IDENTIFIKASI RISIKO KEAMANAN INFORMASI MENGGUNAKAN ISO 27005 PADA SEBUAH PERGURUAN TINGGI SWASTA DI SURABAYA

Abstract

Information Technology/Information Technology (IT/SI) implementation which
aligned with the vision and mission of a university can provide added value
and competitive advantage. Digital information resulting from the IT/SI
implementation is a very valuable asset. Those assets must be safeguarded and
protected against risk. This study aims to identify information security risks
using ISO 27005 at a private university in Surabaya. This research conducted
because of several incidents happened in this private university, one of the
incident is hacking of academic services website, thus resulting in disruption of
services for the academic community. Risk identification is performed to
determine the potential loss and cause of loss so that security measures can be
prevented, detected or corrected. The result of the research is documentation of
risk identification of information security and recommendation of control as
needed.