Information Systems Security Risk Management Using the COBIT 2019 Framework and NIST 800-30 on the Website People's Representative Council NTB

Abstract

This research analyzes information security risk management on the website of the Regional People's Representative Council (DPRD) of West Nusa Tenggara (NTB) using the COBIT 2019 and NIST 800-30 frameworks. The main objective of this research is to identify weaknesses in existing security controls and provide recommendations for improvements to deal with cyber threats, specifically DDoS, cross-site scripting (XSS), deface, and SQL injection attacks, which can disrupt service availability and data security. The research methods included interviews with five key stakeholders who have responsibilities in information security, as well as the distribution of questionnaires to ten IT staff. Data from the interviews and questionnaires were analyzed using risk mapping according to the COBIT 2019 framework and NIST 800-30 to identify capability gaps. The results showed specific weaknesses in the management of controls against XSS and DDoS threats, especially in the aspects of monitoring and incident response. The research conclusions emphasize the need to improve risk management through the addition of more up-to-date security technology, increased security awareness and training for staff, and regular security audits to ensure the sustainability of risk management. Recommendations include the implementation of a more sophisticated threat detection system, periodic training for staff, and a more structured incident response procedure to improve security and ensure continuity of public services through the DPRD NTB website.