Analisis Sistem E-Learning Berbasis ISO 27005:2018 Menggunakan Algoritma Klasifikasi Random Forest

Authors

  • Deden Hidayat Universitas Sebelas April

DOI:

https://doi.org/10.34010/jati.v15i2.16173

Keywords:

ISO 27005:2018, Keamanan Siber, Random Forest

Abstract

Peningkatan penggunaan sistem e-learning dalam dunia pendidikan memberikan kemudahan akses dan fleksibilitas, tetapi juga menimbulkan risiko baru terkait keamanan informasi digital. Ketergantungan pada sistem digital menjadikan e-learning rentan terhadap serangan siber, seperti phishing, malware, insider threat, dan DoS/DDoS, yang dapat mengancam kerahasiaan, integritas, dan ketersediaan data. Penelitian ini bertujuan untuk mengidentifikasi dan mengevaluasi risiko keamanan siber pada sistem e-learning dengan mengintegrasikan manajemen risiko berbasis ISO 27005:2018 dan algoritma klasifikasi Random Forest. Data yang digunakan adalah English Classroom Security Threats Dataset yang berisi 10.000 data insiden simulasi ancaman siber pada lingkungan kelas digital. Metode penelitian meliputi analisis distribusi jenis ancaman, analisis korelasi antar fitur, visualisasi data, serta pelatihan model klasifikasi untuk mendeteksi jenis ancaman. Hasil penelitian menunjukkan bahwa phishing merupakan ancaman terbanyak (35%), diikuti malware (34%), insider threat (15%), social engineering (11%), dan DoS/DDoS (5%). Model Random Forest yang dibangun mampu mencapai akurasi prediksi 100% pada data uji, dengan Response_Time sebagai fitur paling berpengaruh (35%), diikuti Access_Attempt (22%). Temuan ini membuktikan bahwa integrasi ISO 27005:2018 dan machine learning efektif dalam mendukung identifikasi ancaman dan perancangan kebijakan mitigasi risiko pada sistem e-learning.

Downloads

Download data is not yet available.

References

[1] P. Sharma, K. Agarwal, and P. Chaudhary, “E-Learning Platform Security Issues and Their Prevention Techniques: A Review,” International Journal of Advanced Scientific Research and Engineering Trends, vol. 6, no. 8, pp. 51–59, 2021, doi: 10.51319/2456-0774.2021.8.0006.

[2] S. Meitarice, L. Febyana, A. Fitriansyah, and R. Kurniawan, “Risk Management Analysis of Information Security in an Academic Information System at a Public University in Indonesia: Implementation of ISO/IEC 27005:2018 and ISO/IEC 27001:2013 Security Controls,” Jurnal Teknologi dan Ilmu Komputer dan Sistem, vol. 2, no. July, pp. 58–75, 2024, doi: 10.30996/jitcs.12099.

[3] S. Yuan and X. Wu, “Deep learning for insider threat detection: Review, challenges and opportunities,” Computers and Security, vol. 104, pp. 1–30, 2021, doi: 10.1016/j.cose.2021.102221.

[4] F. Whitelaw, J. Riley, and N. Elmrabit, “A Review of the Insider Threat, a Practitioner Perspective Within the U.K. Financial Services,” IEEE Access, vol. 12, no. March, pp. 34752–34768, 2024, doi: 10.1109/ACCESS.2024.3373265.

[5] S. Salloum, T. Gaber, S. Vadera, and K. Shaalan, “Phishing Email Detection Using Natural Language Processing Techniques: A Literature Survey,” Procedia CIRP, vol. 189, no. 2019, pp. 19–28, 2021, doi: 10.1016/j.procs.2021.05.077.

[6] B. Sohail et al., “Macro Based Malware Detection System,” Turkish Journal of Computer and Mathematics Education, vol. 12, no. 3, pp. 5776–5787, 2021, doi: 10.17762/turcomat.v12i3.2254.

[7] A. Kamenskih, “The Analysis of Security and Privacy Risks in Smart Education Environments,” Journal of Smart Cities and Society, vol. 1, no. 1, pp. 17–29, 2022, doi: 10.3233/scs-210114.

[8] H. F. Sapanca and S. Kanbul, “Risk Management in Digitalized Educational Environments: Teachers’ Information Security Awareness Levels,” Frontiers in Psychology, vol. 13, no. September, pp. 1–11, 2022, doi: 10.3389/fpsyg.2022.986561.

