Manajemen Risiko Teknologi Informasi: Studi Kasus pada Perusahaan Jasa
Keywords:risk measurement, information technology, security, vulnerability
The purpose of this study is to identify and quantify risks that may occur any time in the application of information technology in a company, as well as to provide information on the risks associated with the security of information technology system of the company. The methods used are: data collection and analysis techniques. Data collection includes: literature and field studies, in which the field study is conducted by interview and observation. Analytical technique used in the measurement of risk is OCTAVE-S. The results found the risks associated with security management, contingency planning, vulnerability management, as well as design and security architecture. It iscocluded from this this study that there are still a lot of risks that can threaten companies such as lack of contingency and disaster recovery plan.
Alberts, C dan Dorofee, A. (2003). Managing information security risks. Canada: Adisson Wesley.
Alberts, C., Dorofee, A., Stevens, J., & Woody C. (2003). OCTAVE-S Implementation Guide, Version 1.0. Pittsburgh: Carnegie Mellon University.
Brown, W. C. (2006). IT Governance, Architectural Competency, and the Vasa. Information Management & Computer Security, 14. Diakses 25 Febuariuari 2010 dari http://proquest.umi.com/pqdweb?did=1073465011&sid=5&Fmt=3&clientId=68814&RQT=309&VName=PQD http://proquest.umi.com/pqdweb?did=1368985541&sid=4&Fmt=4&clientId=68814&RQT=309&VName=PQD
Pathak, J. (2005). Risk Management, Internal Controls, and Organizational Vulnerabilities. Managerial Auditing Journal, 20. Diakses 25 Febuari 2010 dari http://proquest.umi.com/pqdweb?did=907062421&sid=3&Fmt=3&clientId=68814&RQT=309&VName=PQD
Peltier, T.R. (2001). Information Security Risk Analysis. Auerbach, United Stated.
Purtell, T. (2007). A New View on IT Risk. Risk Management, 54. Diakses 25 Febuari 2010 dari
Rainer, R. K., Turban, E., & Potter, E. (2009). Introduction to Information Systems: Supporting and Transforming Business (International Student Version). New York: John Wiley & Sons.
Trieschmann, J. S., Hoyt, R. E., & Sommer, D. W. (2005). Risk Management and Insurance, 12th edition. Mason: Thomson South-Western.
Veiga, A. D. & Eloff, J. H. P. (2007). An Information Security Governance Framework. Information Systems Management, 24. Diakses 25 Febuari 2010 dari http://proquest.umi.com/pqdweb?did=1395622361&Fmt=3&clientId=68814&RQT=309&VName=PQD
Authors who publish with this journal agree to the following terms:
a. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License - Share Alike that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
b. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
c. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
All articles published Open Access will be immediately and permanently free for everyone to read and download. We are continuously working with our author communities to select the best choice of license options, currently being defined for this journal as follows: