Work place: Department of Information Technology, Faculty of Engineering, Universitas Udayana, Indonesia
E-mail: suta.arry@gmail.com
Website:
Research Interests: Application Security, Information Security, Network Architecture, Network Security
Biography
I Gede Ary Suta Sanjaya, is a student and currently studying on information technology major in the Engineering Faculty of Udayana University. His research interests are mostly about computer network and network security management topics. Such as Network Centric Principles, IT Security Audit, IT Risk Management, and Network Security Applications.
Email: suta.arry@gmail.com
By I Gede Ary Suta Sanjaya Gusti Made Arya Sasmita Dewa Made Sri Arsa
DOI: https://doi.org/10.5815/ijcnis.2020.04.03, Pub. Date: 8 Aug. 2020
Election Commission of X City is an institution that serves as the organizer of elections in the X City, which has a website as a medium in the delivery of information to the public and as a medium for the management and structuring of voter data in the domicile of X City. As a website that stores sensitive data, it is necessary to have risk management aimed at improving the security aspects of the website of Election Commission of X City. The Information System Security Assessment Framework (ISSAF) is a penetration testing standard used to test website resilience, with nine stages of attack testing which has several advantages over existing security controls against threats and security gaps, and serves as a bridge between technical and managerial views of penetration testing by applying the necessary controls on both aspects. Penetration testing is carried out to find security holes on the website, which can then be used for assessment on ISO 31000 risk management which includes the stages of risk identification, risk analysis, and risk evaluation. The main findings of this study are testing a combination of penetration testing using the ISSAF framework and ISO 31000 risk management to obtain the security risks posed by a website. Based on this research, obtained the results that there are 18 security gaps from penetration testing, which based on ISO 31000 risk management assessment there are two types of security risks with high level, eight risks of medium level security vulnerabilities, and eight risks of security vulnerability with low levels. Some recommendations are given to overcome the risk of gaps found on the website.
[...] Read more.Subscribe to receive issue release notifications and newsletters from MECS Press journals