Information Security Analysis of Online Education Management System using Information Technology Infrastructure Library Version3

The rapid development of information affects many aspects of human life. So the ﬁeld of information security becomes one aspect that must be considered. This study aims to measure information security awareness and to improve daily operational activities of managing IT services effectively and efﬁciently. Salemba Adventist Academy has used the Wium Online Education Management System (WIOEM) online system, but in its implementation, the system’s security aspects are not yet known. The Information Technology Infrastructure Library (ITIL) v3 framework, which is globally recognized for managing information technology, is broken into ﬁve parts: Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. This study focuses on Service Operations with four attributes: Security, Privacy, Risk, and Trust. The data collection method used by the researcher was observation in the form of a questionnaire in taking the number of samples to several students by taking population samples using the Lemeshow method. After the data were collected, the results of the ITIL indicator questionnaire were calculated based on the data security level. The results show that the Security indicator is Level 1, the Privacy indicator is level 3, the Risk indicator is level 3, and the Trust indicator is level 4 on the Data Security Level scale. This shows that the WIOEM system can be used properly according to


INTRODUCTION
Information is a resource that has meaning in some context for its recipient. The information must have benefits for users, errors free and clear explanations, timely delivery, and consistency and can be accounted for its validity [1]. Information stored in a system is called data. Information is the most important aspect of certain companies/agencies that must be maintained properly. The increasingly widespread development of information technology today raises many information security problems [2]. Information security is a policy that must be considered because if unauthorized individuals access the information, the effect of the accuracy of the information can be invalid. Users abandon many systems because they are difficult to use, so the system does not provide comfort. So, in designing information security, it must have a perspective-based orientation for users, not complicating the interaction process in decision-making [3]. Many emerging information security problems will threaten information security which is rapidly developing at an unprecedented speed [4]. Many ways can be used to secure information data on a system. There are two types of security, namely: prevention and treatment. Prevention is done so that data information is not lost, damaged, or stolen. If the virus attacks the information data, then treatment is carried out. Therefore, the security of information must be considered [5].
In educational institutions, information security is a major requirement in the application of information technology. With the development of information technology, maintaining information security in the school environment is a very important aspect. Therefore, it is necessary to use information technology compared to manual systems. Salemba Adventist High School has used the Wium Online Education Management System (WIOEM) online system to store student information data related to reporting cards and financial information. WIOEM is a school administration application developed by the Western Indonesia Union GMAHK Organization, which aims to assist the administration of all Adventist schools in Western Indonesia. According to the statements of teachers, students, and school admins as users, the WIOEM online system is not yet fully understood. Nevertheless, it provides good IT service satisfaction, especially storing student information data.
Information Technology Infrastructure Library (ITIL) v3 is a globally recognized collection of practices for managing information technology (IT). ITIL is an international standard best practice that can assist in implementing information technology in organizations or companies [6]. ITIL is successfully used because it describes practices that enable organizations/agencies to deliver benefits, sustain success, and optimize IT service. The ITIL v3 framework has five parts: Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement [7]. This research focuses on Service Operation. Researchers use the process in Service Operation into several indicators that affect the level of data security in general [8]. The indicators used in this research are Security, Privacy, Risk, and Trust. Service Operation is a lifecycle stage that includes all daily operational activities of IT service management [9,10]. There are various guidelines for managing IT services efficiently and effectively and ensuring the promised performance level for users.
In several previous studies, researcher A used the ITIL method to measure information and communication technology in PTI courses that use blended learning models [11]. Researcher B uses the ITIL method to implement technology service management to improve service management in the Information Technology sector, implement threat anticipation, and prevent attacks on IT assets [12]. Furthermore, researcher C used the ITIL method to improve the service system at PT. XYZ to assess whether the IT implemented in the company can run in accordance with organizational goals effectively and efficiently [12]. When compared with previous research, this research focuses on online education services. Where the focus is the level of data security in online education systems in high schools and not just the maturity level of a system, this includes general application security, information dissemination, data storage, information security, and application performance. Therefore, this study aims to measure or analyze how large and secure the information security of the WIOEM online system is and to improve all daily operational activities of managing IT services effectively and efficiently through the WIOEM online system. To achieve this goal, the researcher uses the Information Technology Infrastructure Library version 3 (ITIL v3) framework method.

