Information Technology Risk Measurement Using NIST (Case Study at Pt. Pintraco)

Abstract

The purpose of this study is to measure how big the risk level associated existing information technology at PT. Phintraco and how to minimize the risk of information technology. The research methodology used involves library research, documentation studies and interviews, collected data were analyzed using the NIST method. Results from this study indicate there are 13 types of risks that might occur, one of them at high risk (Malicious code) and there are two risks with a medium risk level (Information theft, server hangs). The conclusion was that risk controls has been applied quite good but still there are some weaknesses in it, among others: the password is not changed periodically, there is no documentation about the system, the right of access to the IT division is too free, antivirus programs inadequate.