A Data Driven Information System for Cybersecurity Vulnerability Management

Qurotul Aini; Agung Rizky; Suca Rusdian; Azwani Aulia; Archa Erica

doi:10.33050/f3yjz324

Authors

Qurotul Aini Satya Wacana Christian University Author
Agung Rizky University of Raharja Author
Suca Rusdian Yasa Anggana College of Economics Author
Azwani Aulia Padjadjaran University Author
Archa Erica Adi-Journal Incorporation Author

DOI:

https://doi.org/10.33050/f3yjz324

Keywords:

Information Systems, Predictive Analytics, Cybersecurity Vulnerability, Management, Machine Learning

Abstract

The rapid growth of digital infrastructures has amplified cybersecurity vulnerabilities, challenging organizations to manage risks effectively. Traditional vulnerability assessment methods, such as static scoring systems, often overlook dynamic threat information, leading to suboptimal prioritization. This study addresses the gap in existing vulnerability management approaches by introducing a data-driven framework that combines internal system data, public vulnerability databases, and external threat intelligence using predictive analytics. The proposed decision support information system employs machine learning as an analytical component to estimate the likelihood of vulnerability exploitation and support vulnerability prioritization decisions. The novelty of this approach lies in its ability to prioritize vulnerabilities not only based on technical severity but also considering the context of real-world threat activity. When benchmarked against conventional methods, this approach demonstrates superior performance in identifying exploitable vulnerabilities, improving accuracy and recall, thus optimizing resource allocation. By adopting a proactive, risk-based strategy, the framework prioritizes the most critical vulnerabilities in complex IT environments. The results highlight the potential of predictive models in enhancing cybersecurity management and supporting sustainable infrastructure, driving a shift toward more efficient, data-driven decision-making.

Downloads

Download data is not yet available.

References

[1] Y. Cheng, Z. Zhang, Y. Gao, Z. Chen, S. Guo, Q. Zhang, R. Mei, S. Nepal, and Y. Xiang, “Meltdown-type attacks are still feasible in the wall of kernel page-table isolation,” Computers & Security, vol. 113, p. 102556, 2022.

[2] K. Charmanas, N. Mittas, and L. Angelis, “Exploitation of vulnerabilities: a topic-based machine learning framework for explaining and predicting exploitation,” Information, vol. 14, no. 7, p. 403, 2023.

[3] P. Majocco, P. Mosch, and R. Obermaier, “Digital transformation under uncertainty–market value effects of early industry 4.0 innovation projects,” Procedia Computer Science, vol. 232, pp. 232–241, 2024.

[4] R. Parla, “Efficacy of epss in high severity cves found in kev,” arXiv preprint arXiv:2411.02618, 2024.

[5] U. Rahardja, Q. Aini, A. S. Bist, S. Maulana, and S. Millah, “Examining the interplay of technology readiness and behavioural intentions in health detection safe entry station,” JDM (Jurnal Dinamika Manajemen), vol. 15, no. 1, pp. 125–143, 2024.

[6] Y. Jiang, N. Oo, Q. Meng, H. W. Lim, and B. Sikdar, “A survey on vulnerability prioritization: Taxonomy, metrics, and research challenges,” arXiv preprint arXiv:2502.11070, 2025.

[7] V. Koscinski, M. Nelson, A. Okutan, R. Falso, and M. Mirakhorli, “Conflicting scores, confusing signals: An empirical study of vulnerability scoring systems,” in Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, 2025, pp. 1904–1918.

[8] I. Naseer, “Machine learning applications in cyber threat intelligence: a comprehensive review,” The Asian Bulletin of Big Data Management, vol. 3, no. 2, pp. 190–200, 2023.

[9] E. D. Lonergan and J. Schneider, “The power of beliefs in us cyber strategy: The evolving role of deterrence, norms, and escalation,” Journal of Cybersecurity, vol. 9, no. 1, p. tyad006, 2023.

[10] T. Hidayat, D. Manongga, Y. Nataliani, S. Wijono, S. Y. Prasetyo, E. Maria, U. Raharja, I. Sembiring et al., “Performance prediction using cross validation (gridsearchcv) for stunting prevalence,” in 2024 IEEE International Conference on Artificial Intelligence and Mechatronics Systems (AIMS). IEEE, 2024, pp. 1–6.

[11] N. I. of Standards, T. (US), N. I. of Standards, and T. (US), NIST Cybersecurity Framework 2.0: Quick start Guide for Creating and Using Organizational Profiles. US Department of Commerce, National Institute of Standards and Technology, 2024.

[12] M. Santana, V. V. Cogo, and A. O. de S´a, “Secscore: Enhancing the cvss threat metric group with empirical evidences,” arXiv preprint arXiv:2405.08539, 2024.

