<![CDATA[PT Dyandra Promosindo is a company that operates in the event organizer sector, when carrying out their daily business processes they will always be in contact with important information from their clients. Therefore, it is necessary to carry out a risk assessment to avoid loss of confidentiality, integrity and availability of an information asset. The author wants to know how big the risk impact that threatens the security of information assets and provide control recommendations over these assets. The risk assessment process can be divided into three stages, namely, risk identification through interviews and document review, risk analysis using asset valuation and vulnerability and threat ratings, and finally risk evaluation using risk impact measurements. The results of this research showed that 10 critical information assets were identified and only 1 was in the Tolerable risk mitigation group where the other assets were in the Acceptable group. Recommendations for controls for PT Dyandra Promosindo information assets risk based on Annex A ISO/IEC 27001:2022 show 15 controls consisting of 4 Organizational control, 5 People control, 1 Physical control, and 5 Technological control]]>
Copyrights © 2024
