ISO/IEC 27005-Based E-Learning Risk Management with Blockchain Architecture: A Case Study of Semarang University

  • Muhammad Nur Irfan Semarang University, Indonesia
  • Salwa Ramadhania Semarang University, Indonesia
  • Soiful Hadi Semarang University, Indonesia
  • Prind Triajeng Pungkasanti Semarang University, Indonesia
DOI: 10.51519/journalisi.v7i3.1265
Keywords: ISO/IEC-27005, information security, e-learning, risk management, blockchain

Abstract

This study aims to analyze information security risk management in the Semarang University E-Learning System using the ISO/IEC 27005 standard and to design a blockchain-based architecture as a conceptual strategy for improving data security. The implementation of blockchain in this study is limited only to the conceptual design stage, which serves as a risk mitigation framework without direct application to the system. The research method uses a Waterfall approach that includes the stages of risk identification, needs analysis, risk evaluation, adjustment through expert judgment, risk prioritization, and design of a blockchain-based mitigation architecture. Data were collected through quantitative surveys of students, lecturers, and system users, and qualitative assessments from information technology administrators. The analysis results show that the risks with very high priority are R005 with a score of 22.03 related to personal data security, and R007 with a score of 21.03 related to system access failure at critical times. The integration of blockchain in this design serves to improve data integrity, transaction process transparency, and service availability through distributed recording and smart contract-based automatic verification. This study provides novelty by simultaneously combining the ISO/IEC 27005 approach and blockchain architecture concepts in the context of a university e-learning system, resulting in a comprehensive strategic framework for information security risk management. The blockchain implementation in this study is limited to the conceptual design stage.

Downloads

Download data is not yet available.

References

R. Maulana and F. Mahardika, “Analisis risiko keamanan pada sistem e-learning berdasarkan ISO 27005,” Jurnal Informatika, Multimedia dan Teknik, vol. 2, no. 1, pp. 11–20, Jul. 2025, doi: 10.71456/jimt.v2i1.1362.

M. Bidry, A. Ouaguid, and M. Hanine, “Enhancing e-learning with blockchain: characteristics, projects, and emerging trends,” Future Internet, vol. 15, no. 9, Sep. 2023, Art. no. 293, doi: 10.3390/fi15090293.

A. A. Nassani, A. Grigorescu, Z. Yousaf, R. A. Trandafir, A. Javed, and M. Haffar, “Leading role of e-learning and blockchain towards privacy and security management: a study of electronics manufacturing firms,” Electronics, vol. 12, no. 7, Apr. 2023, doi: 10.3390/electronics12071579.

S. Meitarice, L. Febyana, A. Fitriansyah, R. Kurniawan, and R. A. Nugroho, “Risk management analysis of information security in an academic information system at a public university in Indonesia: Implementation of ISO/IEC 27005:2018 and ISO/IEC 27001:2013 security controls,” Journal of Information Technology and Cyber Security, vol. 2, no. 2, pp. 58–75, Nov. 2024, doi: 10.30996/jitcs.12099.

G. A. Wibowo and A. Y. Vandika, “Development and evaluation of blockchain-based e-learning platforms to improve data security,” Indonesian Journal of Education, vol. 4, no. 1, pp. 39–53, Apr. 2024.

I. Adhicandra, F. M. Kaaffah, C. H. Maharaja, and S. Sabri, “The impact of implementing blockchain technology in learning on data security and integrity,” Journal of Computer Science Advancements, vol. 2, no. 1, pp. 1–18, Jul. 2024, doi: 10.70177/jsca.v2i1.927.

J. Bai and Q. Yang, “Design of plasmon absorbing structure suitable for super high frequency,” Electronics, vol. 12, no. 9, May 2023, doi: 10.3390/electronics12092121.

A. N. Fanani, B. T. Hanggara, and A. R. Perdanakusuma, “Manajemen risiko keamanan informasi menggunakan ISO/IEC 27005 studi kasus pada Dinas Komunikasi dan Informatika Kabupaten Sidoarjo,” Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 9, no. 6, pp. 2548–2564, 2025.

M. A. Memon, H. Ting, J.-H. Cheah, R. Thurasamy, F. Chuah, and T. H. Cham, “Sample size for survey research: review and recommendations,” Journal of Applied Structural Equation Modeling, vol. 4, no. 2, pp. 25–45, 2020, doi: 10.47263/jasem.4(2)01.

M. K. Putri and A. R. Hakim, “Perancangan manajemen risiko keamanan informasi layanan jaringan MKP berdasarkan kerangka kerja ISO/IEC 27005:2018 dan NIST SP 800-30 revisi 1,” Jurnal Info Kripto, vol. 15, 2021.

