Afino, Evan Kalif (2026) Implementing An Email Risk Assessment Framework for Educational Institutions. Other thesis, Institut Teknologi Sepuluh Nopember.
![[thumbnail of 5026201086-Undergraduate_Thesis.pdf]](http://repository.its.ac.id/style/images/fileicons/text.png) |
Text
5026201086-Undergraduate_Thesis.pdf - Accepted Version Restricted to Repository staff only Download (2MB) | Request a copy |
Abstract
Advanced email-based cyberthreats, such as phishing, malware, and Business Email Compromise (BEC), are increasingly targeting Higher Education Institutions (HEIs), putting them at serious danger in terms of finances, operations, and reputation. Current security solutions frequently lack a proactive, customized approach to the unique threat landscape of academic contexts and are instead reactive. By creating, implementing, and evaluating a thorough Email Risk Assessment Framework (ERAF) for HEIs, as well as a controlled phishing simulation utilizing the GoPhish tool on a sample set of students, this study fills this gap. With 42.9% of participants clicking on the fraudulent link, the results verified that phishing for credential theft poses a "Critical" danger. However, since none of the subjects entered their login information on the bogus landing page, the study also uncovered an important secondary layer of user defense. The fact that 100% of participants—including those who were aware of the threat—failed to disclose the phishing effort revealed a serious cultural gap and exposed a vulnerability in the institution's overall security posture. This study shows that in order to effectively model threats and identify subtle user actions, an integrated ERAF is necessary. It comes to the conclusion that improving institutional cybersecurity necessitates a multifaceted approach that blends technical controls with a strong user awareness campaign aimed at encouraging a culture of proactive security reporting.
=================================================================================================================================
Ancaman siber berbasis email tingkat lanjut, seperti phishing, malware, dan Business Email Compromise (BEC), semakin menargetkan Institusi Pendidikan Tinggi (HEI), sehingga membahayakan mereka secara serius dalam hal keuangan, operasional, dan reputasi. Solusi keamanan saat ini seringkali kurang memiliki pendekatan proaktif dan khusus terhadap lanskap ancaman unik dalam konteks akademis, dan lebih bersifat reaktif. Dengan menciptakan, mengimplementasikan, dan mengevaluasi Kerangka Kerja Penilaian Risiko Email (ERAF) yang komprehensif untuk HEI, serta simulasi phishing terkontrol menggunakan alat GoPhish pada sampel mahasiswa, studi ini mengisi kesenjangan tersebut. Dengan 42,9% peserta mengklik tautan palsu, hasilnya memverifikasi bahwa phishing untuk pencurian kredensial menimbulkan bahaya "Kritis". Namun, karena tidak satu pun subjek memasukkan informasi login mereka di halaman arahan palsu, studi ini juga mengungkap lapisan pertahanan pengguna sekunder yang penting. Fakta bahwa 100% peserta—termasuk mereka yang menyadari ancaman tersebut—gagal mengungkapkan upaya phishing menunjukkan kesenjangan budaya yang serius dan mengungkap kerentanan dalam postur keamanan keseluruhan institusi. Studi ini menunjukkan bahwa untuk secara efektif memodelkan ancaman dan mengidentifikasi tindakan pengguna yang halus, ERAF yang terintegrasi sangat diperlukan. Studi ini menyimpulkan bahwa peningkatan keamanan siber institusional memerlukan pendekatan multifaset yang menggabungkan kontrol teknis dengan kampanye kesadaran pengguna yang kuat yang bertujuan untuk mendorong budaya pelaporan keamanan proaktif.
| Item Type: | Thesis (Other) |
|---|---|
| Uncontrolled Keywords: | Penilaian Risiko Email, Ancaman berbasis Email, Insititusi Pendidikan Tinggi, Kerangka Kerja Keamanan Siber NIST, MITRE ATT&CK, Phising, Email risk assessment, Email-Based threats, High educational institutions, NIST cybersecurity framework, MITRE ATT&CK, Phising |
| Subjects: | T Technology > T Technology (General) > T58.6 Management information systems |
| Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Information System > 57201-(S1) Undergraduate Thesis |
| Depositing User: | Evan Kalif Afino |
| Date Deposited: | 30 Jan 2026 07:01 |
| Last Modified: | 30 Jan 2026 07:08 |
| URI: | http://repository.its.ac.id/id/eprint/131314 |
Actions (login required)
 |
View Item |