TY - GEN
T1 - Security Evaluation of Insurance Portal Agency Information System Based on ISO/IEC 25010 Quality Standard Utilizing OWASP ZAP
AU - Fadilah, Muhammad Darmawan
AU - Rochimah, Siti
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Information System, like insurance agency portals, bring substantial benefits for user and the company but also pose security risks due to the sensitive data they handle. Addressing these risks through regular security evaluations and enhancements is crucial to prevent potential financial, reputational, and legal consequences. This research focuses on security measurement in two versions of the agency portal: the old and the new. Both serving the same purpose but differing in technology and infrastructure. Employing the ISO 25010 security standard, tools like OWASP ZAP are used alongside manual testing to assess each ISO 25010 characteristic and subsequently evaluate both portals. The objective is to suggest security enhancements and draw comparisons between the two. The testing of ISO 25010 is segmented into several phases: identifying security characteristics, establishing measurements, assessing security on two application portals, conducting evaluations and comparisons, and providing recommendations. Testing revealed that the older portal outperforms the newer version in confidentiality and integrity, despite the latter's advanced technology. However, the new portal excels in authentication, and both applications demonstrate high scores in accountability. Both portals need to enhance the non-repudiation characteristic, given the absence of digital signatures. Based on the analysis, additional recommendations are made to improve the security of both applications.
AB - Information System, like insurance agency portals, bring substantial benefits for user and the company but also pose security risks due to the sensitive data they handle. Addressing these risks through regular security evaluations and enhancements is crucial to prevent potential financial, reputational, and legal consequences. This research focuses on security measurement in two versions of the agency portal: the old and the new. Both serving the same purpose but differing in technology and infrastructure. Employing the ISO 25010 security standard, tools like OWASP ZAP are used alongside manual testing to assess each ISO 25010 characteristic and subsequently evaluate both portals. The objective is to suggest security enhancements and draw comparisons between the two. The testing of ISO 25010 is segmented into several phases: identifying security characteristics, establishing measurements, assessing security on two application portals, conducting evaluations and comparisons, and providing recommendations. Testing revealed that the older portal outperforms the newer version in confidentiality and integrity, despite the latter's advanced technology. However, the new portal excels in authentication, and both applications demonstrate high scores in accountability. Both portals need to enhance the non-repudiation characteristic, given the absence of digital signatures. Based on the analysis, additional recommendations are made to improve the security of both applications.
KW - Comparison
KW - ISO 25010
KW - Information System
KW - OWASP ZAP
KW - Security Measurement
UR - http://www.scopus.com/inward/record.url?scp=85186748476&partnerID=8YFLogxK
U2 - 10.1109/ICICyTA60173.2023.10428701
DO - 10.1109/ICICyTA60173.2023.10428701
M3 - Conference contribution
AN - SCOPUS:85186748476
T3 - 2023 3rd International Conference on Intelligent Cybernetics Technology and Applications, ICICyTA 2023
SP - 352
EP - 357
BT - 2023 3rd International Conference on Intelligent Cybernetics Technology and Applications, ICICyTA 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd International Conference on Intelligent Cybernetics Technology and Applications, ICICyTA 2023
Y2 - 13 December 2023 through 15 December 2023
ER -