| Abstrakt: |
This investigation seeks to analyze the security risks associated with the Integrated Academic Information System (iGracias) application at SMK Telkom Makassar, using the ISO 31000 standards as a benchmark. The study employs the ISO 31000:2018 Information Technology Risk Management methodology, encompassing stages of risk identification, risk analysis, risk evaluation, and risk treatment. This methodology enables the researchers to ascertain that risks have been accurately identified, thoroughly analyzed, and appropriately mitigated, minimizing their potential impact on the organization. The findings reveal security issues in the iGracias application at SMK Telkom Makassar, identified through scanning with NMAP Kali Linux, which exposed several open ports, including port 21/tcp, port 22/tcp, and port 25/tcp. Consequently, these open ports present potential opportunities for unauthorized access and cyber-attacks. Moreover, the Mobile Security Framework (MobSF) test results yielded a Common Vulnerability Scoring System (CVSS) of 6.1, indicating a medium security level for the iGracias application in the Android environment. User responses revealed process risk at 84%, system security risk at 62%, and incidental risk at 57%. The outcomes of this investigation may serve as a guide in formulating and implementing strategies to uphold the security and quality of the applications in use. [ABSTRACT FROM AUTHOR] |
