A Systematic Literature Review: Implementation of IT Risk Management Using the NIST Framework in Education
DOI:
https://doi.org/10.33197/justinfo.v3i1.3212Keywords:
IT risk management, NIST SP 800-30, Systematic Literature Review, Educational Technology, CybersecurityAbstract
The rapid advancement of information technology (IT) has significantly transformed various industries, including education, through the implementation of information systems that streamline student admissions, pedagogy, and institutional administration. However, this digital evolution introduces critical data security risks. Effective IT risk management is therefore essential to safeguard sensitive data and prevent operational disruptions within educational institutions. One of the most prominent frameworks for this purpose is NIST Special Publication 800-30, which provides systematic guidance for identifying and assessing IT-related risks. The NIST framework assists educational institutions in identifying potential threats and vulnerabilities while establishing robust mitigation strategies. While the framework possesses immense potential to elevate IT risk awareness, its implementation in the education sector remains hindered by resource constraints, varying levels of IT literacy, and regulatory complexities. This research employs the Systematic Literature Review (SLR) method to analyze the implementation of the NIST framework in managing IT risks within the education sector. This methodology enables the identification and evaluation of relevant research findings regarding both the successes and challenges associated with the framework's adoption. Through a comprehensive literature analysis, this study offers strategic insights and recommendations to enhance the effectiveness of the NIST framework within technology-driven educational environments.
References
[1] K. MacFarland, “Re: Response to National Institute of Standards and Technology (NIST) Request for Information on Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management,” 2022. [Online]. Available: https://api.semanticscholar.org/CorpusID:249271963
[2] F. Faizal, “PERANCANGAN TATA KELOLA TEKNOLOGI INFORMASI DI POLITEKNIK LAMANDAU MENGGUNAKAN FRAMEWORK COBIT 5,” Jurnal Informatika Polinema, vol. 8, no. 1, pp. 1–8, Nov. 2021, doi: 10.33795/jip.v8i1.610.
[3] M. Mukherjee, N. T. Le, Y.-W. Chow, and W. Susilo, “Strategic Approaches to Cybersecurity Learning: A Study of Educational Models and Outcomes,” Information, vol. 15, no. 2, p. 117, Feb. 2024, doi: 10.3390/info15020117.
[4] A. I. A. Ain, A. Ambarwati, and L. Junaedi, “Analisis Manajemen Risiko Teknologi Informasi dan Keamanan Aset Dengan Menggunakan Nist Sp 800-30 Revisi 1,” Jurnal Ilmu Komputer dan Bisnis, vol. 13, no. 2a, pp. 155–165, Dec. 2022, doi: 10.47927/jikb.v13i2a.403.
[5] A. A. Arifnur, H. Heryanto, and Y. Megasyah, “Manajemen Risiko Sistem Informasi Pengarsipan menggunakan NIST SP 800-30 pada Kopertis Wilayah IV Bandung,” Jurnal Nasional Teknologi dan Sistem Informasi, vol. 9, no. 2, pp. 208–217, Sep. 2023, doi: 10.25077/TEKNOSI.v9i2.2023.208-217.
[6] A. Mutiarachim, A. Putra Ramdani, A. Zubair, and Y. Maritza, “Manajemen Risiko Digital untuk Keamanan Siber yang Lebih Kuat di Era Industri 4.0-Systematic Literature Review,” 2025. [Online]. Available: https://jurnal2.untagsmg.ac.id/index.php/DBIJ
[7] B. Tjahjono, M. Ardiansyah, G. Firmansyah, and H. Akbar, “Risk Management Of Information System In Diskominfo Statistic And Encoding Using NIST SP 800-30,” JITK (Jurnal Ilmu Pengetahuan dan Teknologi Komputer), vol. 9, no. 1, pp. 134–142, 2023.
[8] A. M. Amine, E. M. Chakir, T. Issam, and Y. I. Khamlichi, “A Review of Cybersecurity Management Standards Applied in Higher Education Institutions,” International Journal of Safety and Security Engineering, vol. 13, no. 6, pp. 1109–1116, Dec. 2023, doi: 10.18280/ijsse.130614.
