ANALISIS MANAJEMEN RISIKO KEAMANAN DATA SISTEM INFORMASI MENGGUNAKAN METODE OCTAVE ALLEGRO (Studi Kasus: CV. Arta Rahmat Sejati Cilacap)

The use of information technology is very important and has a lot of influence on company performance, especially on business processes and company data security. However, in the process of implementing information technology, it can allow the emergence of various kinds of risks that threaten the security in it. If observed, the thing that is very influential in the company is the quality of the resources that work as well as threats from internal and external parties. Security at the company can be guaranteed if workers can have references and knowledge about company security or lead to security, whether it includes security of important company data or physical security. This needs to be considered so that companies are more aware of threats or risks that occur. Companies must also pay attention to the types of attacks and security requirements such as confidentiality, availability and integrity because if they do not make efforts for security, it can be fatal for the company. Examples of attacks on data are viruses, credential reuse, cross-site, crypting, password cracking and the effects that can be obtained in the form of destruction, disclosure, interruption and reputational and financial losses. The purpose of this study is to provide a recommendation to CV ARTA RAHMAT SEJATI CILACAP against threats and risks that occur using the Octave Allegro method. This research is a descriptive qualitative research, also tends to use systematic quantitative analysis and research to provide a risk assessment, information security strategy for vulnerability evaluation. The results of this study are that there are threats in the form of things that have the potential to exploit security vulnerabilities including using technical means, human actors using physical means, technical problems and the results of the highest risk analysis assessment are 12 (high) in the impact area of data security. The overall results show critical information assets that require planning efforts to provide indications in the form of handling, risk mitigation and reasonable changes in security practices at the limited liability company.