Risk Assessment Keamanan Informasi dengan Menggunakan ISO/IEC 27001: Studi Kasus PT Dyandra Promosindo

Mahansa Putra(1*), Rizal Fathoni Aji(2),

(1) Universitas Indonesia, Indonesiaq
(2) Universitas Indonesia, Indonesia
(*) Corresponding Author


PT Dyandra Promosindo is a company that operates in the event organizer sector, when carrying out their daily business processes they will always be in contact with important information from their clients. Therefore, it is necessary to carry out a risk assessment to avoid loss of confidentiality, integrity and availability of an information asset. The author wants to know how big the risk impact that threatens the security of information assets and provide control recommendations over these assets. The risk assessment process can be divided into three stages, namely, risk identification through interviews and document review, risk analysis using asset valuation and vulnerability and threat ratings, and finally risk evaluation using risk impact measurements. The results of this research showed that 10 critical information assets were identified and only 1 was in the Tolerable risk mitigation group where the other assets were in the Acceptable group. Recommendations for controls for PT Dyandra Promosindo information assets risk based on Annex A ISO/IEC 27001:2022 show 15 controls consisting of 4 Organizational control, 5 People control, 1 Physical control, and 5 Technological control

Full Text:



S. G. Kassa, “IT Asset Valuation, Risk Assessment and Control Implementation Model,” ISACA J., vol. 3, pp. 1–9, 2017.

NIST, “NIST Special Publication 800-37 Revision 2 Risk Management Framework for Information Systems and Organizations,” pp. 229–270, 2017.

Dyandra & Co, “https://www.dyandra.com/about.” .

the International Organization for Standardization, “ISO/IEC 27001 Information security, cybersecurity and privacy protection — Information security management systems — Requirements,” 2022.

M. Mirtsch, J. Kinne, and K. Blind, “Exploring the Adoption of the International Information Security Management System Standard ISO/IEC 27001: A Web Mining-Based Analysis,” IEEE Trans. Eng. Manag., vol. 68, no. 1, pp. 87–100, 2021.

M. Saunders, P. Lewis, and A. Thornhill, Research Methods for Business Students, vol. 195, no. 5. 2018

DOI: http://dx.doi.org/10.30645/j-sakti.v8i1.775


  • There are currently no refbacks.

J-SAKTI (Jurnal Sains Komputer & Informatika)
Published Papers Indexed/Abstracted By:

Jumlah Kunjungan :

View My Stats