Analisis Disaster Recovery Plan Keamanan Data dan Informasi Menggunakan NIST Framework (Studi Kasus: Biro Teknologi Informasi Yayasan Pendidikan Internal Audit)
Disasters are unexpected and potentially significant risks to the continuity of company and organization operations, especially those related to information systems and information technology (IS/IT). The Internal Audit Education Foundation (YPIA) in handling disasters related to data and information security often faces obstacles that cause problems that become more widespread in the future. Therefore, a disaster recovery plan (DRP) becomes an urgent need. The purpose of this study is to evaluate resilience to disasters and data and information security attacks, and to ensure better business continuity in the face of emergency situations. Researchers use the National Institute of Standards and Technology (NIST) Framework in conducting a DRP analysis of security and data. The study begins by identifying and evaluating risks, conducting risk assessments, conducting Business Impact Analysis (BIA) determining preventive controls, and formulating contingency strategies. This study produces priority handling of high maturity risks in data damage, with an initial risk value of 3.8 and an impact of 4.4. After the control was carried out, there was a residual risk with a risk value of 1.6 and an impact of 3, with a very low maturity level and a residual value of 13.5 (80%). The reduction in the risk of data damage was significant with a very low residual value, indicating that the implementation of DRP using the NIST Framework in risk mitigation on critical assets of the Internal Audit Education Foundation was quite effective
