Effendi, Hermawan (2022) Analisis Korelasi Antara Kesadaran Keamanan Informasi Programmer Aplikasi Dengan Hasil Uji Vulnerability Assessment Menggunakan Structural Equation Modeling-Partial Least Square. Masters thesis, Institut Teknologi Sepuluh Nopember.
Text
Final_tesis_hermawan effendi_6022201034.pdf - Accepted Version Restricted to Repository staff only until 1 April 2024. Download (3MB) | Request a copy |
Abstract
Dalam menjalankan Sistem Pemerintahan Berbasis Elektronik (SPBE), instansi pemerintah telah melakukan pembangunan inovasi Teknologi Informasi dan Komunikasi (TIK) berupa aplikasi. Isu tentang keamanan informasi saat ini menjadi tantangan dalam membangun aplikasi yang aman karena peretasan masih sering terjadi pada aplikasi yang mempunyai informasi penting atau transaksional seperti sektor keuangan. Untuk menciptakan aplikasi yang aman diperlukan proses pembangunan aplikasi yang baik yang disertai dengan pengujian celah keamanan. Selain itu, programmer aplikasi dituntut mempunyai kesadaran keamanan informasi agar dapat menghasilkan aplikasi yang memperhatikan keamanan sistem informasi. Dalam penelitian ini dilakukan pengukuran kesadaran informasi programmer yang disandingkan dengan hasil pengujian celah keamanan aplikasi atau vulnerability assessment. Pengukuran tingkat kesadaran keamanan informasi menggunakan pemodelan knowledge, attitude, dan behavior dengan pendekatan indikator keamanan informasi DSS05 (Manage Security Services) pada COBIT 5 sebagai fokus area. Pengujian celah keamanan aplikasi menggunakan OWASP-ZAP sesuai best practice OWASP Top 10.
Pengolahan data menggunakan Structural Equation Modeling-Partial Least Square (SEM-PLS) dapat memberikan informasi analisis penyebab celah keamanan aplikasi yang berasal dari kesadaran keamanan informasi programmer sehingga menjadi bahan masukan dalam peningkatan kompetensi di bidang keamanan informasi. Berdasarkan hasil penelitian, kesadaran keamanan informasi programmer tidak sepenuhnya berkorelasi positif dengan hasil uji kerentanan aplikasi. Sebanyak 90,32% programmer mempunyai tingkat kesadaran keamanan informasi yang baik, namun hanya 53,23% aplikasi yang dihasilkan dapat lolos uji vulnerability assessment. Untuk menghasilkan aplikasi yang aman, seorang programmer dituntut memiliki pengetahuan, sikap, dan perilaku yang sangat baik sesuai indikator keamanan informasi pada COBIT 5. Dari tujuh fokus area, perlindungan dari malware, pengelolaan keamanan pada end-user, dan pengelolaan kerentanan serta pemantauan infrastruktur untuk kejadian keamanan informasi yang mempengaruhi tingkat kerentanan aplikasi.
================================================================================================
In running the Electronic-Based Government System (SPBE), government
agencies have developed Information and Communication Technology (ICT)
innovations in applications. The issue of information security is currently a
challenge in building secure applications because hacking still often occurs in
applications that have essential or transactional information, such as the financial
sector. To create a secure application, it is necessary to have a good application
development process accompanied by testing for security vulnerabilities. In
addition, application programmers must have information security awareness to
produce applications that pay attention to information system security. In this study,
the measurement of programmer's information awareness is juxtaposed with testing
application security holes or vulnerability assessments. The measurement of
information security awareness level uses knowledge, attitude, and behavior
modeling with the DSS05 (Manage Security Services) information security
indicator approach in COBIT 5 as the focus area. Testing application security
vulnerabilities using OWASP-ZAP according to OWASP Top 10 best practices.
Data processing using Structural Equation Modeling-Partial Least Square
(SEM-PLS) can analyze the causes of application security vulnerabilities
originating from programmer information security awareness. It becomes the input
for increasing competence in the field of information security. Based on the
research results, programmer information security awareness is not entirely
positively correlated with application vulnerability test results. As many as 90.32%
of programmers have a good level of information security awareness, but only
53.23% of the resulting applications can pass the vulnerability assessment test. To
produce a secure application, a programmer must have excellent knowledge,
attitude, and behavior according to the information security indicators in COBIT 5.
The seven focus areas are protection from malware, end-user security management,
vulnerability management, and infrastructure monitoring for information security
events that affect application vulnerability levels.
Item Type: | Thesis (Masters) |
---|---|
Uncontrolled Keywords: | information security awareness, vulnerability assessment, Manage Security Services, kesadaran keamanan informasi |
Subjects: | T Technology > TH Building construction > TH9737 Electronic security systems |
Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Electrical Engineering > 20101-(S2) Master Thesis |
Depositing User: | Hermawan Effendi |
Date Deposited: | 14 Feb 2022 02:16 |
Last Modified: | 31 Oct 2022 02:52 |
URI: | http://repository.its.ac.id/id/eprint/93996 |
Actions (login required)
View Item |