[13] N. Shimizu and M. Hashimoto, “Vulnerability management chaining: An integrated framework for efficient cybersecurity risk prioritization,” arXiv preprint arXiv:2506.01220, 2025.

[14] S. Unger, E. Arzoglou, M. Heinrich, D. Scheuermann, and S. Katzenbeisser, “Cybersecurity risk assessment in ot systems using attack graphs: S. unger et al.” International Journal of Information Security, vol. 25, no. 1, p. 34, 2026.

[15] H. Su, Z. Xu, Y. Zhang, and Q. Tan, “Source code vulnerability detection based on deep learning: a review,” Cybersecurity, vol. 9, no. 1, p. 2, 2026.

[16] R. Krishnasrija, A. K. Mandal, R. Halder, and A. Cortesi, “A dynamic context-aware and role-capability based access control mechanism for internet of things,” Journal of Network and Systems Management, vol. 34, no. 1, p. 30, 2026.

[17] A. Saighi, S. Kouah, S. Zertal, D. Meg, R. Khanfar, and Z. Laboudi, “Wmsd: A wireless multimedia security dataset and a multi-level ids with machine learning and explainable tabnet,” IEEE Access, 2026.

[18] S. Yitagesu, Z. Xing, X. Zhang, Z. Feng, T. Bi, L. Han, and X. Li, “Systematic literature review on software security vulnerability information extraction,” ACM Transactions on Software Engineering and Methodology, 2025.

[19] T. T. Allen, J. McCarty, M. Abdallah, and V. S. Buck, “Towards data-driven organizational cybersecurity risk metrics and optimization,” in Operations Research and Data Analytics: Current Trends and Future Perspectives: Selected Papers from International Conference on Industrial Engineering and Analytics (ICONIEA) 2024. Springer, 2026, pp. 445–453.

[20] U. Rahardja, I. D. Hapsari, P. H. Putra, and A. N. Hidayanto, “Technological readiness and its impact on mobile payment usage: A case study of go-pay,” Cogent Engineering, vol. 10, no. 1, p. 2171566, 2023.

[21] G. S. Varshini, S. Latha, G. R. Vikhram, and S. Padmanaban, “Detection of coordinated attack using data driven approach in cyber physical power system (cpps),” Computers and Electrical Engineering, vol. 131, p. 110917, 2026.

[22] M. Malkawi and R. Alhajj, “Ai-powered vulnerability detection and patch management in cybersecurity: A systematic review of techniques, challenges, and emerging trends,” Machine Learning and Knowledge Extraction, vol. 8, no. 1, p. 19, 2026.

[23] M. S. Ansari and U. C. Rajan, “Cybersecurity risk management in it projects: A systematic review and classification of risks, best practices, and framework effectiveness (2020-2025),” Best Practices, and Framework Effectiveness (2020-2025)(January 07, 2026), 2026.

[24] S. Hollerer, “Integrated safety and security knowledge modeling,” Ph.D. dissertation, Technische Universit¨at Wien, 2026.

[25] A. Cahyono and Y. D. Nurcahyanie, “Identification and evaluation of logistics operational risk using the fmea method at pt. xzy,” Aptisi Transactions on Technopreneurship (ATT), vol. 5, no. 1Sp, pp. 1–10, 2023.

[26] M. S. Sharifi Poor Bgheshmi, M. Sharajsharifi, and M. R. Saeidabadi, “Between exploitation and resilience: Reconciling ai’s role in surveillance capitalism and disaster risk management,” Journal of Cyberspace Studies, vol. 10, no. 1, pp. 109–139, 2026.

[27] H. Turtiainen, A. Costin, and T. H¨am¨al¨ainen, “Vulnberta-xai: Towards explainable ai for automating cwe weakness assignment and improving the quality of cybersecurity cve,” in Cyber Security: Policy and Technology. Springer, 2026, pp. 385–432.

[28] R. N. Wedamuni Arachchige, D. Saxena, and A. K. Singh, “An adaptive cyber threat intelligence model to counter evolving security attacks in industrial communication networks,” Neural Computing and Applications, vol. 38, no. 2, p. 15, 2026.

[29] B. Huda, E. Sediyono, K. D. Hartomo, I. Sembiring, A. Fauzi, and A. L. Hananto, “Evaluation quality of e-learning x using iso/iec 25010 framework and design thinking approach,” in 2023 6th International Conference on Information and Communications Technology (ICOIACT). IEEE, 2023, pp. 114–119.

[30] E. R. Rahayu, A. Aprillia, R. Z. Ikhsan, A. Adiwijaya, and A. Kumara, “Cybersecurity in the age of iot and developing frameworks for securing smart devices and networks,” Journal of Computer Science and Technology Application, vol. 2, no. 1, pp. 46–54, 2025.

[31] B. K. Baniya and L. K. Cherukuri, “Xgboost and random forest–based intrusion detection system,” in Cybersecurity Defensive Walls in Edge Computing. Elsevier, 2026, pp. 105–121.

