Risk Management Analysis of Public Services Information System Case Study: PT ABC

Information security is very necessary in the use of information system applications because in the process of storing and using data, threats that can affect the confidentiality, integrity and availability of information can attack the information assets. All industries require protection of their information assets especially in social security companies where there is a registered participant's personal information data, so they need more protection for their information assets. In protecting these information assets, companies must first know the risks that might occur and assess which risks have the most significant impact on their business processes and need to be addressed. This research aims to assess the risk of critical information assets owned by PT ABC, from the technical, physical, and human resources aspects, using the Octave Allegro framework. The Octave Allegro framework focuses valuations on critical information assets and is relatively easy to use because companies do not need a lot of resources to use them so they are suitable for application in small and medium-sized companies such as PT ABC. PT ABC's public service system was chosen as the object of the case study because it had not previously carried out a risk assessment. The results of this study, which used interviews and document analysis as a method of data collection showed that PT ABC needs to focus more on implementing their security controls on technical containers