A Case Study on Risk Management Implementation in the STNKGO Application Based on the NIST Framework

Authors

  • Faza Nurfai'zi Universitas Widyatama
  • Leodry Bagus Sugiarso Universitas Widyatama
  • Muchamad Rusdan Universitas Teknologi Bandung

DOI:

https://doi.org/10.33197/justinfo.v2i2.2534

Keywords:

Risk Management, Mobile Application, NIST Framework, Web Application, Information Security

Abstract

This research focuses on assessing and managing information technology risks in the STNKGO application, an online platform for payment and delivery of Vehicle Registration Certificates (STNK). Using the NIST SP 800-30 Revision 1 framework, the study systematically identifies, evaluates, and mitigates risks related to the application's operations. The assessment begins with identifying critical IT assets, including user data, vehicle registration records, transaction details, delivery information, and system software. Potential threats—such as cyberattacks, unauthorized access, and malware—are then analyzed alongside existing system vulnerabilities that could be exploited. Each risk is evaluated based on its likelihood and potential impact, allowing for classification by severity level. The study further examines current control measures and suggests enhancements, especially for mitigating high-risk scenarios involving cybersecurity threats. The findings highlight the necessity of implementing stronger data protection, enhancing system resilience, and reinforcing preventive controls. Applying the NIST SP 800-30 Revision 1 framework enables STNKGO to develop a structured and effective risk management strategy, ensuring improved security, reduced vulnerabilities, and greater continuity of services. This research contributes to the growing body of knowledge on IT risk management for digital public services, offering practical insights for enhancing the safety and reliability of online applications handling sensitive data and transactions.

References

Marbun, N. W., Iz, F. A., Ramadhan, M., Kogoya, L. J. H., Nugraha, L. F., & Nugraha, U. (2024). Payment and Transaction Risk Management at Coffeeshop X Using NIST 800-30 Framework. JUSTINFO | Jurnal Sistem Informasi Dan Teknologi Informasi, 1(2), 135–146. https://doi.org/10.33197/justinfo.vol1.iss2.2023.1745

Septiawan, M. A., Dermawan, A., Nur, A., Phasya, A., Adipermana, A. A., & Nugraha, U. (2024). Risk Management of Outdoor Equipment Rental Information System Using NIST SP 800-30 Framework at PT. XYZ. Sistem Informasi Dan Teknologi Informasi, 2(1). https://doi.org/10.33197/justinfo.v2i1.1743

Ahlul, Aziz., Sri, Wulandari. (2024). Advancing Business Services Through Web and Mobile Application Development. Jurnal Electric Electronic Communication Control Information System, doi: 10.21776/jeeccis.v17i3.1657

Sergio, Sánchez‐Fernández., E., Lasa., S., Terrados., Francisco, Javier, Sola-Martínez., Sara, Martínez-Molina., Marta, López, de, Calle., Paula, Cabrera‐Freitag., María, José, Goikoetxea. (2023). Mobile/web application for monitoring food oral immunotherapy in children (Preprint). doi: 10.2196/preprints.54163

Avner, Aronov. (2023). Development of mobile and web applications in the context of ukraine's digital transformation on the example of diia. Telekomunìkacìjnì ta ìnformacìjnì tehnologìï, 81(4) doi: 10.31673/2412-4338.2023.041213

Abdul, Razak, Rahmat., Jasmin, Mohamed, Jamil., Baharudin, Osman., Shukree, bin, Osman. (2024). Commercialised durian plantation: development and design of web and mobile application. doi: 10.32890/jdsd2024.2.1.7

Alma, Iftina, Azzahra, Ain., Awalludiyah, Ambarwati., Lukman, Junaedi. (2022). Analisis Manajemen Risiko Teknologi Informasi dan Keamanan Aset Dengan Menggunakan Nist Sp 800-30 Revisi 1. Jurnal Ilmu Komputer dan Bisnis, 13(2a):155-165. doi: 10.47927/jikb.v13i2a.403

Benfano, Soewito. (2023). Integrated Methodology for Information Security Risk Management using ISO 27005:2018 and NIST SP 800-30 for Insurance Sector. International Journal of Advanced Computer Science and Applications, 14(4) doi: 10.14569/ijacsa.2023.0140468

Sindi, Aprianti., Renny, Puspita, Sari., Ibnur, Rusi. (2023). Manajemen Risiko Keamanan Simbada Menggunakan Metode NIST SP 800-30 Revisi 1 dan Kontrol ISO/IEC 27001:2013. Jurnal Buana Informatika, doi: 10.24002/jbi.v14i01.7043

Megawati, Megawati., Siti, Rosnawati. (2022). Penilaian risiko jaringan komputer menggunakan framework nist sp 800-30 revisi 1 pada smk muhmmadiyah 2 pekanbaru. Jurnal ilmiah rekayasa dan manajemen sistem informasi, 8(2):189-189. doi: 10.24014/rmsi.v8i2.19115

Downloads

Published

15-07-2025

How to Cite

Nurfai’zi, F., Sugiarso, L. B., & Rusdan, M. (2025). A Case Study on Risk Management Implementation in the STNKGO Application Based on the NIST Framework. Jurnal Sistem Informasi Dan Teknologi Informasi, 2(2), 168–180. https://doi.org/10.33197/justinfo.v2i2.2534

Issue

Vol. 2 No. 2 (2024): June 2025

Section

Articles

License

Copyright (c) 2025 Jurnal Sistem Informasi dan Teknologi Informasi

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Similar Articles

1 2 > >> 

You may also start an advanced similarity search for this article.