[32] Y. Cheng, X. Zhou, H. Zhao, G. Liang, F. Wen, and J. Zhao, “Secure and trustworthy energy systems: A four-layer threat model and defense-in-depth framework,” Energy, p. 140027, 2026.

[33] D. P. M¨oller, Cybersecurity for Network and Information Security: Principles, Techniques and Applications. Springer Nature, 2026.

[34] A. Gampel, “Streamlining cybersecurity risk assessment for industrial control and automation systems: Leveraging nist’s risk management framework (rmf) implemented using model-based system’s engineering (mbse),” Ph.D. dissertation, The George Washington University, 2026.

[35] H. Khan and S. Akhtar, “Intelligent authentication systems for phishing attack prevention and rapid incident response,” 2026.

[36] A. Alqudhaibi, M. Albarrak, A. Aloseel, A. Munshi, T. Alsharif, S. Jagtap, and K. Salonitis, “Proactive cybersecurity in industry 4.0: a survey of cybersecurity threat prediction approaches in manufacturing systems,” International Journal of Information Security, vol. 25, no. 1, p. 14, 2026.

[37] Z. Pourzolfaghar, A. Habibi Lashkari, R. Hashemi, and M. Helfert, “Adapted cybersecurity risk analysis, assessment, and mitigation framework for smart buildings,” in Understanding Cybersecurity Management in the Construction Industry: Challenges, Strategies and Trends. Springer, 2026, pp. 109–130.

[38] J. Manikandan, P. Hemalatha, K. Jayashree, and P. Rajeswari, “Navigating the digital landscape: Understanding, detecting, and mitigating cyber threats in an evolving technological era,” Securing Cyber-Physical Systems: Fundamentals, Applications and Challenges, pp. 199–223, 2026.

[39] H. G. Menezes and O. M. Rete, “Digital risk management in digital transformation contexts,” in Innovation Management for Disruptive Maturity in Competitive Scenarios. IGI Global Scientific Publishing, 2026, pp. 311–330.

[40] M. Albarrak, K. Salonitis, and S. Jagtap, “Natural language processing (nlp)-based frameworks for cyber threat intelligence and early prediction of cyberattacks in industry 4.0: a systematic literature review,” Applied Sciences, vol. 16, no. 2, p. 619, 2026.

[41] R. Supriati, E. R. Dewi, D. Supriyanti, N. Azizah et al., “Implementation framework for merdeka belajar kampus merdeka (mbkm) in higher education academic activities,” IAIC Transactions on Sustainable Digital Innovation (ITSDI), vol. 3, no. 2, pp. 150–161, 2022.

[42] J. P. A. Yaacoub, H. N. Noura, O. Salman, and K. Chahine, “Toward secure smart grid systems: risks, threats, challenges, and future directions,” Future Internet, vol. 17, no. 7, p. 318, 2025.

[43] M. Nowakowska, “A comprehensive approach to preprocessing data for bibliometric analysis,” Sciento-metrics, vol. 130, no. 9, pp. 5191–5225, 2025.

[44] C. Ambhika, S. Gayathri, B. G. Sheena et al., “Enhancing predictive modeling in high dimensional data using hybrid feature selection,” in 2024 5th International Conference on Electronics and Sustainable Communication Systems (ICESC). IEEE, 2024, pp. 873–879.

[45] R. Acheampong, D.-M. Popovici, T. C. Balan, A. Rekeraho, and I.-A. Oprea, “A cybersecurity risk assessment for enhanced security in virtual reality,” Information, vol. 16, no. 6, p. 430, 2025.

[46] A. Foundjem, L. Nganyewou Tidjon, L. Da Silva, and F. Khomh, “Multi-agent ai framework for threat mitigation and resilience in machine learning systems,” ACM Transactions on Software Engineering and Methodology, 2026.

[47] S. Iyengar, S. Nabavirazavi, Y. Hariprasad, P. HB, and C. K. Mohan, “Cybersecurity foundations: The ories, technologies, and applications,” in Artificial Intelligence in Practice: Theory and Application for Cyber Security and Forensics. Springer, 2025, pp. 27–87.

[48] Z. Chen, T. Saba, X. Deng, X. Si, and F. Long, “Scam2prompt: A scalable framework for auditing malicious scam endpoints in production llms,” arXiv preprint arXiv:2509.02372, 2025.

[49] Ministry of Communication and Information Technology of the Republic of Indonesia, “Electronic-based government system and cybersecurity governance guidelines,” https://www.kominfo.go.id, 2021, official guideline.

[50] B. Callula, E. Sana, G. Jacqueline, J. Nathalie, and L. Maria, “A structural framework for effective time management in dynamic work environments,” APTISI Transactions on Management, vol. 8, no. 2, pp. 152–159, 2024.