Information Technology Risk Management of ABC Application At University Using ISO 31000:2018

Authors

  • Widi Linggih Jaelani Universitas Teknologi Bandung
  • Ahsani Takwim Universitas Teknologi Bandung
  • Titania Sari Universitas Teknologi Bandung
  • Diyah Wijayanti Universitas Teknologi Bandung
  • Satrya Fajri Pratama University of Hertfordshire, United Kingdom

DOI:

https://doi.org/10.31848/jesii.v3i1.4093

Abstract

Information technology (IT) plays a critical role in supporting operations and decision-making in higher education institutions. At Universitas Teknologi Bandung (UTB), reliance on IT systems for academic administration, online learning, and data management has increased the risk of security incidents such as clickjacking, unrestricted file uploads, cross-site scripting (XSS), misconfiguration, excessive data exposure, and server downtime. This study applies the ISO 31000:2018 risk management framework to systematically identify, assess, and analyze IT security risks in UTB’s information systems. Using a 5x5 risk matrix, risks were evaluated based on probability and impact, revealing that moderate risks dominate, primarily from clickjacking, XSS, unrestricted file upload, and server downtime incidents, while misconfiguration and excessive data exposure represent low-level risks requiring ongoing monitoring. Common causes include weak input/output validation, insecure system configurations, and inadequate access controls and data sanitization. Proposed mitigation efforts focus on rigorous source code review before publication, regular penetration testing every 3 to 6 months, and increased awareness of security policies and potential incidents. The findings aim to enhance IT risk management practices at UTB, contributing to stronger governance and the protection of institutional data amid growing digital transformation.

Downloads

Published

2025-06-22

How to Cite

Linggih Jaelani, W., Takwim, A., Sari, T., Wijayanti, D., & Fajri Pratama, S. (2025). Information Technology Risk Management of ABC Application At University Using ISO 31000:2018. JESII: Journal of Elektronik Sistem InformasI, 3(1), 41–48. https://doi.org/10.31848/jesii.v3i1.4093

Issue

Vol. 3 No. 1 (2025): JOURNAL ELEKTRONIK SISTEM INFORMASI (JUNE)

Section

Articles

License

Copyright (c) 2025 Widi Linggih Jaelani, Ahsani Takwim, Titania Sari, Diyah Wijayanti, Satrya Fajri Pratama

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors who publish in JESII: Journal Elektronik Sistem InformasI agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).