<![CDATA[XYZ University is very likely to face security risks in the implementation of the Academic Information System (SIAKAD), which includes various threats such as cyber attacks, data leaks, and unauthorized use of data. Therefore, this study aims to identify information security risks with an approach that follows the ISO 27005:2018 standard. The research method used involves several important stages in ISO 27005:2018, starting from determining a clear scope and context as a basis for identifying, analyzing, and evaluating and determining appropriate actions against information security risks. The results of this study indicate that there are 4 data-related risks, 3 software-related risks, 6 hardware-related risks, and 5 risks in the people category, which have been identified. From the results of the analysis, there is 1 risk with an extreme level and 10 high-level risks. After evaluating the implementation of existing controls, there are 6 risks that exceed the risk acceptance level so that special actions are needed to manage these risks. Ultimately, this study contributes theoretically to the application of ISO 27005:2018 to analyze information security risks within the University. In addition, this study provides practical benefits for University management to be able to determine the right strategies and actions in managing information security risks.]]>
Copyrights © 2024
