<![CDATA[Wishnu Husada Banyumas Hospital has applied information technology in the service process, but the problems that arise in the application of information systems often occur such as human error, server problems and other risks. Lack of documentation in managing risks results in the same risks being repeated often in the future. The purpose of this study is to evaluate risk using the OCTAVE-S method and control standards referring to ISO 27001 in hospitals. This research is a qualitative research using a case study approach. The data collection method uses literature studies and field studies. The results achieved from this research are knowing critical information systems in the form of a database server and also SIMRS, knowing the threat to critical assets in the form of the absence of some standard procedures in the 6 parts of security practices. There are 6 security practices that get a red stoplight, 9 yellow stoplight security practices and 1 green stoplight security practice referring to the OCTAVE-S method. The risk mitigation plan refers to ISO 27001 to help the organization map according to the assessment of safety practices that have been carried out]]>
Copyrights © 2020
