Risk Management in Final Semester Exam Information System Using NIST 800-30 Method (Case Study of SMKN 2 Baleendah)

Abstract

In the use of information systems and technology, risk is something that must be anticipated. Risks can arise from various things such as information security, fire, hardware damage, etc. that can disrupt the organization's business processes. With the possible emergence of risks in the use of information systems and technology, risk management is needed to facilitate the identification of possible occurrences of these risks. Risk management is the practice of identifying, assessing, controlling and mitigating risks. SMK Negeri 2 Baleendah is a vocational high school that has 5 areas of expertise competence, namely culinary, beauty, fashion, industrial chemistry, and computer network engineering. SMK Negeri 2 Baleendah as an organization engaged in education has implemented online exam information technology. Of course, the application of information technology raises a problem. From these problems, risk management is needed to minimize risk by conducting a risk assessment. NIST 800-30 is a standard document developed by the National Institute of Standards and Technology. NIST 800-30 has two important stages, namely risk assessment and risk mitigation. This research will use the NIST SP 800-30 method as a method that will solve the existing problems. Therefore, a risk assessment was chosen using the NIST SP 800-30 method (Case Study: SMK Negeri 2 Baleendah)