Implementation of ISO 31000 for Information Technology Risk Management in the Government Environment

Abstract

Information technology in government and private agencies is used to support the quality of services. Information technology is an important component in carrying out government affairs which include information security and information security services. However, not always the use of information technology is in line with expectations. It is undeniable, the emergence of various possible threats and risks that hinder and disrupt the business processes that are running on several fields. These threats and risks need to be overcome by implementing risk management that is expected to reduce the threats and risks that occur. To determine the extent to which potential threats and risks are related to information technology and how to handle them, an analysis of risk management using ISO 31000 is needed. The process of risk management analysis is, setting context, risk identification, risk analysis, risk evaluation and risk mitigation. The expected results are in the form of risk values ​​based on identification and risk analysis. The final results of this activity are in the form of recommendations to reduce and prevent risks that will occur.