DESIGNING A THREAT MODELING-DRIVEN RISK MANAGEMENT FRAMEWORK FOR SECURING PT XYZ’S MEDIA CONTENT MANAGEMENT SYSTEM

Abstract

This thesis aims to design a threat modelling driven risk management framework to enhance the security of PT XYZ's Content Management System (CMS), which is critical for safeguarding digital assets and ensuring the integrity of media operations. The research employs a combination of STRIDE and LINDDUN methodologies to systematically identify and classify both security and privacy threats across CMS components. Each identified threat is evaluated using the DREAD scoring model to prioritize risks based on their potential impact, reproducibility, exploitability, affected users, and discoverability. The study also conducts a comprehensive vulnerability analysis and security gap assessment to uncover weaknesses aligned with common threat vectors, including those reflected in the OWASP Top 10. Based on these findings, the research proposes a set of mitigation strategies and security controls aligned with ISO/IEC 27001:2022 to ensure both technical and organizational resilience. The findings reveal that PT XYZ’s CMS faces critical risks such as credential reuse, token replay attacks, and unauthorized API access, which require immediate mitigation. The practical implication of this thesis is the development of a tailored risk management model that integrates threat modeling into the software development lifecycle (SDLC), enabling PT XYZ to adopt a proactive and structured approach to CMS security.