Identification of Information Asset in Academic Information System

The application of Information Technology (IT) in the form of Academic Information Systems at the University of Muhammadiyah Riau (UMRI) has been carried out since 2010. Currently, academic activities at UMRI are very dependent on the existence of the information system. Activities carried out through academic information systems include student lecture registration, student study results, lecturer and student master data, scheduling lectures, lecture absences, and others. The application of this academic information system can pose a risk if the UMRI fails to assess the source of risk threats. This can result in the impact of information services being disrupted and the cessation of the decision making process. Risk is an uncertainty that can have a negative impact on an organization. Since its implementation to date, UMRI has never carried out systematic risk management. Even though the use of academic information systems at UMRI is currently crucial. Risk management is an effort from planning, organizing, leadership, controlling resources and activities to minimize the impact of losses and uncertainty on costs and consequences. Thus, risk management of information systems should be carried out by organizations that utilize Information Technology to support their activities. One method that can be used to build risk management of information systems is the Octave Allegro method. This method is a methodology for identifying risks to information systems related to information system security. Octave defines important components in a comprehensive, systematic, context-based information system security risk evaluation. The Octave Allegro method consists of 8 (eight) stages. The final result of this study is in the form of a risk assessment table and mitigation of risks to information assets. There are 8 (eight) crucial assets with a level of risk assessment of as low as 1 (one), moderate as much as 5 (five) and high as much as 2 (two)