[9] A. Yeboah-Ofori et al., “Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security,” IEEE Access, vol. 9, pp. 94318–94337, 2021, doi: 10.1109/ACCESS.2021.3087109.

[10] W. G. Alheadary, “Towards Development of a Security Risk Assessment Model for Saudi Arabian Business Environment Based on the ISO/IEC 27005 ISRM Standard,” Journal of Information Security, vol. 14, no. 03, pp. 195–211, 2023, doi: 10.4236/jis.2023.143012.

[11] H. Taherdoost, “Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview,” Electronics, vol. 11, no. 14, 2022, doi: 10.3390/electronics11142181.

[12] M. Ahsan, R. Gomes, M. M. Chowdhury, and K. E. Nygard, “Enhancing Machine Learning Prediction in Cybersecurity Using Dynamic Feature Selector,” Journal of Cybersecurity and Privacy, vol. 1, no. 1, pp. 199–218, 2021, doi: 10.3390/jcp1010011.

[13] G. B. Gaggero, A. Armellin, G. Portomauro, and M. Marchese, “Industrial Control System-Anomaly Detection Dataset (ICS-ADD) for Cyber-Physical Security Monitoring in Smart Industry Environments,” IEEE Access, vol. 12, no. April, pp. 64140–64149, 2024, doi: 10.1109/ACCESS.2024.3395991.

[14] W. Villegas-Ch, I. Ortiz-Garces, and S. Sánchez-Viteri, “Proposal for an Implementation Guide for a Computer Security Incident Response Team on a University Campus,” Computers, vol. 10, no. 8, pp. 1–23, 2021, doi: 10.3390/computers10080102.

[15] M. Kalinin, V. Krundyshev, and P. Zegzhda, “Cybersecurity Risk Assessment in Smart City Infrastructures,” Machines, vol. 9, no. 4, 2021, doi: 10.3390/machines9040078.

[16] A. A. Permana et al., Machine Learning, vol. 45, no. 13, 2023. [Online]. Available: https://books.google.ca/books?id=EoYBngEACAAJ.

[17] Hanafi, Dasar Cyber Security dan Forensic, p. 236, 2022. [Online]. Available: https://eprints.amikom.ac.id/id/eprint/10688/.

[18] N. J. Nilsson, Introduction to Machine Learning, 2022, doi: 10.1007/978-3-031-03841-9_1.

[19] R. P. Ahmad Fauzi, Ade Setiawan, Andika Bayu Hasta, and Andry Maulana, Introduction Cyber Security, vol. 11, no. 1, ELMARKAZI, 2022. [Online]. Available: http://scioteca.caf.com/bitstream/handle/123456789/1091/RED2017-Eng-8ene.pdf. [Accessed: 14-Jun-2025].

[20] Ziya, “Classroom Data Security Threats Dataset,” Kaggle, Dataset, May 2025. [Online]. Available: https://www.kaggle.com/datasets/ziya07/classroom-data-security-threats-dataset. [Accessed: 14-Jun-2025].

[21] T. Tan, H. Sama, G. Wijaya, and O. E. Aboagye, “Studi Perbandingan Deteksi Intrusi Jaringan Menggunakan Machine Learning: (Metode SVM dan ANN),” Jurnal Teknologi dan Informasi, vol. 13, no. 2, pp. 152–164, 2023, doi: 10.34010/jati.v13i2.10484.

[22] A. A. Mortara, M. Permatasari, A. Desiani, Y. Andriani, and M. Arhami, “Perbandingan Algoritma C4.5 dan Adaptive Boosting dalam Klasifikasi Penyakit Alzheimer,” Jurnal Teknologi dan Informasi, vol. 13, no. 2, pp. 196–207, 2023, doi: 10.34010/jati.v13i2.10525.

Downloads

Published

2025-09-01

Issue

Vol. 15 No. 2 (2025): Jurnal Teknologi dan Informasi (JATI)

Section

Article

License

Copyright (c) 2025 Jurnal Teknologi dan Informasi

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Lisensi Creative Commons
Ciptaan disebarluaskan di bawah Lisensi Creative Commons Atribusi-BerbagiSerupa 4.0 Internasional.

How to Cite

[1]
“Analisis Sistem E-Learning Berbasis ISO 27005:2018 Menggunakan Algoritma Klasifikasi Random Forest”, JATI, vol. 15, no. 2, pp. 110–120, Sep. 2025, doi: 10.34010/jati.v15i2.16173.