Pengukuran Manajemen Risiko Teknologi Informasi dengan Metode Octtave-S


  • Henny Hendarti Bina Nusantara University
  • Maryani Maryani Bina Nusantara University



OCTAVE-S method, risks, information technology


The purpose of this paper is to measure risks to identify company's assets and analyze risks, and to do strategic planning of security protection and minimize risk. Research used case study by reading materials dealing with the OCTAVE-S method. Observation was done directly to the relating parties through an interview, as well as using a questionnaire based on the OCTAVE-S method. The result obtained from this research is risk management of information technology in order to minimize the risks. Based on the findings obtained, it is expected company can identify potential risks and mitigate them efficiently and effectively.


Alberts, C., Dorofee, A., Stevens, J., & Woody, C. (2005). OCTAVE-S Implementation Guide, Version 1.0. Pittsburgh: Carnegie Mellon Software Engineering Institute.

Bojanc, R. & Jerman–Blazic, B. (2008). An economic modelling approach to information security risk management. International Journal of Information Management, 28(5), 413–422.

Gondodiyoto, S. (2007). Audit Sistem Informasi + Pendekatan COBIT. Edisi Revisi. Jakarta: Mitra Wacana Media.

Jordan, E. & Silcock, L. (2005). Beating IT Risks. England: John Wiley and Sons.

Liu, S., Kuhn, R., & Rossman, H. (2009). Understanding insecure IT: Practical risk assessment. IT Professional, 11(3), 57–59.

OCTAVE-S Implementation Guide. (2005). Volume 10: Example Scenario. Version 1.0.






Abstract 597  .
PDF downloaded 617  .