Analysis of Risk Management Information System Applications Using Iso/Iec 27001:2022

Abstract

The rapid development of information technology can make it easier for anyone to obtain, process, and disseminate various information systems. Information system security is an important aspect in maintaining information confidentiality. One way to maintain the security of information systems is by conducting risk management. The goal of risk management is to control and lessen the likelihood of risks that could jeopardize information system security. This research aims to carry out a risk management process in one of the government agencies in Indonesia by controlling mitigation that refers to ISO / IEC 27001: 2022. Data collection in this study was carried out by means of observation, interviews, and Forum Group Discussion (FGD). The results of this study were the discovery of 15 risks, 50 risk threats, and 15 impacts caused by the risk. This research resulted in 42% of the risks falling into a moderate impact.