RESEARCH METHOD
This study used a quantitative research method, with the population of the respondents coming from high school students at the Salemba Adventist Academy. The method used in sampling the number of respondents was using the Lemeshow formula, and the primary data was obtained by distributing questionnaires to respondents. Filled data will go through validation and reliability tests. When the data is valid and reliable, the value of the data will be measured based on indicators in the ITIL V3 Domain Service Operations framework.

Population and Sample
The population and sample in this study were high school students of Salemba Adventist Academy, with a total of 150 people. Quantitative research methods are suitable for taking samples from a wide population. The technique used in this sampling calculation is the Lemeshow formula (1) with a known number of populations [13].
Lemeshow Formula: rumus kebawah Total high school students Based on the calculation of the Lemeshow formula above (1), a sample of 45 Salemba Adventist High School students was drawn as respondents to the system security capability questionnaire (grades 10, 11, and 12).

Measurement Method
The Likert scale is a measurement scale widely used in research in the form of a survey developed by Rensis Likert [14]. The Likert scale is used in the questionnaire to measure the perceptions and opinions of respondents. Respondents will determine the level of agreement with various statements by choosing one of the available answers. The Likert scale has provided five answer choices, and each category has the following values. "1" is for Strongly Disagree (SD), "2" is for Disagree (D), "3" is for Neutral (N), "4" is for Agree (A), and "5" is for Strongly Agree (SA).

Questionnaire
The questionnaire distributed to the Salemba Adventist High School students was divided into 4 Indicator sections. The indicators used are Security, Privacy, Risk, and Trust. Each indicator measures the level of standardization of information data security. The measurement process is guided according to the ITIL v3 Service Operation process. The data collection method was filling out a questionnaire via a google form, which was distributed to 45 high school students of Salemba Adventist College. The following is a statement of each attribute that needs to be filled in: Security Indicators as shown at Table 1, measures how secure the WIOEM online system can be used. Avoiding disruptions that occur in IT services or decreasing IT quality. The goal is to detect problems and determine what approach needs to be taken. WIOEM application features are easy to understand and safe to use SD = 1, D = 2, N = 3, A = 4, SA = 5 2 The security of students' personal information is guaranteed SD = 1, D = 2, N = 3, A = 4, SA = 5 3 The WIOEM online system works well and provides relevant information SD = 1, D = 2, N = 3, A = 4, SA = 5 4 WIOEM's online system is able to provide information safely SD = 1, D = 2, N = 3, A = 4, SA = 5 5 WIOEM online system is able to provide information accurately and regularly SD = 1, D = 2, N = 3, A = 4, SA = 5 6 The school strictly maintains the confidentiality of the information provided through the WIOEM online system The school is able to operate the WIOEM online system well SD = 1, D = 2, N = 3, A = 4, SA = 5 8 No worries about the security of the school's WIOEM online system SD = 1, D = 2, N = 3, A = 4, SA = 5 Privacy Indicators, as shown in Table 2, measures how secure the student's personal information is stored on the WIOEM online system. The goal is for users to be able to use the service and prevent access to unauthorized users regularly. Student's personal data information is stored properly by the school SD = 1, D = 2, N = 3, A = 4, SA = 5 2 Students' personal data information will not be misused SD = 1, D = 2, N = 3, A = 4, SA = 5 3 The school is able to store student information data from illegal actions SD = 1, D = 2, N = 3, A = 4, SA = 5 4 The school is able to protect student information data SD = 1, D = 2, N = 3, A = 4, SA = 5 5 The WIOEM online system can store student information data properly SD = 1, D = 2, N = 3, A = 4, SA = 5 6 Filling student information data into the WIOEM online system can be operated properly and safely Risk Indicators as shown at Table 3, measures how secure student data can be stored and accessed on the WIOEM online system. The goal is to provide users with confidence that the system can be trusted and can prevent an incident from occurring, so that incidents do not happen again and can be handled properly.  Trust Indicators as shown at Table 4, measures users confidence in using the WIOEM online system. The goal is to give users confidence that the WIOEM online system is safe to use. Thus, this system can achieve user standardization in receiving services that are effective and efficient. Information provided by the school can be trusted SD = 1, D = 2, N = 3, A = 4, SA = 5 2 The school will be able to develop the WIOEM online system in the future SD = 1, D = 2, N = 3, A = 4, SA = 5 3 The school is very honest, open, and integrity SD = 1, D = 2, N = 3, A = 4, SA = 5 4 The school is able to take immediate action in the event of a data leak or other damage to the WIOEM online system

