Measurement of Security System Performance on Websites of Personnel Information Systems in Government Using Common Vulnerability Scoring System
DOI:
https://doi.org/10.31004/jptam.v6i1.3336Keywords:
CVSS, metrik keamanan, keamanan situs web, pemindaian, Sistem Skor Kerentanan Umum, Sistem Informasi Kepegawaian di PemerintahAbstract
Perkembangan komputer semakin pesat terutama sebagai media komunikasi data. Salah satu bentuk nyata dari evolusi teknologi adalah berkembangnya media informasi online seperti website yang dapat diakses di seluruh dunia selama terhubung dengan jaringan internet tanpa dibatasi oleh ruang dan waktu. Kerentanan keamanan sistem jaringan komputer adalah kelemahan dalam sistem yang dapat dimanfaatkan oleh satu atau lebih penyerang untuk melakukan serangan yang dapat membahayakan kerahasiaan, integritas, atau ketersediaan suatu sistem. Sehingga diperlukan penerapan keamanan yang lebih baik, pada proyek ini dilakukan analisis keamanan website dengan metode scanning dan perhitungan metrik keamanan dengan pengukuran pada sistem informasi Common Vulnerability Scoring System (CVSS) pada website Sistem informasi kepegawaian di lingkungan Pemerintah , melalui metode Scanning Vulnerability Assessments untuk menganalisa keamanan pada website. Hasil yang diperoleh dalam perhitungan metrik keamanan menggunakan perhitungan skor dasar menunjukkan nilai yang tinggi untuk tingkat keparahan paling berbahaya dalam pencurian data di situs web pemerintah..
References
Ahad, D. S., Akbar, M., & Ulfa, M. ANALISIS KERENTANAN TERHADAP ANCAMAN SERANGAN PADA WEBSITE PDAM TIRTA MUSI PALEMBANG.
Celebic, G., & Rendulic, D. Basic Concepts of Information and Communication Technology, 2011. Zagreb, Croatia: Open Society for Idea Exchange (ODRAZI).
Chew, E., Swanson, M. M., Stine, K. M., Bartol, N., Brown, A., & Robinson, W. (2008). Performance measurement guide for information security.
Collier, Z. A., DiMase, D., Walters, S., Tehranipoor, M. M., Lambert, J. H., & Linkov, I. (2014). Cybersecurity standards: Managing risk and creating resilience. Computer, 47(9), 70-76.
Collier, Z. A., Panwar, M., Ganin, A. A., Kott, A., & Linkov, I. (2016). Security metrics in industrial control systems. In Cyber-security of SCADA and other industrial control systems (pp. 167-185). Springer, Cham.
Halim, D. (2020). Inilah Analisa Pakar Digital Forensik Bahwa Database Anggota Polri Telah Diretas, [Electronic Version]. Available: https://nasional.kontan.co.id/news/inilah-analisa-pakar-digital-forensik-bahwa-database-anggota-polri-telah-diretas?page=2 [2021, Juni 18].
Horváth, A., Erd?si, P. M., & Kiss, F. (2016). The common vulnerability scoring system (cvss) generations–usefulness and deficiencies.
Ian, M. (2019). What is Cross-site Request Forgery?. [Electronic Version]. Available: https://www.acunetix.com/blog/articles/cross-site-request-forgery/ [14 Februari 2019].
INDONESIA, K. N. R. (2015). Peraturan Kepala Kepolisian Negara Republik Indonesia No. 5 Tahun 2015 Tentang Sistem Informasi Personil Kepolisian Negara Republik Indonesia.
Indonesia, R. (2002). Undang-Undang Republik Indonesia Nomor 2 Tahun 2002 Tentang Kepolisian Negara Republik Indonesia. Lembaran Negara RI Tahun.
Ismail, R., & Zainab, A. N. (2013). Information systems security in special and public libraries: an assessment of status. arXiv preprint arXiv:1301.5386.
Joseph, A. E. (2006). Cybercrime definition. Computer Crime Research Center. Retrieved April, 20, 2012.
Joshi, C., & Singh, U. K. (2016). Performance evaluation of web application security scanners for more effective defense. International Journal of Scientific and Research Publications (IJSRP), 6(6), 660-667.
