Smart Security Risk Management pada Bali Smart Island menggunakan OSINT, OTGv4.2, dan ISO 31000:2018
Abstract
The integration of web-based services and information on Bali Smart Island, on the one hand, provides convenience, but on the other hand raises issues of threats and risks related to system, data, and information security. Current security testing only uses OWASP and OSINT but is not accompanied by risk assessment and risk management. This research conducted security testing on the Bali Smart Island domain using a combination of OSINT and OWASP Testing Guide (OTGv4.2) accompanied by ISO 31000:208 risk assessment and risk management. The research uses experimental methodology with Proof of Concept (PoC) using the Harvester tool in the target domain. The test results measure the level of risk, accompanied by recommendations. The final results of the research show that the combination of OSINT, OTGv4.2, and ISO 31000:2018, can provide the best and most effective solution for information technology security risk management guidelines on the Bali Smart Island, through security testing, assessing security test results, evaluation, and providing recommendations post-evaluation system improvements. In the future, this research can be continued by using a combination of other tools and methods for web security.
Downloads
References
Pratama, I.P.A.E., “Smart City Beserta Cloud Computing dan Teknologi-Teknologi Pendukung Lainnya,” Penerbit Informatika. Bandung. 2014. ISBN: 978-602-1514-40-5.
Rizkinaswara, L., “Gerakan Menuju 100 Smart City,” Website Kementerian Komunikasi dan Informatika Republik Indonesia (online). 2022. Available:
https://aptika.kominfo.go.id/2022/07/gerakan-menuju-100-smart-city-2/ [accessed: 17 November 2023].
Pemerintah Provinsi Bali. “Nangun Sat Kerthi Loka Bali, Melalui Pola Pembangunan Semesta Berencana Menuju Bali Era Baru”, Website Pemerintah Provinsi Bali (online). 2021. Available: https://baliprov.go.id/ [accessed: 1 June 2021].
Crane, L., Gantz, G. and Isaacs, S.I. “Introduction to Risk Management,” Journal of Business Strategy, Vol.3, 2013. pp.41-43.
Outreville, J.F. “The Relationship between Insurance and Economic Development: 85 Empirical Papers for a Review of the Literature,” Risk Management and Insurance Review, Vol.16, 2013. pp.71-122. https://doi.org/10.1111/j.1540-6296.2012.01219.
OWASP. “OWASP Testing Guide version 4.2 (OTGv4.2)”, OWASP homepage (online). Available: https://owasp.org/www-project-web-security-testing-guide/v42/ [accessed: 28 May 2021].
C. Martorella. “The Harvester: the Open Source OSINT Tool for Information Gathering“, Laramies/The Harvester GitHub (online). Available: https://github.com/laramies/theHarvester [accessed: 28 May 2021].
Saluky, “Tinjauan Artificial Intelligence untuk Smart Government,” Information Technology Engineering Journals (ITEJ), Vol.03, No.01, 2018.
J. More, “Job Reconnaissance Using Hacking Skills to Win the Job Hunt Game”, Elsevier Inc. 2014.
Kalinin, M.; Krundyshev,V.; Zegzhda, P. “Cybersecurity Risk Assessment in Smart City Infrastructures”, Machines Vol.9, No. 78, 2021. https://doi.org/10.3390/machines9040078
A.N. Kazak; N. Shamayeva. “Separate Aspects of Smart Cities Security,” 2018 IEEE International Conference Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS), 2018, pp.216-218, doi: 10.1109/ITMQIS.2018.8524909
P.T. Pradeep; K.L. Shashikala, “Smart City Services Challenges and Approach,” 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon), 2019, pp. 553-558, doi: 10.1109/COMITCon.2019.8862243.
P. Hui, “Construction of Information Security Risk Assessment Model in Smart City,” 2020 IEEE Conference on Telecommunications, Optics and Computer Science (TOCS), 2020, pp. 393-396, doi: 10.1109/TOCS50858.2020.9339614.
M. Pouryazdan and B. Kantarci, “The Smart Citizen Factor in Trustworthy Smart City Crowdsensing,” in IT Professional, vol. 18, no. 4, pp. 26-33, July-Aug. 2016, doi: 10.1109/MITP.2016.72.
K. Waedt, A. Ciriello, M. Parekh and E. Bajramovic, “Automatic assets identification for smart cities: Prerequisites for cybersecurity risk assessments,” 2016 IEEE International Smart Cities Conference (ISC2), 2016, pp. 1-6, doi: 10.1109/ISC2.2016.7580812.
S. K. Lala, A. Kumar and S. T., “Secure Web Development using OWASP Guidelines,” 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS), 2021, pp. 323-332, doi: 10.1109/ICICCS51141.2021.9432179.
I.P.A.E. Pratama, A.A.B.A. Wiradarma, “Open Source Intelligence Testing Using the OWASP Version 4 Framework at the Information Gathering Stage (Case Study: X Company)”, International Journal of Computer Network and Information Security (IJCNIS), Vol.11, No.7, 2019.
M. A. Juniawan, P. Sandhyaduhita, B. Purwandari, S. B. Yudhoatmojo and M. A. A. Dewi, “Smart government assessment using Scottish Smart City Maturity Model: A case study of Depok city,” 2017 International Conference on Advanced Computer Science and Information Systems (ICACSIS), 2017, pp. 99-104, doi: 10.1109/ICACSIS.2017.8355018.
S. Manggalou, et al., "Risk management analysis of public street lighting (SMART PJU) as Quick win smart environment of Semarang City," International Journal of Science, Technology & Management (IJSTM), Vol.4, No.5, 2023.
P. Cash, et al., “Experimental Design Research: Approaches, Perspectives, Applications” Springer Link. 2016.
I.P.A.E Pratama, M.T.S. Pratika, “Manajemen Risiko Teknologi Informasi Terkait Manipulasi dan Peretasan Sistem pada Bank XYZ Tahun 2020 Menggunakan ISO 31000:2018,” Jurnal Telematika, Vol.15, No.2, 2020.
B. Dharma, D.C. Pratiwi, “Developing Financial Risk Strategy Decisions for Construction Projects From Perspective of the Project Owner,” Journal of Management and Business Innovation (JOMBI), Vol.2, No.1, 2020.
Periyadi, “Analisis Resiko Teknologi Informasi Sistem Terintegrasi iGracias Berbasis Risk Assesment Menggunakan SNI ISO-IEC 27001-2009,” Jurnal Teknologi Informasi Vol.2, No.3, 2015.
M. Azizah, W. Yustanti, “Pemilihan Metode Risk Assessment Pada UPT-TIK di Perguruan Tinggi Menggunakan Metode AHP (Analytical Hierarchy Process) (Studi kasus: UPT-TIK Wilayah Kota Surabaya),” Jurnal Manajemen Informatika. Vol.10, No.01, 2019.
