<![CDATA[Information technology (IT) plays a critical role in supporting operations and decision-making in higher education institutions. At Universitas Teknologi Bandung (UTB), reliance on IT systems for academic administration, online learning, and data management has increased the risk of security incidents such as clickjacking, unrestricted file uploads, cross-site scripting (XSS), misconfiguration, excessive data exposure, and server downtime. This study applies the ISO 31000:2018 risk management framework to systematically identify, assess, and analyze IT security risks in UTB’s information systems. Using a 5x5 risk matrix, risks were evaluated based on probability and impact, revealing that moderate risks dominate, primarily from clickjacking, XSS, unrestricted file upload, and server downtime incidents, while misconfiguration and excessive data exposure represent low-level risks requiring ongoing monitoring. Common causes include weak input/output validation, insecure system configurations, and inadequate access controls and data sanitization. Proposed mitigation efforts focus on rigorous source code review before publication, regular penetration testing every 3 to 6 months, and increased awareness of security policies and potential incidents. The findings aim to enhance IT risk management practices at UTB, contributing to stronger governance and the protection of institutional data amid growing digital transformation.]]>
Copyrights © 2025
