IT Risk Management Planning on Avesina Application RSUD Waluyo Jati Kab. Probolinggo Using OCTAVE Allegro

Abstract

The application of information technology at RSUD Waluyo Jati Kraksan can pose a risk. The example of information technology risks that have occurred is the occurrence of additional working hours caused by system errors in the Avesina application related to room procurement. The purpose of this study is to determine the IT risks that arise from the implementation of the Avesina application, and provide the necessary mitigation in managing these risks. The method used in this research is OCTAVE Allegro. Before determining the risk, asset profiling and wadan of the asset are carried out. The risks arising from the implementation of the avesina application are data input errors, application hacking, applications can be easily accessed by unauthorized people, and account sharing. There are several stages used to determine the mitigation approach. Of the four risks, it was found that only two risks needed to be mitigated. The mitigation provided focuses on the asset containers that need to be controlled, namely the SIM RS Unit and management. The mitigation includes procuring a renewable security system, procuring a 2-factor authentication system, and monitoring compliance with information technology.