Security Level Methodology
Data security is very important because every decision and policy must be based on data. There is a lot of important and limited information data for the parties concerned to know [14]. In securing a system, there are aspects that need to be considered, such as Databases, data security, computer security, computer device security, application security, network security, and information security. To obtain the security level, researchers use Indicators from the ITIL framework such as Security, Privacy, Risk, and Trust. Therefore, the correlation of each indicator leavens the security levels. Each level has a definition and function that affects data security. Figure 1 shows a picture of the security level in the form of a pyramid.  Figure 1 above describes the level of data security as follows: Security Level 0: Physical security is the stage that becomes the next security window. If properly maintained, then all data and computer hardware can be secured. Security Level 1: Consists of database, data, computer, device, and application security. In order to maintain the security of databases and data, the application must be considered. Data security is a way to design a database. Device security is the tool used to maintain computer security properly. Computer security protects against access by unauthorized persons. Security Level 2: Computers connected to the network are vulnerable to attack. Therefore, network security is designed to prevent leakage or illegal access that can damage data security. Security Level 3: Information security is often overlooked by administrators. Such negligence can be a fatal thing if irresponsible people know important information. Security Level 4: It is the overall security of a system or computer. If the previous level can be done well, then the security at level 4 is perfect.

Validity Test
The data on the questionnaire was processed by testing the validity and reliability using the Microsoft Excel program. The validity test was carried out on each statement item in different sections to prove that each questionnaire item was effective and worthy of being used as an object of research. The statement item is declared valid if r count > r The security of students' personal information is guaranteed 0,91613528 0,361 Valid 3 The WIOEM online system works well and provides relevant information 0,96339483 0,361 Valid 4 WIOEM's online system is able to provide information safely 0,97253341 0,361 Valid 5 WIOEM online system is able to provide information accurately and regularly 0,90633915 0,361 Valid 6 The school strictly maintains the confidentiality of the information provided through the Student's personal data information is stored properly by the school 0,74118569 0,361 Valid 2 Students' personal data information will not be misused 0,87137909 0,361 Valid 3 The school is able to store student information data from illegal actions 0,63115111 0,361 Valid 4 The school is able to protect student information data 0,69813985 0,361 Valid 5 The WIOEM online system can store student information data properly 0,87538779 0,361 Valid 6 Filling student information data into the WIOEM online system can be operated properly and safely 0,83237299 0,361 Valid

Risk Indicator No
Statement r-count r- The school will be able to develop the WIOEM online system in the future 0,90763233 0,361 Valid 3 The school is very honest, open, and integrity 0,91568078 0,361 Valid 4 The school is able to take immediate action in the event of a data leak or other damage to the WIOEM online system 0,93837783 0,361 Valid

5
The school is able to protect student information data against the use of the WIOEM online system 0,8542422 0,361 Valid 6 The WIOEM online system can be used well in the form of teacher and student interactions 0,97661041 0,361 Valid

Reliability Test
The following reliability test results show the value of the Cronbach alpha coefficient > a significance value of 0.6 [15]. There are eight items on Security Indicators, six items on privacy indicators, three items on risk indicators, and six items on trust indicators. Table 6 shows that all indicators are reliable.