[9] C. E. Bondoc and T. G. Malawit, “Cybersecurity for higher education institutions: adopting regulatory framework,” Global Journal of Engineering and Technology Advances, 2020, [Online]. Available: https://api.semanticscholar.org/CorpusID:216276753
[10] T. Y. Khaw and A. P. Teoh, “Risk management in higher education research: a systematic literature review,” Quality Assurance in Education, 2022, [Online]. Available: https://api.semanticscholar.org/CorpusID:251689982
[11] A. E. S. Setyadji et al., “CAUSES OF INEFFECTIVE IMPLEMENTATION OF IT GOVERNANCE IN RISK MANAGEMENT: A SYSTEMATIC LITERATURE REVIEW,” JIKO (Jurnal Informatika dan Komputer), vol. 6, no. 2, Aug. 2023, doi: 10.33387/jiko.v6i2.6182.
[12] M. H. Fadhillah, “Risk Mitigation of Academic Information System in XYZ University,” Jurnal Sistem Informasi, Manajemen, dan Akuntansi (SIMAK) , 2024, doi: 10.35129/simak.v22i01.480.
[13] U. Nugraha and R. Istambul, “Implementation of ISO 31000 for Information Technology Risk Management in the Government Environment,” 2019. [Online]. Available: www.ijicc.net
[14] J. V. Barraza de la Paz, L. A. Rodríguez-Picón, V. Morales-Rocha, and S. V. Torres-Argüelles, “A Systematic Review of Risk Management Methodologies for Complex Organizations in Industry 4.0 and 5.0,” Systems, vol. 11, no. 5, p. 218, Apr. 2023, doi: 10.3390/systems11050218.
[15] “Systematic Literature Review,” in Encyclopedia of Public Health, Dordrecht: Springer Netherlands, 2008, pp. 1376–1376. doi: 10.1007/978-1-4020-5614-7_3433.
[16] F. Z. Nisa’, G. D. Febrianti, and N. N. Ajrina, “Systematic Literature Review: Analisis Implementasi Manajemen Risiko TI Menggunakan Framework COBIT di Sektor Industri Jasa,” Bulletin of Computer Science Research, vol. 4, no. 1, pp. 66–74, Dec. 2023, doi: 10.47065/bulletincsr.v4i1.313.
[17] B. Belmoukari, J.-F. Audy, and P. Forget, “Smart port: a systematic literature review,” European Transport Research Review, vol. 15, no. 1, p. 4, Mar. 2023, doi: 10.1186/s12544-023-00581-6.
[18] R. Farismana and D. Pramadhana, “Risk Management in Final Semester Exam Information System Using NIST 800-30 Method (Case Study of SMKN 2 Baleendah),” Jurnal Ilmu Komputer An Nuur, vol. 2, 2022.
[19] N. Addinillah and F. Sulianta, “ANALISIS MANAJEMEN RISIKO MENGGUNAKAN METODE NIST 800-30 PADA LAB KOMPUTER SEKOLAH (Studi Kasus: SMP Negeri 1 Ciniru),” Jan. 2024.
[20] M. A. Septiawan, A. Dermawan, A. Nur, A. Phasya, A. A. Adipermana, and U. Nugraha, “Risk Management of Outdoor Equipment Rental Information System Using NIST SP 800-30 Framework at PT. XYZ,” Sistem Informasi dan Teknologi Informasi, vol. 2, no. 1, 2024, doi: 10.33197/justinfo.v2i1.1743.
[21] N. W. Marbun, F. A. Iz, M. Ramadhan, L. J. H. Kogoya, L. F. Nugraha, and U. Nugraha, “Payment and Transaction Risk Management at Coffeeshop X Using NIST 800-30 Framework,” JUSTINFO | Jurnal Sistem Informasi dan Teknologi Informasi, vol. 1, no. 2, pp. 135–146, Jun. 2024, doi: 10.33197/justinfo.vol1.iss2.2023.1745.
[22] A. A. Arifnur, H. Heryanto, and Y. Megasyah, “Manajemen Risiko Sistem Informasi Pengarsipan menggunakan NIST SP 800-30 pada Kopertis Wilayah IV Bandung,” Jurnal Nasional Teknologi dan Sistem Informasi, vol. 9, no. 2, pp. 208–217, Sep. 2023, doi: 10.25077/teknosi.v9i2.2023.208-217.
[23] I. E. Nurdin and B. Soewito, “DEVELOPMENT OF AN INTEGRATED IT RISK MANAGEMENT FRAMEWORK FOR ELECTRONIC-BASED GOVERNMENT SYSTEMS: A CASE STUDY OF THE XYZ MINISTRY,” 2024.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Jurnal Sistem Informasi dan Teknologi Informasi
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
