<![CDATA[— Digital transformation in the education sector requires institutions to adopt web-based information systems that serve as the backbone of academic and administrative operations. While these platforms improve efficiency and accessibility, they also introduce a growing number of cyber threats that may compromise the confidentiality, integrity, and availability of institutional data. This study seeks to identify, analyze, and prioritize information security risks associated with web-based systems at SMKN 7 Tangerang Regency. The research adopts the NIST SP 800-30 framework as the methodological foundation for risk assessment, ensuring a systematic and comprehensive evaluation process. A quantitative approach was implemented by distributing questionnaires to key stakeholders, including administrators, IT staff, and teachers, in order to capture diverse perspectives on vulnerabilities and threats. The results revealed 15 significant risk factors spanning governance, operational, and technical domains. Among these, the absence of a formal information security policy, the lack of data encryption mechanisms, and the absence of continuous monitoring systems were identified as the highest-priority risks, each reaching a risk score of 12. To address these challenges, the study recommends the development of structured mitigation strategies, such as formulating security policies, implementing encryption protocols, and establishing proactive monitoring tools. The contribution of this research lies in producing a scalable risk assessment model that can be applied to other educational institutions. By doing so, it provides practical guidance for decision-makers and educators in creating a more secure, resilient, and trustworthy digital learning environment.]]>
