Enhancing Business Continuity Through Proactive Information System Risk Management in the Financial Services Sector

Abstract

PT XYZ, a company operating in the financial services sector, heavily relies on its colection information system to maintain smooth business operations. In line with the company's strategic plan to conduct a vendor migration for this system, a comprehensive risk analysis becomes crucial to ensure data security, regulatory compliance, and business continuity. This study aims to analyze the risks within PT XYZ's colection information system using a combined approach of the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) and Failure Mode & Effect Analysis (FMEA) methods. The OCTAVE method was systematically applied to identify relevant critical assets, threats, and vulnerabilities. Subsequently, the FMEA method was implemented to quantitatively evaluate the identified risk scenarios to determine their priority levels. The study successfully identified a range of fundamental critical assets across data, system, and brainware categories, and formulated numerous associated risk scenarios. Through the FMEA assessment, these scenarios were classified by their priority level, with a portion identified as high-risk requiring immediate attention. For these high-priority risks, this research recommends actionable mitigation strategies based on controls from the ISO 27001:2022 standard. This study produces a measurable risk profile that serves as a strategic foundation for PT XYZ to effectively manage information security.