Implementation of risk management in library information system at Surabaya City Library

Abstract

Libraries may be at risk of data security issues. The threat of data loss or data damage is prone to occur in libraries. Information technology embedded in libraries has developed Artificial Intelligence (AI) for information retrieval systems. The application of information technology in the Surabaya City Library has potential risks to data security and force majeure aspects so that need a disaster mitigation plant. This study aimed to implement information system risk management at Surabaya City Libraries as a disaster mitigation plan. The research method was descriptive qualitative. Based on the risk analysis, the recommendations for applying risk to information technology Surabaya City Library were elimination and engineering. The manifestation of these two recommendations made the data access protocol use multiple authentications to avoid data theft attempts due to infiltration, hacking, and cracking. Study results recommended a protocol for each data access. The protocol would save every change, deletion, and system login in the log history. Implementing data authentication twice per login can avoid data theft caused by the intrusion. This activity log is used for activity tracking when the system is infiltrated. The limitation of this study lies in the scope of the research object, namely the library, which has limitations on the system or application used and does not impact the wider community. Conclusion of research, the library can implement risk management strategy with elimination and engineering models through recording system login activities, which mitigate the risk of data breaches originating from insiders.