Information Technology Risk Management Analysis Using ISO: 31000 at PT. XYZ
DOI:
https://doi.org/10.51519/journalisi.v4i3.288Keywords:
information technology, risk management, ISO 31000Abstract
XYZ is one of the branch offices of banking subsidiaries in Indonesia that focuses on providing leasing facilities, investment and working capital. As a company, PT. XYZ is inseparable in the use of information technology which gives rise to various possible risks that exist. Therefore, it is necessary to have an analysis of information technology risk management in PT. XYZ. Through this research, it is hoped that it can help PT. XYZ in identifying possible risks that occur to the company, as well as actions that must be taken in the face of such risks. The framework used in this study is the ISO 31000 framework. Based on the results of this study, 13 possible risks that have low risk levels (R01, R02, R03, R04, R05, R07, R08, R12, R13, R15, R16, R20 and R21 ), 6 possible risks that have medium risk levels (R06, R09, R10, R11, R14 and R18), as well as 2 possible risks that have high risk levels (R17 and R19). In addition, a risk treatment proposal was produced that can be used as a reference by PT. XYZ to minimize losses caused by these risks.
Downloads
References
D. L. Ramadhan, R. Febriansyah, and R. S. Dewi, “Analisis Manajemen Risiko Menggunakan ISO 31000 pada Smart Canteen SMA XYZ,” JURIKOM (Jurnal Riset Komputer), vol. 7, no. 1, pp. 91-96, Feb. 2020, doi: 10.30865/jurikom.v7i1.1791.
D. Prabowo and A. F. Wijaya, “Risk Management Analysis on KKM LKF FTI UKSW Website Using ISO 31000 Framework,” Journal of Information Systems and Informatics, vol. 4, no. 1, pp. 65, Mar. 2022, [Online]. Available: http://journal-isi.org/index.php/isi.
P. Kanantyo, and F. S. Papilaya, “Analisis Risiko Teknologi Informasi Menggunakan ISO 31000 (Learning Management System SMPN 6 Salatiga),” Jurnal Teknik Informatika dan Sistem Informasi, vol. 8, no. 4, pp. 1896-1908, Des . 2021. [Online]. Available: http://jurnal.mdp.ac.id.
H. Citra Christian and M. N. N. Sitokdana, “Analisis Risiko Teknologi Informasi pada BANK ABC Menggunakan Framework ISO 31000,” Jurnal Teknik Informatika dan Sistem Informasi, vol. 9, no.1, pp. 735-748, Mar. 2022. [Online]. Available: http://jurnal.mdp.ac.id.
ISO, Risk management — Guidelines, ISO 31000:2018. 2018.
K. B. Mahardika, A. F. Wijaya, and A. D. Cahyono, “MANAJEMEN RISIKO TEKNOLOGI INFORMASI MENGGUNAKAN ISO 31000 : 2018 (STUDI KASUS: CV. XY),” SEBATIK , vol.#, no.#, pp. 277-284, Jun. 2019.
Monica, D. Kurniawan, and R. Prabowo, “Analisis Manajemen Risiko Sistem Informasi Pengelolaan Data English Proficiency Test (EPT) dan Portal Informasi di UPT Bahasa Universitas Lampung Menggunakan Metode ISO 31000,” Jurnal Komputasi, vol. 8, no. 1, pp. 83-90, Apr. 2020.
S. D. Fitri, D. L. Setyowati, and K. Duma, “Implementasi Manajemen Risiko Berdasarkan ISO 31000:2009 pada Program Perawatan Mesin di Area Workshop PT. X,” Faletehan Health Journal, vol. 6, no. 1, pp. 16–24, Mar. 2019, [Online]. Available: www.journal.lppm-stikesfa.ac.id/ojs/index.php/FHJ.
S. Agustinus, A. Nugroho, and A. Dwika Cahyono, “Analisis Risiko Teknologi Informasi Menggunakan ISO 31000 pada Program HRMS,” Jurnal Resti, vol. 1, no. 3, pp. 250–238, Des. 2017, [Online]. Available: http://jurnal.iaii.or.id.
T. F. Rahardian and A. F. Wijaya, “Risk Analysis of Web-Based Information Systems on CV Mega Komputama Uses ISO 31000,” Journal of Information Systems and Informatics, vol. 4, no. 2, pp. 428-443 , Jun. 2022, [Online]. Available: http://journal-isi.org/index.php/isi.
A. Rahmawati, A. F. Wijaya, A. R. Fakultas, and T. Informasi, “ANALISIS RISIKO TEKNOLOGI INFORMASI MENGGUNAKAN ISO 31000 PADA APLIKASI ITOP Penulis Korespondensi.” Jurnal SITECH, vol. 2, no. 1, pp. 13-20, Jun. 2019, [Online]. Available: http://www.jurnal.umk.ac.id/sitech.
G. W. Lantang, A. D. Cahyono, and M. N. N. Sitokdana, “ANALISIS RISIKO TEKNOLOGI INFORMASI PADA APLIKASI SAP DI PT SERASI AUTORAYA MENGGUNAKAN ISO 31000,” SEBATIK, vol.#, no.#, pp. 36-42, Jun. 2019.
R. P. Pangestu and A. F. Wijaya, “Analisis Manajemen Risiko Aplikasi SINTESA Pada Perpustakaan XYZ,” Jurnal Bina Komputer, vol. 2, no. 2, pp. 1-14, Jun. 2020.
N. V. Richardo and M. N. N. Sitokdana, “Analisis Risiko Teknologi Informasi Pada Perusahaan Toko Surabaya Cabang Surakarta,” Journal of Information Systems and Informatics, vol. 3, no. 1, pp. 13-30, Mar. 2021, [Online]. Available: http://journal-isi.org/index.php/isi.
M. Miftakhatun, “Analisis Manajemen Risiko Teknologi Informasi pada Website Ecofo Menggunakan ISO 31000,” Journal of Computer Science and Engineering (JCSE), vol. 1, no. 2, pp. 128–146, Aug. 2020, doi: 10.36596/jcse.v1i2.76.
Downloads
Published
Issue
Section
License
Authors Declaration
- The Authors certify that they have read, understood, and agreed to the Journal of Information Systems and Informatics (JournalISI) submission guidelines, policies, and submission declaration. The submission has been prepared using the provided template.
- The Authors certify that all authors have approved the publication of this manuscript and that there is no conflict of interest.
- The Authors confirm that the manuscript is their original work, has not received prior publication, is not under consideration for publication elsewhere, and has not been previously published.
- The Authors confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- The Authors confirm that the manuscript is not copied from or plagiarized from any other published work.
- The Authors declare that the manuscript will not be submitted for publication in any other journal or magazine until a decision is made by the journal editors.
- If the manuscript is finally accepted for publication, the Authors confirm that they will either proceed with publication immediately or withdraw the manuscript in accordance with the journal’s withdrawal policies.
- The Authors agree that, upon publication of the manuscript in this journal, they transfer copyright or assign exclusive rights to the publisher, including commercial rights
