Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Jurnal Teknik Informatika dan Teknologi Informasi
Excelcis Novan Solomasi G
Universitas Bina Sarana Informatika
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Pelanggaran Keamanan Sistem Komputer: (Studi Kasus Unauthorized Access dan Dampaknya terhadap Privasi Data) Hana Khairunnas; Amelia Rachma Dita; Nuruzzahra Syaputri; Siti Zulaeha; Excelcis Novan Solomasi G; Yunita Yunita
Jurnal Teknik Informatika dan Teknologi Informasi Vol. 5 No. 3 (2025): Desember: Jurnal Teknik Informatika dan Teknologi Informasi
Publisher : Lembaga Pengembangan Kinerja Dosen

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.55606/jutiti.v5i3.6290

Abstract

Unauthorized access incidents often occur stealthily, with password spraying attacks resulting in the misuse of legitimate credentials. This study reconstructs a real-world incident using system logs from Identity Provider/Single Sign-On (IdP/SSO), Security Information and Event Management/Endpoint Detection and Response (SIEM/EDR), and application-level sources. The attack techniques were mapped to the MITRE ATT&CK framework, focusing on T1110 (Brute Force) and T1078 (Valid Accounts). A Data Protection Impact Assessment (DPIA) was conducted based on the Indonesian Personal Data Protection Law (Law No. 27 of 2022), complemented by a gap assessment against ISO/IEC 27001 and 27002 controls. The results show that the attackā€™s success was driven by incomplete Multi-Factor Authentication (MFA) deployment, the continued use of legacy/basic authentication, weak adaptive rate-limiting and lockout mechanisms, and a monitoring system limited to alert-only functions. The DPIA identified exposure of thousands of personal data records with medium-to-high privacy risks, particularly concerning confidentiality breaches and identity impersonation, necessitating possible notification to authorities and affected data subjects. The study recommends enforcing MFA across all access channels, disabling legacy authentication, implementing risk-based or step-up authentication, activating automatic blocking for password spraying and impossible travel anomalies, extending DPIA coverage during control changes, and updating the Statement of Applicability to reflect modern security controls. Strengthening identity protection and adopting preventive monitoring are shown to significantly reduce privacy risks while easing compliance obligations.
Co-Authors Amelia Rachma Dita Hana Khairunnas Nuruzzahra Syaputri Siti Zulaeha Yunita Yunita