<![CDATA[The existence of information technology has provided various conveniences and opportunities for conducting business online, one of which is the Software as a Service (SaaS) industry. PT XYZ is one of the startups focused on the SaaS business as a provider of integrated school management system (ISMS) solutions. IT plays a vital role in the operational activities of ISMS. PT XYZ is aware of this and has implemented a zero-security incident policy for its ISMS. However, the ISMS still experiences security incidents due to vulnerabilities in the system that result in losses for PT XYZ. This indicates the need for information security risk management for the ISMS. The purpose of this study is to obtain a design for information security risk management for ISMS. This study uses a qualitative method where data collection is conducted through interviews, observations, and literature reviews. SNI ISO/IEC 27005:2022 is used as the information security risk assessment, while risk control recommendations utilize SNI ISO/IEC 27001:2022. This study resulted in 28 risk scenarios, namely: 12 High risks, 10 Moderate risks, two Low risks, and four Very Low risks. The outcome of this study is the design of information security risk management for PT XYZ's ISMS.]]>
Copyrights © 2025
