Jurnal Infra

Organization X is an organization working in the field of education from kindergarten to high school and vocational secondary school. Organization X are now starting to implement an IT system for all business processes that exist in the organization. All the IT services are intended to facilitate the organization's business processes, and the services provided to consumers can be brought to its best. The problem that occurs in Organization X related to the management system is still manually operated, IT equipment such as hardware, network and servers do not meet the requirements to operate well. That problem requires a risk analysis to provide a proper plan of IT services that will be used by the Organization X.

In this thesis, the risk analysis assessment is performed based on the condition of the current IT services in Organization X, so as to determine the if Organizational X can assist the planning process of IT services in the future. The analysis is based on comprehension of the business model and strategy, an identification of IT Audit Universe, Control Objective Plan and Organize 1-3, as well as evaluating IT risk factors found. The process of risk analysis is performed using the method of Global Technology Audit Guidelines (GTAG), COBIT 4.1 Plan and Organis 1-3, OWASP Risk Methodology.

Based on the examination, a number of IT risks in the Organization X were found, i.e. IT people are not fully involved in determining business goals, resulting in IT Division can not provide maximum role in giving an idea of the progress of IT-related organizations. No particular team established to plan the long-term IT services, resulting in no clear plan on a long-term IT of an organization.

Chrisdiyanto, I. 2013. IT RISK ASSESSMENT DI PERPUSTAKAAN UNIVERSITAS KRISTEN PETRA. Surabaya: Universitas Kristen Petra

ISACA. 2009. The Risk IT Framework, ISACA

IT Governance Institute. 2007. COBIT Control Practices: Guidance to Achieve Control for Successful IT Governance, 2nd Editon. IT Governance Institute

IT Governance Institute. 2007. COBIT 4.1. IT Governance Institute.

Osterwalder, A. dan Pigneur, Y. 2009. Business Model Generation. Amsterdam: self published.

OWASP Foundation. 2014. OWASP Risk Rating Methodology. URI=https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology

Reharge, K., Hunt, dan S., Nikitin, F.D. 2008. Global Technology Audit Guide: Developing the Audit Plan. USA . The Institute of Internal Auditors.

Sanyoto, G. 2007. Audit sistem informasi + pendekatan CobIT. Jakarta : Mitra Wacana Media

The Open Group. 2011. TOGAF. URI=http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap05.html#tag_05_02

Ward, J. dan Peppard, J. 2002, Strategic Planning for Information Systems, 3rd Edition. Cranfield School of Management, Cranfield, Bedfordshire, UK.

Zachman International, 2014, Zachman Framework. URI=https://www.zachman.com/about-the-zachman-framework