XSS attacks, which can lead to data breaches, system manipulation, and disruption of academic services, are also common. These attacks underscore the importance of strong security measures to protect data and preserve the reputation of education. This research assesses the security risk of the XYZ University website using the ISSAF and ISO 31000. ISSAF was applied in four stages: information gathering, network mapping, vulnerability identification, and penetration testing with customization for university web systems. ISO 31000 was used to assess risk severity, resulting in classifications of two high, six medium, and twelve low risks. Security recommendations were developed to address the key risks and can be applied to other universities facing similar threats. The findings provide great insight for educational institutions to strengthen their cybersecurity. Implementing appropriate measures not only improves privacy, but also builds trust and reputation. Proactive information security is becoming a critical asset for the sustainability and credibility of higher education institutions in this vulnerable digital age.

Item Type: Thesis (Undergraduate)
Uncontrolled Keywords: Keamanan Informasi, Infomation System Security Assessment Framework, Pengujian Penetrasi, Manajemen Risiko, ISO 31000
Subjects: T Technology > T Technology (General) > T58.4 Managerial control systems Information technology. Information systems (General)
T Technology > T Technology (General) > T58.5-58.64 Information technology > T58.5 General works Management information systems Cf. HD30.213 Industrial management Cf. HF5549.5.C6+ Communication in personnel management Cf. TS158.6 Automatic data collection systems (Production control)
T Technology > T Technology (General) > T58.6-58.62 Management information systems > T58.6 General works Industrial engineering Information technology. Information systems (General) Management information systems -- Continued
T Technology > T Technology (General) > T58.5-58.64 Information technology > T58.6.E9 Management information systems -- Congresses.
Divisions: 09-Faculty of Computer Science > 57201-Information Systems (S1)
Depositing User: Muhammad Egi Perdianza
Date Deposited: 02 Jan 2025 02:13
Last Modified: 02 Jan 2025 02:13
URI: http://repository.unsri.ac.id/id/eprint/162061

Actions (login required)

View Item View Item