Analisis Risiko Keamanan Siber Website Peken Surabaya Menggunakan Standar ISO 27005:2019 dan OWASP ZAP
DOI:
https://doi.org/10.61132/saturnus.v3i3.983Keywords:
Cybersecurity, Risk Analysis, ISO 27005:2019, OWASP ZAP, Peken Surabaya WebsiteAbstract
The rapid growth of information technology has driven digital transformation in various sectors, including micro, small, and medium enterprises (MSMEs), the backbone of the Indonesian economy. In response to the challenges and opportunities of digitalization, the Surabaya City Government launched the Peken e-commerce platform on October 31, 2021. This platform aims to help MSMEs market their products online, expand market reach, and increase competitiveness. However, the use of digital systems also presents new challenges, particularly in terms of cybersecurity. Dependence on technology opens the door to various threats that can compromise data confidentiality, integrity, and availability. This study aims to analyze and evaluate information security risks on the Peken Surabaya website using a risk management approach based on the ISO/IEC 27005:2019 standard. The analysis method involves identifying information assets, recognizing potential threats, identifying vulnerabilities, and assessing risk levels based on the likelihood of occurrence and impact. To support the analysis, technical testing was also conducted using the Open Web Application Security Project Zed Attack Proxy (OWASP ZAP) tool. The research results indicate that most of the risks faced by Peken Surabaya are moderate to very high. These risks include Distributed Denial of Service (DDoS) attacks, user data leaks, and the lack of a two-factor authentication (2FA) system. Based on these findings, a risk management strategy was developed using the Risk Modification, Risk Sharing, Risk Retention, and Risk Avoidance approaches. Furthermore, this study recommends security controls based on ISO/IEC 27005 and OWASP Top 10 to enhance system protection. These findings emphasize the importance of implementing international standards-based risk management in maintaining the continuity and security of digital public services, particularly those supporting the MSME sector in the digital era.
References
Akbhari, I., & Prathama, A. (2023). Inovasi aplikasi E-Peken: Optimalisasi potensi UMKM Kota Surabaya. NeoRespublica: Jurnal Ilmu Pemerintahan, 4(2), 396–409. https://doi.org/10.52423/neoresjurnal.v4i2.90
Ardius, E., & Syamsuar, D. (2023). Assessment risk terhadap penggunaan sistem informasi akademik Universitas Ea menggunakan metode ISO 27001. Jurnal Teknologi Informasi Mura, 15(1), 1–13. https://doi.org/10.32767/jti.v15i1.1948
Aryani, F. D., Hastuti, A. K., Rohmawati, W., Kasiwi, A. N., & Winarsih, A. S. (2021). Inovasi E-Lampid sebagai implementasi New Public Service dalam meningkatkan kualitas pelayanan Disdukcapil Kota Surabaya. NeoRespublica: Jurnal Ilmu Pemerintahan, 2(2), 178. http://dx.doi.org/10.52423/neores.v2i2.17654
Isnaini, K., Sari, G. J. N., & Kuncoro, A. P. (2023). Analisis risiko keamanan informasi menggunakan ISO 27005:2019 pada aplikasi sistem pelayanan desa. Jurnal Eksplora Informatika, 13(1), 37–45. https://doi.org/10.30864/eksplora.v13i1.696
Jonny, J., Ambarwati, A., & Darujati, C. (2021). Penilaian risiko data sistem informasi manajemen puskesmas dan aset menggunakan ISO 27005. SISTEMASI, 10(1), 1. https://doi.org/10.32520/stmsi.v10i1.995
Leasa, Z. V., & Prassida, G. F. (2024). Manajemen risiko pada sistem informasi akademik Universitas XYZ menggunakan ISO 27005:2018. Jurnal Teknologi dan Sistem Informasi Bisnis, 6(4), 649–656. https://doi.org/10.47233/jteksis.v6i4.1459
Ramadhan, D. L., Febriansyah, R., & Dewi, R. S. (2020). Analisis manajemen risiko menggunakan ISO 31000 pada smart canteen SMA XYZ. JURIKOM (Jurnal Riset Komputer), 7(1), 91. https://doi.org/10.30865/jurikom.v7i1.1791
Ramadhan, M. F. A., & Ilmananda, A. S. (2024). Analisis ancaman keamanan pada sistem informasi akademik kampus menggunakan metode OWASP ZAP. JATI (Jurnal Mahasiswa Teknik Informatika), 8(4), 7985–7991. https://doi.org/10.36040/jati.v8i4.10599
Rambe, R., Gandhi, A., & Sabariah, M. K. (2023). Implementasi manajemen risiko pada aplikasi XYZ dengan pendekatan SNI ISO/IEC 27005:2018. eProceedings of Engineering, 10(4). https://openlibrarypublications.telkomuniversity.ac.id/index.php/engineering/article/view/20846
Sati, D. L., Sita, D. L., & Isnaini, K. N. (2024). Identifikasi celah kerentanan keamanan pada website dengan metode pengujian penetrasi OWASP ZAP. Jurnal RESISTOR (Rekayasa Sistem Komputer), 7(3), 153–161. https://doi.org/10.31598/jurnalresistor.v7i3.1459
Setiawan, E., & Fachri, F. (2025). Pengujian dan mitigasi kerentanan website sistem informasi akademik Universitas Ma’arif Nahdlatul Ulama Kebumen dengan OWASP ZAP. https://doi.org/10.14421/csecurity.2025.8.1.5190
Sitorus, M. G. B., Maria, N., & Safa, Y. N. (2024). Tinjauan literatur manajemen risiko cyber dalam proyek: Identifikasi, evaluasi, dan mitigasi ancaman. Jurnal Manajemen Informatika (JAMIKA), 14(2), 187–198. https://doi.org/10.34010/jamika.v14i2.12887
Utami, G. C., Supramaji, A. B., & Isnaini, K. N. (2023). Penilaian risiko keamanan informasi pada website dengan metode DREAD dan ISO 27005:2018. JUSTINDO (Jurnal Sistem dan Teknologi Informasi Indonesia), 8(1), 47–56. https://doi.org/10.32528/justindo.v8i1.219
Winarto, A. J., & Budi, S. (2024). Analisis manajemen risiko UMKM Fashion Bonoer Store Jombang di era pandemi. Journal of Sharia Economics, Banking and Accounting, 1(1), 20–29. https://doi.org/10.52620/jseba.v1i1.12
ZAP, M. O. Z. A. P. (2023). Vulnerability and mitigation analysis of the ITERA e-learning website using OWASP Zed Attack Proxy (ZAP). http://dx.doi.org/10.20884/1.dr.2023.19.1.533
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Saturnus : Jurnal Teknologi dan Sistem Informasi
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
