Risk Assessment of Inventory Information Systems Using NIST SP 800-30 at PT XYZ

Authors

DOI:

https://doi.org/10.31294/infortech.v8i1.12750

Keywords:

Cybersecurity Risk Assessment, NIST SP 800-30, Inventory System, Risk Management, Automotive Dealership

Abstract

Inventory information systems are vital for automotive dealership operations, but their web-based implementation increases exposure to cybersecurity risks that can disrupt stock management and business continuity. This study aims to identify and evaluate cybersecurity risks in PT XYZ Bandung’s inventory information system using the NIST Special Publication 800-30 Revision 1 framework. A descriptive quantitative approach with a case study method was employed, collecting data through observation, interviews, documentation review, and questionnaires from 20 respondents. The 9-step NIST SP 800-30 process was applied to characterize the system, identify threats and vulnerabilities, assess likelihood and impact, and determine risk levels using the formula Risk = Likelihood × Impact. The results show that PT XYZ faces 4 high-level risks with a score of 9: unauthorized access, stock manipulation, human error, and system downtime. Three medium-level risks were also identified: data loss, malware/ransomware, and DoS/DDoS attacks. Major vulnerabilities include weak passwords, absence of audit logs, inadequate backup, unpatched systems, lack of training, and no server redundancy. Recommended controls include OpenVPN with multi-factor authentication, audit logging, role-based access control, automated backup, regular updates, cybersecurity training, and server redundancy. This study confirms that NIST SP 800-30 provides a structured and practical method for SMEs to assess and prioritize cybersecurity risks, offering actionable recommendations to improve data confidentiality, integrity, and availability at PT XYZ Bandung.

Downloads

Published

2026-06-22

Issue

Section

Articles