An organization can prevent a risk from occurring by taking planning or mitigation steps that must be taken if an error occurs so that it does not have a negative impact on the organization's activities. The data center is the heart of the information technology infrastructure owned by XYZ University because there needs to be risk management in place if a threat occurs whether from within or from outside. Three security factors that must be protected in an information security system are confidentiality, integrity and availability. The absence of a risk analysis made by XYZ University has resulted in the absence of mitigation steps that must be taken if a threat or failure occurs in the Data Center. Based on the results of risk management research using OCTAVE Allegro carried out at XYZ University, 9 important information assets were produced, of which 5 assets must be mitigated, namely errors during network maintenance in the server room, service interruption due to power failure, internet connection disruption, damage to server hardware, Natural disasters that result in damage to related devices, and 4 information assets must be postponed, namely leaking of access rights such as administrator username and password, server space being accessed by unauthorized parties, bugs/errors during system updates, exploitation of system security gaps in the server from outside parties. and in the.

I. M. M. Matin, A. Arini, and L. K. Wardhani, “Analisis Keamanan Informasi Data Center Menggunakan Cobit 5,” J. Tek. Inform., vol. 10, no. 2, pp. 119–128, 2018, doi: 10.15408/jti.v10i2.7026.

B. Rahardjo, Keamanan Perangkat Lunak. PT Insan Infonesia, 2016.

O. Arifudin, U. Wahrudin, and F. D. Rusmana, MANAJEMEN RISIKO. Widina, 2020.

D. M. Alghazzawi, S. H. Hasan, and M. S. Trigui, “Information Systems Threats and Vulnerabilities,” Int. J. Comput. Appl., vol. 89, pp. 25–29, 2014.

M. E. Whitman and H. J. Mattord, “Management of information security,” Cengage Learn., 2013.

Syafrinal and Agusrijar, “Audit Keamanan Sistem Informasi Pada Data Center Menggunakan Standar SNI-ISO 27001,” Audit Keamanan Sist. Inf. Pada Data Cent. Menggunakan Standar SNI-ISO, vol. 4, no. September, p. 581, 2020.

F. Nafisah, W. Putra, and A. Herlambang, “Evaluasi Keamanan Informasi Data Center Berdasarkan Standar ISO 27001:2013 (Studi Kasus PT. Pupuk Kalimantan Timur),” J. Pengemb. Teknol. Inf. dan Ilmu Komput., vol. 4, no. 6, pp. 1858–1865, 2020, [Online]. Available: https://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/7441.

N. Tariq et al., “The security of big data in fog-enabled iot applications including blockchain: A survey,” Sensors (Switzerland), vol. 19, no. 8, pp. 1–33, 2019, doi: 10.3390/s19081788.

D. Achmadi, Y. Suryanto, and K. Ramli, “On Developing Information Security Management System (ISMS) Framework for ISO 27001-based Data Center,” Inst. Electr. Electron. Eng., 2018, doi: 10.1109/IWBIS.2018.8471700.

J. S. Suroso and B. Rahaldi, “Risk is the possibility of loss or damage caused by an act. Risk must be managed properly and thoroughly structured.,” ACM Int. Conf. Proceeding Ser., vol. Part F1306, no. Implementation In IT Governance For Support Business Strategy, pp. 92–96, 2017.

C. Alberts and A. Dorofee, Introduction to the OCTAVE Approach, no. August. Pittsburgh, PA 15213-3890: Carnegie Mellon University, 2003.

C. Woody, Applying OCTAVE: Practitioners Report. Carnegie Mellon University, 2006.

R. A. Caralli, J. F. Stevens, L. R. Young, and W. R. Wilson, “Introducing OCTAVE Allegro : Improving the Information Security Risk Assessment Process,” Young, no. May, pp. 1–113, 2007.