<![CDATA[The advancement of information technology (IT) provides significant benefits for organizational operations, including the Department of Communication and Informatics (Diskominfo) of Tabanan Regency. However, IT implementatiocn also brings security risks, such as hacking and cyberattacks, which can threaten the continuity of public services. This study aims to implement risk management based on ISO/IEC 27005:2022 to protect the IT assets owned by Diskominfo Tabanan Regency. The stages carried out include context establishment, risk identification, risk analysis, risk evaluation, and recommendations. In the risk identification stage, 28 IT assets, 57 threats, existing controls for each asset, vulnerabilities of these controls, and potential consequences were identified. In the risk analysis stage, eight respondents were asked to complete a questionnaire to assess the impact of threats and the likelihood of their occurrence, with the average impact and likelihood scores being 3 and 4, respectively. Based on the questionnaire results, the study will proceed with risk level assessment to determine risk levels based on the previous analysis. Subsequently, a risk evaluation will be conducted to provide recommendations for effective mitigation measures. This IT risk analysis study resulted in mitigation recommendations for threats that could potentially impact Diskominfo Tabanan Regency IT assets. The recommendations were developed based on the severity level of each risk after analysis, referring to common practices in both public and private sectors, as well as sources such as research journals, relevant literature, and the ISO/IEC 27005 standard]]>
