Designing a Cybersecurity Risk Assessment Framework for Local Government Web-Based Applications

Administrators of e-government (SPBE) applications must prepare to manage cybersecurity risks to limit the impact of the growing number of cyber attacks on the government sector. The government has established regulations regarding SPBE risk management guidelines that need to be implemented by central and local governments. However, X District Government experienced difficulties, especially in risk assessment activities, when implementing these guidelines in the context of cyber security risks for applications. This research aims to design a risk assessment framework that is suitable for use in the context of cybersecurity risks in applications by considering the limitation of X District Government. The designed framework was tested on application Z belonging to the X District Government. Several approaches are used to carry out risk assessments, including CVSS, CAPEC, and the use of asset sensitivity forms to determine risk sensitivity. The test was performed successfully and obtained 13 high-risk categories, 7 medium-risk categories, and 1 low-risk category.