<![CDATA[The purpose of this study is to produce blue prints based on the level that positively and negatively affects hardware and software in one of the Agencies in City which will later become a benchmark to avoid or overcome problems that will be faced in the IT governance and IT infrastructure. IT governance is a process relationship structure that guides and controls an organization to achieve its vision and mission by creating value that balances risk with IT and its processes. An IT facility is an entity that performs the administrative and management functions of all IT applications in the Department XYZ environment for protection against unwanted threats that require risk management assessment. Minimize the danger or risk that may arise. The two analytical methods used in this study are quantitative and qualitative risk analysis. In the future, the quantitative risk analysis (QRA) approach will focus more on analyzing the condition of IT assets to find risk factors that need serious consideration and handling. For qualitative risk analysis methods, NIST SP 80030 is used to analyze various threat and risk attributes for to provide guidelines for the management of IT facilities in Department XYZ. Based on the QRA risk assessment, it was concluded that server-class IT resources are counted as the biggest potential loss to the Service. This is reflected in the risk aspect, where power losses have the most potential damage. Qualitative assessment of risk management according to NIST SP 80030 found that the sources of high-risk threats are high-risk power grids and the Internet. This level of risk can be identified during the threat source classification process. Submission of all risk analysis results can provide the results of risk recommendations communicated with departement IT management. To then be able to help the campus make decisions that include policies, procedures, budgets, operating systems and change management.]]>
Copyrights © 2022
