Analisa Risiko Pada Bidang Software Acquisition,Implementation,Maintenance PT. Z

Abstract

PT.Z is a printing company based in Sidoarjo. PT.Z handle various customers both domestic and abroad. Information technology has been used to support nearly in all processes in PT.Z, but they has never done a risk analysis before so that the company do not know anything about IT risks that can occur. Therefore, it takes a risk analysis so that the company can determine what risks may occur and how to respond to those risks.In this thesis, risk assessment performed in the process of software acquisition, implementation, and maintenance. The steps used in performing the risk assessment are measuring the level of maturity of the IT using the Capability Maturity Model Integration (CMMI), then perform mapping of CMMI to COBIT 4.1, and using the OWASP Risk Rating Methodology as a guide in the calculation of risk. Some of these risk factors include the lack of monitoring process based on clear value of metrics, no identification of IT processes that have great impact on the company\u27s business process, there is no verification of value in the result of monitoring data collection