Jurnal Infra

PT. X is a tobacco company. In order to support its business processes, this company uses software, hardware, network and machines for production process. However, this company is lack of monitoring of IT tools so that when problems occur, the problem solving can be delayed, and it has no plans if disaster might happen.

This thesis assess IT risks and company’s business processes. This assessment uses COBIT 4.1 standard, ISO 31000, and for the calculation used Risk Rating Methodology OWASP. Risks that have Critical-High scale are no Disaster Recovery Plan, backup result is stored in the same room with the main server, no monitoring in data backing up, data backup is just done in onsite technique, no backup data recording.

The responses to the company’s risk factors are that company should make DRP so that when any disaster occurs, company’s important data is not lost, backup storage should located, at different place than main server, company should backup process, and backup should be done by offsite technique, so when any data is lost, it can be easily restored.

Chrisdiyanto, I (2013). IT Risk Assessment di perpustakaan Universitas Kristen Petra. Surabaya.

Draft International Standard. (2008). ISO/DIS 31000 : Risk Management-Principles and Guidelines on Implementation.

Draft International Standard (2011). ISO/DIS 22313 : Sociental security – Business continuity management system – Guidance.

International Standard (2008). ISO/IEC 38500: Corporate governance of information technology.

IT Governance Institute. (2007). Cobit 4.1. USA:ISACA.

OWASP Risk Rating Methodology. (2008). The OWASP Risk Rating Methodology. Retrieved Sept. 17, 2013, from https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology