Manajemen Risiko Teknologi Informasi: Studi Kasus pada Perusahaan Jasa

Authors

  • Achmad Reza Viyanto Bina Nusantara University
  • Okhran Steve Latuihamallo Bina Nusantara University
  • Franky Mangihut Tua Bina Nusantara University
  • Anderes Gui Bina Nusantara University
  • Suryanto Suryanto Bina Nusantara University

DOI:

https://doi.org/10.21512/comtech.v4i1.2682

Keywords:

risk measurement, information technology, security, vulnerability

Abstract

The purpose of this study is to identify and quantify risks that may occur any time in the application of information technology in a company, as well as to provide information on the risks associated with the security of information technology system of the company. The methods used are: data collection and analysis techniques. Data collection includes: literature and field studies, in which the field study is conducted by interview and observation. Analytical technique used in the measurement of risk is OCTAVE-S. The results found the risks associated with security management, contingency planning, vulnerability management, as well as design and security architecture. It iscocluded from this this study that there are still a lot of risks that can threaten companies such as lack of contingency and disaster recovery plan.

References

Alberts, C dan Dorofee, A. (2003). Managing information security risks. Canada: Adisson Wesley.

Alberts, C., Dorofee, A., Stevens, J., & Woody C. (2003). OCTAVE-S Implementation Guide, Version 1.0. Pittsburgh: Carnegie Mellon University.

Brown, W. C. (2006). IT Governance, Architectural Competency, and the Vasa. Information Management & Computer Security, 14. Diakses 25 Febuariuari 2010 dari http://proquest.umi.com/pqdweb?did=1073465011&sid=5&Fmt=3&clientId=68814&RQT=309&VName=PQD http://proquest.umi.com/pqdweb?did=1368985541&sid=4&Fmt=4&clientId=68814&RQT=309&VName=PQD

Pathak, J. (2005). Risk Management, Internal Controls, and Organizational Vulnerabilities. Managerial Auditing Journal, 20. Diakses 25 Febuari 2010 dari http://proquest.umi.com/pqdweb?did=907062421&sid=3&Fmt=3&clientId=68814&RQT=309&VName=PQD

Peltier, T.R. (2001). Information Security Risk Analysis. Auerbach, United Stated.

Purtell, T. (2007). A New View on IT Risk. Risk Management, 54. Diakses 25 Febuari 2010 dari

Rainer, R. K., Turban, E., & Potter, E. (2009). Introduction to Information Systems: Supporting and Transforming Business (International Student Version). New York: John Wiley & Sons.

Trieschmann, J. S., Hoyt, R. E., & Sommer, D. W. (2005). Risk Management and Insurance, 12th edition. Mason: Thomson South-Western.

Veiga, A. D. & Eloff, J. H. P. (2007). An Information Security Governance Framework. Information Systems Management, 24. Diakses 25 Febuari 2010 dari http://proquest.umi.com/pqdweb?did=1395622361&Fmt=3&clientId=68814&RQT=309&VName=PQD

Downloads

Published

2013-06-30

Issue

Section

Articles