<![CDATA[This study aims to analyze the state of cybersecurity and examine the implementation of risk management strategies at the Communication and Informatics Office of North Sumatra Province. The study employed a qualitative approach with descriptive methods, using interviews and documentation as data collection techniques. Interviews were conducted with three informants directly involved in cybersecurity management. The results indicate that the implementation of cybersecurity risk management has been carried out systematically through the stages of risk identification, analysis, evaluation, handling, and monitoring, supported by the use of a risk register and the Plan, Do, Check, Act (PDCA) cycle approach within the Information Security Management System framework. Risk assessments are conducted based on the level of impact and likelihood to determine priority for handling. The implemented mitigation strategies include risk control, avoidance, and transfer, with a focus on high-level risks. However, implementation still faces obstacles such as limited human resources, suboptimal internal policies, and a lack of support systems. Therefore, strengthening is needed through improving human resource competency, refining policies, and ongoing monitoring and evaluation to enhance the effectiveness of risk management and cybersecurity resilience.]]>
Copyrights © 2026
