Jurnal Infra

PT.Z is a printing company based in Sidoarjo. PT.Z handle various customers both domestic and abroad. Information technology has been used to support nearly in all processes in PT.Z, but they has never done a risk analysis before so that the company do not know anything about IT risks that can occur. Therefore, it takes a risk analysis so that the company can determine what risks may occur and how to respond to those risks.
In this thesis, risk assessment performed in the process of software acquisition, implementation, and maintenance. The steps used in performing the risk assessment are measuring the level of maturity of the IT using the Capability Maturity Model Integration (CMMI), then perform mapping of CMMI to COBIT 4.1, and using the OWASP Risk Rating Methodology as a guide in the calculation of risk. Some of these risk factors include the lack of monitoring process based on clear value of metrics, no identification of IT processes that have great impact on the company's business process, there is no verification of value in the result of monitoring data collection.

IT risk analysis, CMMI, COBIT, Qualitative Methods

Carnegie Mellon University. 2006. Capability Maturity Model Integration. USA: Carnegie Mellon University.

Gondodiyoto, S. 2007. In Audit Sistem Informasi + Pendekatan Cobit . Jakarta: Mitra Wacana Media.

Information Technology Governance Institute. 2007. Control Objectives and related Information Technology 4.1. IT Governance Institute: USA

ISACA. 2007. COBIT Mapping: Mapping of CMMI for Development V1. 2 with COBIT 4.1. ISACA :USA

Sarno, R. 2009. In Strategi Sukses Bisnis dengan Teknologi Informasi. Surabaya: ITS Press.

Tim PPM Manajemen. 2012. Business Model Canvas Penerapan di Indonesia. Indonesia: Penerbit PPM.

The Open Web Application Security Project. 2015.OWASP Testing Guide. USA: OWASP Security Foundation.