Risk Management in Final Semester Exam Information System Using NIST 800-30 Method (Case Study of SMKN 2 Baleendah)
Keywords:
information systems and technology; risk management; SMK Negeri 2 Baleendah; NIST 800-30.Abstract
In the use of information systems and technology, risk is something that must be
anticipated. Risks can arise from various things such as information security, fire,
hardware damage, etc. that can disrupt the organization's business processes. With the
possible emergence of risks in the use of information systems and technology, risk
management is needed to facilitate the identification of possible occurrences of these risks.
Risk management is the practice of identifying, assessing, controlling and mitigating risks.
SMK Negeri 2 Baleendah is a vocational high school that has 5 areas of expertise
competence, namely culinary, beauty, fashion, industrial chemistry, and computer network
engineering. SMK Negeri 2 Baleendah as an organization engaged in education has
implemented online exam information technology. Of course, the application of
information technology raises a problem. From these problems, risk management is
needed to minimize risk by conducting a risk assessment. NIST 800-30 is a standard
document developed by the National Institute of Standards and Technology. NIST 800-30
has two important stages, namely risk assessment and risk mitigation. This research will
use the NIST SP 800-30 method as a method that will solve the existing problems.
Therefore, a risk assessment was chosen using the NIST SP 800-30 method (Case Study:
SMK Negeri 2 Baleendah)
