<![CDATA[Information system risk audits are an important step in ensuring the security, effectiveness, and efficiency of the systems used by organizations. However, the fast advancement of information and communication technologies has made information?security threats more intricate, arising not only from internal sources like employee carelessness but also from external sources such as cyber?attacks, malware, and data?theft. This study aims to analyze information security risks at the Central Statistics Agency (BPS) of Lhokseumawe by referring to two international standards, namely ISO/IEC 27001:2022 and ISO 31000:2018. The research approach used is descriptive qualitative with a case study method. Data collection techniques were conducted through interviews, observations, and document studies. The results of the study indicate that there are still various security gaps, both technical and non-technical, such as weak system authentication, the absence of adequate security policies, and the lack of incident handling procedures. This study successfully compiled a risk register containing 30 types of risks along with their causes, impacts, likelihood levels, and relevant mitigation recommendations. Improvement recommendations include strengthening technical controls, updating information security policies, enhancing human resource capacity, and conducting regular internal audits. The results of this study are expected to serve as a reference for strengthening information security systems in a systematic and standardized manner within the BPS environment.]]>
Copyrights © 2025
