Analisa Risiko Teknologi Informasi Di Divisi Produksi PT. X

PT. X is a tobacco company. In order to support its business processes, this company uses software, hardware, network and machines for production process. However, this company is lack of monitoring of IT tools so that when problems occur, the problem solving can be delayed, and it has no plans if disaster might happen. This thesis assess IT risks and company’s business processes. This assessment uses COBIT 4.1 standard, ISO 31000, and for the calculation used Risk Rating Methodology OWASP. Risks that have Critical-High scale are no Disaster Recovery Plan, backup result is stored in the same room with the main server, no monitoring in data backing up, data backup is just done in onsite technique, no backup data recording. The responses to the company’s risk factors are that company should make DRP so that when any disaster occurs, company’s important data is not lost, backup storage should located, at different place than main server, company should backup process, and backup should be done by offsite technique, so when any data is lost, it can be easily restored.