A CIA-based Sustainable Security Risk Mitigation Model for E-Certificate Systems
DOI:
https://doi.org/10.26877/asset.v8i3.2912Keywords:
e-certificate systems, sustainable information security, CIA triad, cyber risk mitigation, information security modelling, public key infrastructure (PKI)Abstract
E-certificates are increasingly adopted across sectors, yet existing studies have not developed an integrated risk mitigation model that combines CIA-based sustainable security with operational and stakeholder perspectives. Current frameworks primarily address isolated technical risks or focus on general PKI security, leaving a gap in holistic modeling tailored to end-to-end e-certificate implementation. This study addresses this gap by proposing a Sustainable Security Risk Mitigation Model for e-certificate systems, guided by the CIA triad—Confidentiality, Integrity, and Availability. A mixed-methods approach was employed, including literature analysis, a Focus Group Discussion (FGD) with industry, government, and academic stakeholders, and expert evaluation using CIA-based scoring on a Likert scale. The empirical data include qualitative perspectives gathered from the FGD and quantitative assessments from expert validation. The proposed model operates in a continuous cycle consisting of risk assessment, mitigation planning, deployment and monitoring, and iterative improvement, ensuring that security controls adapt to emerging threats. Results show that the model achieves an average security validation score (asv) of 4.67, outperforming other existing risk mitigation models in CIA-based evaluation. The findings indicate that institutions can use the model as a practical framework to strengthen e-certificate governance, improve resilience against cyber threats, and support sustainable information security management.
References
[1] Winny Wiriani, “Positive Impact of Administrative Modernization in Land in Indonesia,” International Journal of Innovative Research in Multidisciplinary Education, vol. 03, no. 06, Jun. 2024, doi: https://doi.org/10.58806/ijirme.2024.v3i6n16.
[2] S. Mubarak, S. Zauhar, S. Suryadi, and E. Setyowati, “Impacts and constraints on implementing e-certification policies in Indonesia,” Kasetsart Journal of Social Sciences, vol. 43, no. 3, 2022, doi: https://doi.org/10.34044/j.kjss.2022.43.3.20.
[3] K. Somsuk and M. Thakong, “Authentication system for e-certificate by using RSA’s digital signature,” TELKOMNIKA (Telecommunication Computing Electronics and Control), vol. 18, no. 6, p. 2948, Dec. 2020, doi: https://doi.org/10.12928/telkomnika.v18i6.17278.
[4] D. I. Sensuse, A. Syahrizal, F. Aditya, and M. Nazri, “Information Security Risk Management Planning of Digital Certificate Management Case Study: Balai Sertifikasi Elektronik,” in 2020 Fifth International Conference on Informatics and Computing (ICIC), IEEE, Nov. 2020, pp. 1–7. doi: https://doi.org/10.1109/ICIC50835.2020.9288593.
[5] A. I. H. bin Suhaimi, N. Noordin, and M. F. bin Ya’kub, “Assessment of Malaysian E-Passport PKI based on ISO 27000 Series International Standards,” J Phys Conf Ser, vol. 1551, no. 1, p. 012003, May 2020, doi: https:/doi.org/10.1088/1742-6596/1551/1/012003.
[6] M. F. Hinarejos, F. Almenarez, P. Arias Cabarcos, J. L. Ferrer-Gomila, and A. M. Lopez, “RiskLaine: A Probabilistic Approach for Assessing Risk in Certificate-Based Security,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 8, pp. 1975–1988, Aug. 2018, doi: https://doi.org/10.1109/TIFS.2018.2807788.
[7] A. R. Rahmika, M. Akbar, D. L. Jayanto, and J. R. Bu'tu, “Cloud governance frameworks: CIA-based security and compliance,” Journal of Embedded Systems, Security and Intelligent Systems, pp. 379–389, 2025.
[8] M. Elmsalmi, W. Hachicha, and A. M. Aljuaid, “Modeling sustainable risks mitigation strategies using a morphological analysis-based approach: a real case study,” Sustainability, vol. 13, no. 21, p. 12210, 2021.
[9] A. Aborujilah, J. Adamu, S. A. Mokhtar, A. Z. Al-Othmani, E. Y. Al-Alwi, and D. A. Y. Al-Hidabi, “CIA-based analysis for e-learning systems threats and countermeasures in Malaysian higher education,” in Proc. 2023 17th Int. Conf. Ubiquitous Inf. Manage. Commun. (IMCOM), Jan. 2023, pp. 1–8.
