Implementation OCTAVE-S and ISO 27001Controls in Risk Management Information Systems

Extensive use of information technology in companies put IT into a position which is of considerable concern, especially in large companies that put IT becomes a strategic part of the company. The importance of IT division, make the companies willing to pay big to get the benefits offered by IT itself, but on the other hand appears disappointment incurred from investments are not comparable with the results obtained. Until the threat appear and disrupt the business of the company. By doing risk management using the OCTAVE-S, particularly in smaller companies, can help companies to be growing, the company can find out the weaknesses and threats that may arise that could disrupt the company's business, helped by the standard controls that are owned by the ISO / EIC 27001 : 2005 helps companies to prepare implement ISO / EIC 27001:2005 later.