Information Technology Risk Control of University in a Work from Home Situations

  • Iqbal Santosa Universitas Telkom, Indonesia
  • Rahmat Mulyana Stockholm University, Sweden
Keywords: Information Technology, Risk Management, Work from Home


The University is one of the educational institutions affected by the COVID-19 pandemic. Most of its activities, which are academic management, human resource management, information technology services, and so on were changed into WFH (Work from Home) supported by information technology. Utilization of information technology in supporting WFH can create various risks and needs to be controlled either preventive, detective, or corrective to minimize the impact. This research will focus on planning for university information technology risk control in working from home conditions by referring to the ISO 31000:2018 standard for risk management processes, COBIT 5 Generic Risk Scenario for defining risk scenarios, and DoD Instruction 8500.2 and NIST SP 800-53 in the identification of risk controls. The resulting solution is in the form of a risk treatment plan. This solution is expected to assist universities in identifying risks related to information technology and planning controls related to the implementation of work-from-home in their environment.


Download data is not yet available.


ISO 31000:2018 Risk management — Guidelines, ISO, 2018.

ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes, ISO, 2016.

M. Shepherd. "Surprising Working From Home Statistics." (accessed 28 September, 2022).

R. W. Tuti, "Analisis implementasi kebijakan work from home pada kesejahteraan pengemudi transportasi online di Indonesia," Jurnal Ilmiah Ilmu Administrasi, vol. 3, pp. 73-85, 2020.

U. T. A. Ahidin, Aris; Imbron; Khoiriah, Neneng, COVID-19 dan Work from Home. Desanta Muliavisitama, 2020.

T. University. "Tel-U Kembali Jalani Audit Internal Secara Online." (accessed 9 November, 2022).

ISACA, COBIT 5 for Risk (ISACA). 2013.

NIST Special Publication 800-53, Revision 5 — Security and Privacy Controls for Information Systems and Organizations, NIST, 2020.

Department of Defense Instruction 8500.2 Information Assurance (IA) Implementation, D. o. D. U. S. o. America, 2003.

Y. Erlika, M. I. Herdiansyah, and A. H. Mirza, "Analisis IT Risk Management di Universitas Bina Darma Menggunakan ISO31000," Jurnal Informatika Global, vol. 11, no. 1, 2020.

H. Hardani et al., Metode Penelitian Kualitatif & Kuantitatif. Yogyakarta: CV. Pustaka Ilmu Group, 2020.

T. University. "Laporan Daftar Risiko Universitas Telkom Periode Ganjil 2019-2020." (accessed 28 September, 2022).

Abstract views: 332 times
Download PDF: 206 times
How to Cite
Santosa, I., & Mulyana, R. (2022). Information Technology Risk Control of University in a Work from Home Situations. Journal of Information Systems and Informatics, 4(4), 1008-1018.