<![CDATA[IT Governance is the structure of process relationships that guide and control an organization to achieve its vision and mission by adding value that will balance risks with IT and its processes. The analytical method used in this research is quantitative and qualitative risk analysis. The Quantitative Risk Analysis (QRA) approach focuses on analyzing the maintenance of IT resources to find risk factors that need serious consideration and treatment. For the qualitative risk analysis method, NIST SP 800-30 is used to analyze the various threat and risk attributes to provide guidelines for managing IT installations at XYZ Campus. Based on the QRA risk assessment, Internal HR who has access to the server is calculated as the highest potential campus loss. This can be seen in the risk aspect where losses caused by Internal HR who play the role of server admins have the greatest potential for losses. Qualitative assessment of risk management finds sources of threats with high risk are Internal HR and IT Infrastructure Systems. This level of risk can be detected during the hazard source classification process. The presentation of all risk analysis results can provide risk recommendations that will be communicated to campus IT management. To then be able to assist the campus in making a decision that includes policies, procedures, budgets, system operations, and change management.]]>
Copyrights © 2022
