<![CDATA[The advancement of information technology has driven companies to adopt technology-based systems to enhance operational efficiency while also increasing the complexity of information security risks. This study aims to analyse risk factors associated with information security assets, identify potential threats, assess risks, and provide mitigation recommendations. The OCTAVE method was applied to identify threats, vulnerabilities, and critical information technology assets, while FMEA was used to determine risk mitigation priorities based on the Risk Priority Number (RPN). The mitigation recommendations were developed in accordance with ISO 27001:2022 standards. Data collection was conducted through interviews with XYZ company representatives, identifying 34 information security asset risks, including 6 hardware failure potentials, 6 software failure potentials, 14 data failure potentials, 4 human resource failure potentials, and 4 network failure potentials. The risk categorisation results revealed 5 high-level risks, 6 moderate-level risks, 20 low-level risks, and 3 very low-level risks. The mitigation recommendations include three ISO/IEC 27001:2022 clauses: Human Resource Controls, Physical Controls, and Information Technology Controls.]]>
Copyrights © 2025