Questionnaire Results
The results of all indicators lead to security Levels 1, 3, and 4 according to the Data Security Level in Figure 1. Based on the percentage results, the WIOEM system gets students' trust in its use. However, not few also still doubt the security aspects of this system so that the security of student information data can be improved again to avoid unexpected incidents when using it. Based on the analysis and comparison of the results of the Security indicator (Table 7) to the level of data security in Figure  1, it was found that the result of the Security indicator is Level 1. Security Level 1 states that if a system is well maintained, the database and information on the device will be safe. It is rated to level 1 to maintain each database that is being considered and to design the database properly. The security of WIOEM's online system for the information provided has been operated properly to prevent access by unauthorized persons. It was found that 48.9% of respondents stated that the security of using the WIOEM system was guaranteed and able to provide accurate information to students. Meanwhile, there are some respondents who still doubt the security of this system so that schools can improve the quality of service from the WIOEM system. Based on the analysis and comparison of the results of the Privacy indicator (Table 8) to the level of data security in Figure 1, it was found that the results of the privacy indicator are Level 3. Security Level 3 states that administrators often ignore information, and such negligence can be fatal if important information is known by people unaware of it. It is rated to level 3 so that the administrators pay more attention and protect the database used. Responsible, so it was found that 44.4% of respondents believed that the information data of each student was able to operate properly and safely on the WIOEM system. However, the respondents still doubt the data storage in this system so that schools can increase confidence in students that the school is able to protect student information data properly. Based on the analysis and comparison of the results of the Risk indicator (Table 9) to the level of data security in Figure 1, it was found that the result of the Risk indicator is Level 3. Security Level 3 states that information is often ignored by administrators, where negligence can be fatal if important information is known by people unaware of it. It is rated to level 3 so that the administrators Information Security Analysis . . . (Michelle Cantika Pontoan) ISSN: 2476-9843 pay more attention and protect the database used. Responsible so that it was found that 42.2% of respondents still doubted that the WIOEM system could cause unexpected problems when accessing it. So that schools can provide information and improve the quality of services properly, which assures students that the WIOEM system is safe and under control. The school is able to take immediate action in the event of a data leak or other damage to the WIOEM online system 0 6.7 31.1 40 22. 2 5 The school is able to protect student information data against the use of the Based on the analysis and comparison of the results of the Trust indicator (Table 10) to the level of data security in Figure 1, it was found that the result of the Trust indicator is Level 4. It is rated to level 4 by reason of system has been fully operated well. The WIOEM online system has been operated properly at the previous level of information security so that at level 4, security is guaranteed and safe to use. In addition, it was found that 44.4% of respondents stated that the school was very honest, open, and with integrity. So that many respondents fully believe that the use of the WIEOM system is very effective and able to protect student data properly.

CONCLUSION
Based on the results of measuring the level of security for each indicator, it is obtained: the security indicator is Level 1 by the fact that 48.9% of respondents stated that system security is guaranteed and able to provide accurate information to students; privacy indicator is Level 3 and supported by the result of the questionnaire that 44.4% of respondents believe that each student's information data can be operated properly and safely; the risk indicator is Level 3 which 42.2% of respondents still doubting if the system can cause unexpected problems when accessing it; the indicator of trust is Level 4 which majority (44.4%) of respondents stating that the school is very honest, open, and with integrity. The researcher concludes that the WIOEM system can be used properly according to the users' expectations. Using the ITIL v3 domain Service Operation framework provides an overview for schools to be able to evaluate and develop a better WIOEM online system. From the four parts of indicators that have been analyzed, it can be concluded that the security level of the WIOEM online system is at Levels 1,3, and 4, where the quality of system security service performance has not run optimally.
Some of the things that users hope can be developed in the 'Security' indicator are fixing a system that often crashes. Especially when accessing user accounts so that unexpected incidents do not occur. This is in line with research [12], which states that system protection can improve security and service management. The 'Privacy' indicator is the school's policy in storing student information data that is more accurate and allows backup storage if the system is down. In the 'Risk' indicator, it is increasing security, such as two verification codes if you want to access accounts for new users. Provide notifications when accounts are accessed on different devices via email to prevent unauthorized persons from being involved. The 'Trust' indicator provides clearer information on how to use this system so all users can understand it. In line with research [16], which states that system improvements can assess the level of trust and whether the system can run according to school goals effectively and efficiently. Provide access for students to provide feedback on this system. Create a comment service to interact directly between teachers and students in the WIOEM online system regarding report cards and finances for faster response services. Another hope related to this system is to improve the appearance of this application to be user-friendly and have simple features so that it can be used easily. Have a consistent appearance so the WIOEM online system can be used properly. So the improvement and development of the WIOEM online system can improve effective and efficient IT performance.

DECLARATIONS
AUTHOR CONTIBUTION MCP is the main contributor to this research, where MCP distributes questionnaires and analyzes the level of security of the information systems. JIS is a mentor in MCP research and contributes as a validator and advisor to both the material and technical content of the research. Moreover, EL acts as a consultant in terms of writing and validating research results.
FUNDING STATEMENT This research was funded independently by the authors and without any funding from external parties.