Juhad, H. A., Isnanto, R. R., & Widianto, E. D. (2016). Analisis Keamanan pada Aplikasi Her-registrasi Online Mahasiswa Universitas Diponegoro. Jurnal Teknologi dan Sistem Komputer, 4(3), 479-484.
Khazaei, A., Ghasemzadeh, M., & Derhami, V. (2016). An automatic method for CVSS score prediction using vulnerabilities description. Journal of Intelligent & Fuzzy Systems, 30(1), 89-96.
Kiran, K. V. D., Sruthi, P., Neema, P. S., Vani, G. M., & Sahu, R. (2014). Risk Assessment in Online Banking System. International Journal of Computer Trends and Technology IJCTT, 9(6), 279-85.
Mell, P., Romanosky, S., & Scarfone, K. (2006). Common vulnerability scoring system, (ARTICLE)
Mell, P., Scarfone, K., & Romanosky, S. (2006). Common vulnerability scoring system. IEEE Security & Privacy, 4(6), 85-89.
Mell, P., Scarfone, K., & Romanosky, S. (2007, June). A complete guide to the common vulnerability scoring system version 2.0. In Published by FIRST-forum of incident response and security teams (Vol. 1, p. 23).
Mell, P., Scarfone, K., & Romanosky, S. (2007). The common vulnerabi-lity scoring system (CVSS) and its applicability to federal agency sys-tems, NIST IR 7435. USA: Department of Commerce.
Mulya, B. W. R., & Tarigan, A. (2018). Pemeringkatan Risiko Keamanan Sistem Jaringan Komputer Politeknik Kota Malang Menggunakan Cvss Dan Fmea. ILKOM Jurnal Ilmiah, 10(2), 190-200.
National Research Council. (1999). Realizing the potential of C4I: Fundamental challenges. National Academies Press.
Pitoyo A. (2013). Disusupi Peretas, Situs polri.go.id Tumbang Semalaman, [Electronic Version]. Available: https://www.merdeka.com/peristiwa/disusupi-peretas-situs-polrigoid-tumbang semalaman.html [2013, Mei 17]
Rezaei, H. (2012). The application of information technology and its relationship with organizational intelligence. Procedia Technology, 1, 94-97.
Robby, P. (2013). Analisis Web Vulnerability pada Portal Pemerintahan Kota Palembang Menggunakan Acunetix Vulnerability (Doctoral dissertation, UNIVERSITAS BINA DARMA).
Sima, V., Gheorghe, I. G., Subi?, J., & Nancu, D. (2020). Influences of the industry 4.0 revolution on the human capital development and consumer behavior: A systematic review. Sustainability, 12(10), 4035.
Singh, U. K., Joshi, C., & Gaud, N. (2016). Information security assessment by quantifying risk level of network vulnerabilities. International Journal of Computer Applications, 156(2), 37-44.
Violeta S., dkk. (2020). Influences of the Industry 4.0 Revolution on the Human Capital Development and Consumer Behavior: A Systematic Review. Sustainability 2020, 12, 4035.
Wirtz, R., & Heisel, M. (2019, May). CVSS-based Estimation and Prioritization for Security Risks. In ENASE (pp. 297-306).
Yang, F., & Gu, S. (2021). Industry 4.0, a revolution that requires technology and national strategies. Complex & Intelligent Systems, 7(3), 1311-1325.
Zen, B. P., Gultom, R. A., & Reksoprodjo, A. H. (2020). ANALISIS SECURITY ASSESSMENT MENGGUNAKAN METODE PENETRATION TESTING DALAM MENJAGA KAPABILITAS KEAMANAN TEKNOLOGI INFORMASI PERTAHANAN NEGARA. Teknologi Penginderaan, 2(1).
Zieja, M., Zieja, M., & Stachurski, A. (2018). An outline of the method for predicting IT vulnerabilities. In MATEC Web of Conferences (Vol. 210, p. 02010). EDP Sciences
Downloads
Published
How to Cite
Issue
Section
Citation Check
License
Copyright (c) 2022 Ferlan Gisma Putra, Benfano Soewito
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work’s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal’s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
