Information security risk management planning: A case study at application module of state asset directorate general of state asset ministry of finance

Ministry of Finance in particular the Directorate General of State Asset (DJKN) is one organization that is tasked to undertake the management of state asset and improved services to stakeholders using information technology as a supporting element. To realize the value database of state asset into a credible executive information intact, timely, accurate and can be used for decision making process for the leadership of the Ministry of Finance then needed an information security risk management plan to the main information systems that support business processes DJKN. This research aimed to develop an information security risk management plan for DJKN particularly to applications that support key business processes that called state assets module applications using the framework of ISO 27005 and ISO 27002 for risk reduction management. The results obtained from this research is the information security risk management plan that contains the document mitigation risk, control recommendations to reduce risk and acceptance of risk which contains risk management decisions also the person in charge of mitigation risk.