Jurnal Infra

PT. X is a retail company that is located in Surabaya. In order to meet its objectives and customers’ satisfaction, PT. X uses softwares, hardwares, networks, people, et cetera. Based on the situation and condition in PT. X, there are chances of risk rising caused by data security, data integrity, hard disk, business process sustainability problems, and many more.
This research is about to assess risks that might have happened in all information technology areas and during business processes that are continuisly running. The analized areas are the result of mapping business continuity with standard ISO/IEC 27002:2005 chapter 14 into IT domain and after that doing risk assessment and also risk mitigation.
Risks that have been found are dependence on outsource programmer as an IT consultant, no IT Risk Assessment, no Disaster Recovery Plan, no IT Security Plan, no access right evaluation, no people that are responsible to manage IT, no training or secure area related to security incident, no standard, framework, and SOP for technology and IT system. The result of risk assessment helps the management of the company realize what risks may occur and could have put the company in a danger situation so that the company could take actions to mitigate and to prevent those risks from happening.

Business continuity analysis, IT domain analysis, Risk Assessment and Risk Mitigation.

Gary Stoneburner, Alice Goguen, and Alexis Feringa, (2013). Risk Management Guide for Information Technology Systems, http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf, Diakses pada tanggal 05 Mei 2013.

Senfit Sandra, Gallegos Frederick, and Davis Aleksandra, (2013). Information Technology Control and Audit (Fourth Edition). Broken Sound Parkway NW,Suite 300 : Taylor & Francis Group.

Moeller Robert R. (2010). IT Audit, Control and Security. New Jersey : John Wiley & Sons, Inc .

PMBOK. 4thProject Management Knowledge Area. USA: PMBOK. Rehage, Steve Hunt, Fernando N. (2008). Developing IT Audit Plan. USA: The Institute of Internal Auditors.

Tim PPM Manajemen. (2012). Business Model Canvas Penerapan di Indonesia. Indonesia :Penerbit PPM. - Information technology, Security techniques , Code of practice for information security management, (http://www.slinfo.una.ac.cr/documentos/EIF402/ISO27001.pdf), diakses 30 Mei 2013. - Bridgeland, David dan Zahavi, Ron.(2009).Business Modelling: A Practical Guide to Realizing Business Value. US : Elsevier Inc. - Rappa,M. Managing Digital Enterprise. 2000. .

Osterwalder, A., dan Pigenur, Y.(2010) Business Model Generation. USA: John Wiley and Sons - Rehage, Steven Hunt dan Fernando N. (2008). Developing IT Audit Plan. USA: The Institute of Internal Auditors.