Risk Analysis Of Accounting Information System Security Based On Vulnerability Data From OPENVAS, OWASP ZAP, And NMAP Tools: A Cybersecurity Perspective

Abstract

Data security is a critical component of Accounting Information Systems (AIS), considering the sensitivity of financial information that must be safeguarded against cyber threats. This study aims to analyze security risks within an AIS platform by utilizing vulnerability scan data collected from the domain https://kiis.ibik.ac.id. Three open-source security tools—OpenVAS, OWASP ZAP, and NMAP—were used to detect potential system vulnerabilities. The research identifies and classifies these vulnerabilities based on severity levels and CVSS (Common Vulnerability Scoring System) scores. The findings reveal multiple medium and low-level vulnerabilities, including open TCP ports, missing anti-clickjacking headers, and improper content security policies, which could expose the system to threats such as cross-site scripting (XSS), clickjacking, and unauthorized access. The study recommends implementing essential security headers, closing unused ports, and conducting continuous system monitoring to enhance AIS resilience. These insights highlight the importance of proactive cybersecurity measures in protecting financial data integrity within modern accounting systems.

Keywords: accounting information system, data security, vulnerability analysis, CVSS, cybersecurity risk