Abstract

The purpose of this research are to identify the risk of IT in the company and make some recommendation to solve any risk happened in the company, and also to give the reference in measure the risk of IT in the company. Research Method used are book studies, field studies, and analysis techniques. Book studies by collecting the information from books and journal. Then, for field studies, it done by interview, and observation to the company. Analysis techniques done by qualitative approach and using the Octave-S (Operational Threat Asset and Vulnerability Evaluation) – S as the method to measure the risk of IT in the company. The result of this research will be a description of Information Technology in the company and give any risk happened in IT and mitigation activity through the risk in the company. Conclusion of the research are looking for three critical areas, such the awareness and security training, security strategy, security management, and disaster recovery.Index Terms - Risk Management, Information Technology, Octave-S method.