<![CDATA[For an organization, information security is a priority. Within the rapid growth of information technology, information becomes easier to access, processed, and used in organization globally. Using information systems in government will improve efficiency, effectiveness, transparency, and accountability in respect of good governance. Regarding the use of information technology sometimes it does not align with its purpose, because there is uncertainty or particular risk that must be faced in using IT. The study conducts a systematic literature review (SLR) to understand the steps and frameworks for information security risk management. Data sources such as IEEE Xplore, ScienceDirect, Proquest, and ACM from 2009 to 2023 are used to obtain literature. Sixteen papers were obtained to complete this study. This research identifies three frameworks that can be used in information security risk management: ISO 27005, NIST SP 800-30, and Cobit 5 For Risk. stages in information security risk management in general are Context Formation, Risk Identification, Risk Assessment, Risk Treatment, and Risk Monitoring.]]>
Copyrights © 2024
