Analisis Resiko Keamanan Informasi Website Repository Digital Library Menggunakan Framework ISO/IEC 27001 & 27002: Studi Kasus Perguruan tinggi X

Abstract

The continuous evolution of digital repositories in the era of globalization, especially in context of higher education digital libraries, poses security risks that raise concerns among users. Existence of sensitive user data that requires protection by universities adds to this concern. This research aims to conduct comprehensive analysis of information security risks associated with digital library repository websites. This research seeks to identify potential vulnerabilities, threats that could compromise the confidentiality, integrity and availability of digital assets stored in repositories. Through detailed risk analysis, this research provides actionable insights and recommendations to improve the information security posture of digital libraries using the ISO/IEC 27001 and 27002 IT governance framework specifically tailored to information security standards. This research uses a literature review and interviews with responsible parties at the University of X's digital library repository. Findings show that the use of tools such as Acunetix helps identify vulnerabilities in web repositories. Risk mitigation in digital library web repositories involves the application of ISO/IEC 27001, 27002 standards, which results in specific risk mitigation actions. For example, universities should create policies to monitor information technology assets, ensuring regular monitoring to protect technology assets. In addition, for Database Management System (DBMS) management (e.g., MySQL, PostgreSQL, Oracle, Ms SQL Server), colleges must facilitate easy access and storage of information. By implementing the recommendations obtained from this research, higher education institutions can ensure safe environment for users accessing digital library web repositories, thereby reducing concerns about the security of their information.