Analysis of IT Risk Management on The Security of Data LMS and IT Resources Using NIST SP 800-30

Abstract

Learning management systems (LMS) play a critical role in modern education by facilitating communication and access to learning resources for educators and students. However, these systems are susceptible to significant IT security threats due to the sensitive nature of the data they manage, including personal information and instructional materials. This study focuses on the Kemenkumham e-learning platform used by the Ministry of Law and Human Rights in Indonesia for distance learning and online training. Despite its benefits, the platform faces various IT security risks that could compromise its functionality and data integrity. Using the NIST SP 800-30 Revision 1 framework, this research identifies four primary operational risks—data security, password vulnerabilities, process inefficiencies, and exposure to cyberattacks—and analyzes their impact. The study then proposes comprehensive mitigation strategies to address these risks. The findings provide actionable recommendations for strengthening IT security and ensuring the continuity of business processes for Kemenkumham e-learning. These results highlight the importance of robust risk management in protecting sensitive information and enhancing the resilience of e-learning systems