Security Risk Evaluation of Licensing System Using NIST SP 800-30 Framework and Maturity Level with CMMI

Abstract

The use of information and communication technology in the field of government is an important thing to support an electronic-based government system or what is commonly called e-government. Responding to the instruction, the Investment and Integrated One-Stop Service Office (DPMPTSP) of Badung Regency in carrying out its duties and responsibilities utilizes the application of information technology by using web-based and mobile applications. The service system is called licensing services or abbreviated as laperon. This study uses the NIST SP 800-30 framework in evaluating risks in the four systems and uses the CMMI framework to determine the maturity level. The results of the risk identification show that the licensing service information system has 4 high-level risks, 12 medium-level risks and 29 low-level risks. The results of the maturity level assessment questionnaire show that the licensing service system has a maturity level gap of 1. Recommendations are given to minimize the identified risk threats and achieve the expected maturity level based on the NIST SP 800-53 revision 4 guidelines.