<![CDATA[Information security is a critical aspect of protecting an organization's essential assets, including data centers that store and process sensitive information. The XYZ Agency, responsible for managing public finances, places a high priority on maintaining data confidentiality, integrity, and availability. Therefore, improving information security needs to be done through a risk assessment of assets located in the XYZ Agency Data Center. This research aims to evaluate information security risks at the XYZ Agency Data Center using the ISO 27005:2018 and NIST SP 800-30 frameworks. The assessment was performed through qualitative analysis involving interviews, internal document review, and observation. The findings revealed 111 identified risks, categorized as 48 very low risks, 50 low risks, 9 medium risks, and 4 high risks. Among these, 13 risks 4 high risks and 9 medium risks require mitigation. Mitigation efforts should prioritize seven data center assets with medium and high risks, namely application server assets, database servers, virtual host servers, agency service applications, agency service data, virtual server staffing applications, and staffing applications.]]>
Copyrights © 2025
