ISO 31000:2018-Based IT Infrastructure Risk Management Study (Case Study: Universitas Mikroskil)

Abstract

In dealing with risks, organizational stakeholders will need risk management to ensure that risks within the organization have been identified and appropriate controls have been implemented in each implementation of the organization's IT infrastructure. Risk management is a process of identification, analysis, assessment, control, and efforts to avoid, minimize, and even eliminate unacceptable risks. Implementation of risk management with ISO 31000 by risk analysis and the areas that will be the focus of risk management. Mikroskil University requires risk management standards to minimize the risk of using the internet and servers in academic activities required by all academic levels at Mikroskil. The stages of the research method that are by chosen method are collecting the risks faced by the organization, determining the risk scale, and using a risk matrix for risk management priority exposure. The results of the risk management analysis are in the form of the basic principles of implementing risk management with the ISO 31000 standard, which is a recommendation to the organization in managing risk by applicable standards. The result of the risk level is two possible risks with a low level, ten with a high level, and 3 with an extreme level.