M. Amirinnisa and R. Bisma, “Analisis penilaian risiko keamanan informasi berdasarkan ISO 27005 untuk persiapan sertifikasi ISO 27001 pada Pemerintah Kota Madiun,” 2023.

N. A. Chandra and M. Yusuf, “Penilaian risiko keamanan aplikasi web menggunakan standar ISO/IEC 27005:20022 pada layanan organisasi,” Jurnal Computer Science and Information Technology (COSCITECH), vol. 6, Aug. 2025.

V. Sinantia, A. T. Nariswari, I. D. Ramadhani, M. M. Alghifari, K. A. Tjarliman, and Y. K. Qisthi, “Konstruksi alat ukur homesickness pada mahasiswa rantau,” Jurnal Empati, vol. 13, no. 4, p. 9, Apr. 2024.

ISO, “Information technology — Security techniques — Information security risk management,” ISO/IEC 27005:2018, Geneva, Switzerland, 2018.

NIST, “Guide for conducting risk assessments,” NIST SP 800-30 Revision 1, Gaithersburg, MD, USA, Sep. 2012, doi: 10.6028/NIST.SP.800-30r1.

J. Zheng, “Blockchain framework for digital learning and information and communications technology,” International Journal of Communication Networks and Information Security, vol. 16, no. 1, pp. 283–296, 2024.

H. H. Pajooh, M. Rashid, F. Alam, and S. Demidenko, “Multi-layer blockchain-based security architecture for internet of things,” Sensors, vol. 21, no. 3, pp. 1–26, Feb. 2021, doi: 10.3390/s21030772.

R. Fauzi, “Implementasi awal sistem manajemen keamanan informasi pada UKM menggunakan kontrol ISO/IEC 27002,” JTERA (Jurnal Teknologi Rekayasa), vol. 3, no. 2, pp. 145–156, Dec. 2018, doi: 10.31544/jtera.v3.i2.2018.145-156.

M. L. B. Hikam, F. Dewi, and D. Praditya, “Analisis manajemen risiko informasi menggunakan ISO/IEC 27005:2018 (studi kasus: PT XYZ),” JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), vol. 9, no. 2, pp. 728–734, May 2024, doi: 10.29100/jipi.v9i2.4709.

ISACA, “Qualitative and quantitative risk analysis techniques,” ISACA, vol. 2, pp. 1–6, 2021.

N. L. Putri and A. F. Wijaya, “Information technology risk management in educational institutions using ISO 31000 framework,” Journal of Information Systems and Informatics, vol. 5, no. 2, pp. 630–649, May 2023, doi: 10.51519/journalisi.v5i2.468.

Y. J. Raihanah, E. L. E. Napitupulu, and N. D. Q. Aini, “Penentuan konteks dalam proses manajemen risiko pada proses industri,” Journal of Disaster Management and Community Resilience, vol. 1, no. 1, pp. 28–35, Feb. 2024, doi: 10.61511/jdmcr.v1i1.604.

A. P. Putra and B. Soewito, “Integrated methodology for information security risk management using ISO 27005:2018 and NIST SP 800-30 for insurance sector,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 14, no. 4, pp. 415–422, 2023.

Y. Kajiwara, A. Matsuoka, and F. Shinbo, “Machine learning role playing game: Instructional design of AI education for age-appropriate in K-12 and beyond,” Computers and Education: Artificial Intelligence, vol. 5, Jan. 2023, Art. no. 100162, doi: 10.1016/j.caeai.2023.100162.

J. Su, D. T. K. Ng, and S. K. W. Chu, “Artificial intelligence (AI) literacy in early childhood education: The challenges and opportunities,” Computers and Education: Artificial Intelligence, vol. 5, Jan. 2023, Art. no. 100124, doi: 10.1016/j.caeai.2023.100124.

Published
2025-09-30
Abstract views: 516 times
Download PDF: 169 times
How to Cite
Irfan, M., Ramadhania, S., Hadi, S., & Pungkasanti, P. (2025). ISO/IEC 27005-Based E-Learning Risk Management with Blockchain Architecture: A Case Study of Semarang University. Journal of Information Systems and Informatics, 7(3), 2898-2919. https://doi.org/10.51519/journalisi.v7i3.1265
Issue
Vol 7 No 3 (2025): September
Section
Articles

Copyright (c) 2025 Journal of Information Systems and Informatics

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

  1. I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
  2. I certify that all authors have approved the publication of this and there is no conflict of interest.
  3. I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
  4. I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
  5. I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
  6. I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
  7. If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
  8. I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)