<![CDATA[The problem of information security vulnerability and threat risks is increasing, so it is necessary to be able to analyze the risk situation of future information security threats and vulnerabilities, especially for application services of a community organization. Research on the application of information security risk analysis based on the ISO/IEC 27005: 2022 framework in an organization's service applications. ISO/IEC 27005: 2022 is an international standard used for guidelines for implementing the most effective information security risk analysis process compared to other information security risk assessment method frameworks. The results of the assessment are to measure the level of information security risk of an organization's service application so that it can be used as material for improvements in carrying out information security prevention and control measures so that vulnerability gaps and threats of information security attacks can be reduced. The results of this study can describe the risk value in the organization's service application with 3 high-risk categories, namely in financial transaction data (risk value 20), customer database (risk value 16), and server configuration (risk value 15). And medium risk values are found in public APIs (risk value 12) and internal report data (risk value 6).]]>
Copyrights © 2025