[10] M. Zahid, I. Inayat, M. Daneva, and Z. Mehmood, “A security risk mitigation framework for cyber physical systems,” Journal of Software: Evolution and Process, vol. 32, no. 2, p. e2219, 2020.
[11] C. Adams and S. Farrell, Understanding Public Key Infrastructure: Concepts, Standards, and Deployment Considerations, 2nd ed. Indianapolis, IN, USA: Addison-Wesley, 2021. doi: https://doi.org/10.5555/pki.2021.0001.
[12] R. Housley, W. Polk, W. Ford, and D. Solo, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile,” IETF RFC 5280, 2021. doi: https://doi.org/10.17487/rfc5280.
[13] S. K. Singh and A. Chatterjee, “A survey on digital certificate management and PKI security,” IEEE Access, vol. 10, pp. 116238–116254, 2022, doi: https://doi.org/10.1109/ACCESS.2022.3215530.
[14] Y. Lin, M. A. Madini, and Y. Alghazo, “Blockchain-enabled trusted certificate authentication: A systematic review,” Computers & Security, vol. 123, p. 102961, 2023, doi: https://doi.org/10.1016/j.cose.2022.102961.
[15] S. S. Alshammari and N. Almakhdhub, “Enhancing digital certificate validation using distributed ledger technology,” Future Generation Computer Systems, vol. 147, pp. 322–335, 2023, doi: https://doi.org/10.1016/j.future.2023.04.015.
[16] F. Li and H. Kim, “A CIA-based analysis model for evaluating security robustness of digital credential systems,” Information Sciences, vol. 619, pp. 274–289, 2023, doi: https://doi.org/10.1016/j.ins.2022.10.032.
[17] J. Bajpai, R. S. Singh, and V. Kumar, “Risk assessment of certificate-based authentication systems using CIA-triad modeling,” Journal of Information Security and Applications, vol. 72, p. 103409, 2022, doi: https://doi.org/10.1016/j.jisa.2022.103409.
[18] A. M. Lone and M. A. Mir, “Survey of cryptographic schemes for secure digital certificates,” ACM Computing Surveys, vol. 55, no. 8, pp. 1–39, 2023, doi: https://doi.org/10.1145/3514220.
[19] NIST, “Security and Privacy for Digital Identity,” NIST SP 800-63C, 2022, doi: https://doi.org/10.6028/NIST.SP.800-63c.
[20] P. Arias-Cabrera and J. Ferrer, “Certificate lifecycle vulnerabilities in PKI ecosystems: An empirical study,” IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 1, pp. 380–392, 2023, doi: https://doi.org/10.1109/TDSC.2022.3146823.
[21] S. K. Viswanathan and K. N. Jha, “Risk mitigation modelling of international construction projects executed by Indian firms: a structural equation modelling approach,” Engineering, Construction and Architectural Management, vol. 27, no. 9, pp. 2687–2713, May 2020, doi: https://doi.org/10.1108/ECAM-05-2019-0265.
[22] P. Arias-Cabrera and J. Ferrer, “Certificate lifecycle vulnerabilities in PKI ecosystems: An empirical study,” IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 1, pp. 380–392, 2023, doi: https://doi.org/10.1109/TDSC.2022.3146823.
[23] M. Elmsalmi, W. Hachicha, and A. M. Aljuaid, “Modeling Sustainable Risks Mitigation Strategies Using a Morphological Analysis-Based Approach: A Real Case Study,” Sustainability, vol. 13, no. 21, p. 12210, Nov. 2021, doi: https://doi.org/10.3390/su132112210.
[24] M. Alowais and S. Alsubaie, “Cyber risk modeling for certificate authorities: An extended CIA approach,” International Journal of Information Management, vol. 69, p. 102576, 2023, doi: https://doi.org/10.1016/j.ijinfomgt.2022.102576.
[25] X. Zhou and L. Chen, “Next-generation PKI architectures: Challenges and future trends,” IEEE Communications Surveys & Tutorials, vol. 24, no. 4, pp. 2331–2355, 2022, doi: https://doi.org/10.1109/COMST.2022.3194828.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Advance Sustainable Science Engineering and Technology
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
