PENTESTING BASED RISK ASSESSMENT USING OCTAVE ALLEGRO APPROACH IN EDUCATIONAL INSTITUTION CLOUD SYSTEMS
In the rapidly evolving digital era, educational institutions have become key components in technological transformation, where cloud systems serve as the backbone for storing critical data, managing academic systems, and providing online education services. As information has become a highly ass...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/86563 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | In the rapidly evolving digital era, educational institutions have become key
components in technological transformation, where cloud systems serve as the
backbone for storing critical data, managing academic systems, and providing
online education services. As information has become a highly asset, securing
cloud systems is essential to maintain data integrity and confidentiality, especially
considering rising cyber threats such as hacking and data breaches. This research
proposes the integration of the OCTAVE Allegro (OA) approach with findings from
penetration testing (pentesting) activities as a method for evaluating information
security in educational institutions cloud systems. Through greybox pentesting, this
study identifies existing vulnerabilities, while the OA framework is used to analyze
risks in greater depth, involving interviews with relevant personnel to gain a
comprehensive view of information security. The eight-step OA methodology is
applied to assess scenarios impacting the confidentiality, integrity, and availability
of data in the cloud. The evaluation results reveal that the cloud-integrated LMS
system at Institution X contains several critical vulnerabilities. Based on these
identified vulnerabilities, mitigation strategies were developed to reduce the
identified risks, thereby strengthening Institution X's information security posture
against increasingly complex cyber threats in the modern era. |
|---|