NIST Cyber Security Framework Development for Website Information Collection
DOI:
https://doi.org/10.32493/jtsi.v7i3.41541Keywords:
Security; website; NIST; software; Hacking ThreatsAbstract
The rapid development of websites has made them one of the most important modern information media. However, this growth has also highlighted the critical need for robust website security to protect the data and information they contain. The website dobelhost.com was analyzed for security vulnerabilities, revealing several issues, including the absence of the X-Frame-Options header, the lack of an HTTP Strict Transport Security (HSTS) policy, the disclosure of server information through the X-Powered-By header, the absence of a Content Security Policy (CSP) to guard against XSS attacks, and the presence of mixed content. To address these vulnerabilities, the study employed a comprehensive method involving information gathering, implementing security headers, updating software and plugins, and enforcing HTTPS. The results demonstrated significant improvement, effectively resolving the identified vulnerabilities. This research provides a useful reference for the development or enhancement of similar websites, increasing awareness and vigilance against potential threats, and achieving better cyber resilience. The research has been completed successfully, demonstrating the effectiveness of the proposed method in resolving the identified security issues.
References
Alshar’e, Marwan. 2023. “Cyber Security Framework Selection: Comparision of Nist and Iso27001.” Applied Computing Journal 245–55. Doi: 10.52098/Acj.202364.
Balafif, Sabri. 2023. “Penyesuaian Model Ketahanan Siber Umkm Di Indonesia Dengan Nist Cybersecurity Framework.” 8(3).
Dwiyanto, Arif Rifai. 2023. “Prevalensi Penerapan Rfc 9116 Untuk Membantu Pengungkapan Kerentanan Keamanan Siber Di Perguruan Tinggi Indonesia.” 1(2). Doi: 10.38035/Jgit.V1i2.
Frayssinet Delgado, Maurice, Doris Esenarro, Francisco Fernando Juárez Regalado, And Mónica Díaz Reátegui. 2021. “Methodology Based on The Nist Cybersecurity Framework as A Proposal for Cybersecurity Management in Government Organizations.” 3c Tic: Cuadernos De Desarrollo Aplicados A Las Tic 10(2):123–41. Doi: 10.17993/3ctic.2021.102.123-141.
Garba, Adamu Abdullahi, Aliyu Musa Bade, Adamu A Garba, And Aliyu M. Bade. 2021. An Investigation on Recent Cyber Security Frameworks as Guidelines for Organizations Adoption. Vol. 6.
Hansen, Jerry, Tata Sutabri, Universitas Bina Darma Palembang, And Histori Artikel. 2023. “Mendesain Cyber Security Untuk Mencegah Serangan Ddos Pada Website Menggunakan Metode Captcha.” Digital Transformation Technology (Digitech) | E 3(1). Doi: 10.47709/Digitech.V3i1.2764.
Hardani, Muhammad Salmon, And Kalamullah Ramli. 2022. “Perancangan Manajemen Risiko Keamanan Sistem Informasi Manajemen Sumber Daya Dan Perangkat Pos Dan Informatika (Sims) Menggunakan Metode Nist 800-30.” Jurikom (Jurnal Riset Komputer) 9(3):591. Doi: 10.30865/Jurikom.V9i3.4181.
Ilmu Komputer, Jurnal, Sistem Informasi, And Teknik Informatika. 2024. Tinjauan Implementasi National Institute of Standards and Technology (Nist) Dalam Meningkatkan Keamanan Jaringan Dengan Cybersecurity Framework (Csf): Studi Kasus Smkn4 Bandar Lampung. Vol. 3.
Kwon, Roger, Travis Ashley, Jerry Castleberry, Penny Mckenzie, And Sri Nikhil Gupta Gourisetti. 2020. “Cyber Threat Dictionary Using Mitre Attck Matrix and Nist Cybersecurity Framework Mapping.” Pp. 106–12 In 2020 Resilience Week, Rws 2020. Institute Of Electrical and Electronics Engineers Inc.
Nassar, Ahmed, And Mostafa Kamal. 2021. Machine Learning and Big Data Analyticsf for Cybersecurity Threat Detection: A Holistic Review of Techniques and Case Studies.
Perpustakaan Daerah Provinsi Sumatera Selatan, Pada, Cristian Renaldi Simanjuntak, Syahreza Akbar Pratama, Guntoro Barovih, And Institut Teknologi Dan Bisnis Palcomtech. 2023. Remanajemen Jaringan Menggunakan Framework Nist Network Remanagement Using the Nist Framework ast The Regional Library of South Sumatra Province. Vol. 4.
Riadi, Imam. 2022. “Analisis Forensik Smartphone Android Menggunakan Metode Nist Dan Tool Mobiledit Forensic Express.”
Risiko, Manajemen, Serangan Siber, Tony Tan, And Benfano Soewito. 2022a. “Ciptaan Disebarluaskan Di Bawah Lisensi Creative Commons Atribusi 4.0 Internasional.” Journal Of Information System, Applied, Management, Accounting and Research 6(2):411–22. Doi: 10.52362/Jisamar.V6i2.781.
Risiko, Manajemen, Serangan Siber, Tony Tan, And Benfano Soewito. 2022. “Ciptaan Disebarluaskan Di Bawah Lisensi Creative Commons Atribusi 4.0 Internasional.” Journal Of Information System, Applied, Management, Accounting and Research 6(2):411–22. Doi: 10.52362/Jisamar.V6i2.781.
Suhartono, Didit, And Khairunnisak Nur Isnaini. 2021. “Strategi Recovery Plan Teknologi Informasi Di Perguruan Tinggi Menggunakan Framework Nist Sp 800-34.” Matrik: Jurnal Manajemen, Teknik Informatika Dan Rekayasa Komputer 20(2):261–72. Doi: 10.30812/Matrik.V20i2.1097.
Sulistyowati, Diah, Fitri Handayani, And Yohan Suryanto. N.D. Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using Nist Csf, Cobit, Iso/Iec 27002 And Pci Dss.
Surono Wibowo, Dega, Taufiq Abidin, Jurusan Teknik Informatika, Politeknik Harapan Bersama, And Jln Mataram No. 2024. “Pengumpulan Informasi Pada Situs Web Dengan Menyusun Kerangka Kerja Keamanan Siber Nist.” 9(1).
Syafrizal, Melwin, Siti Rahayu Selamat, And Nurul Azma Zakaria. 2020. Analysis of Cybersecurity Standard and Framework Components. Vol. 12.
Tissir, Najat, Said El Kafhali, And Noureddine Aboutabit. 2021. “Cybersecurity Management in Cloud Computing: Semantic Literature Review and Conceptual Framework Proposal.” Journal Of Reliable Intelligent Environments 7(2):69–84.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Firdan Rafi Nugroho, Fiby Nur Afiana, Adam Prayogo Kuncoro
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Jurnal Teknologi Sistem Informasi dan Aplikasi have CC BY-NC or an equivalent license as the optimal license for the publication, distribution, use, and reuse of scholarly work.
In developing strategy and setting priorities, Jurnal Teknologi Sistem Informasi dan Aplikasi recognize that free access is better than priced access, libre access is better than free access, and libre under CC BY-NC or the equivalent is better than libre under more restrictive open licenses. We should achieve what we can when we can. We should not delay achieving free in order to achieve libre, and we should not stop with free when we can achieve libre.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) License
YOU ARE FREE TO:
- Share - copy and redistribute the material in any medium or format
- Adapt - remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms
_2020_-_7(2)_2024_-_Thumbnail.png)
