Information Technology Asset Risk Management for XYZ Digital Wallet Application with ISO 3100:2018 and FMEA

Abstract

A digital wallet application is a type of information technology service in the financial sector. This digital service relies on IT assets to support its business processes. Therefore, service providers must ensure the security and availability of these assets by analyzing potential risks. This study conducts a risk management analysis of the XYZ digital wallet application using an integrated approach based on the ISO 31000:2018 framework and the FMEA method. The process includes stages of communication and determination of analysis needs, risk assessment, risk evaluation, and risk treatment. Based on the identification of critical assets, which include hardware, software, data, and human resources, a total of 18 assets were found to support the business processes of the XYZ digital wallet application. From the risk evaluation results, five risks were identified as priorities: illegal access to personal computers and laptops, physical damage to computer components due to water spills, data leaks related to application performance, loss of user information during backup processes, and physical damage to the local cable network. As a result, risk treatment recommendations were provided to mitigate these prioritized risks.