INFORMATION SECURITY RISK MANAGEMENT DESIGN OF SUPERVISION MANAGEMENT INFORMATION SYSTEM AT XYZ MINISTRY USING NIST SP 800-30

SIMWAS is an information system at the XYZ Ministry that used to manage supervisory activities and follow up on results. important asset contains all internal control business processes, but in practice, security risks have not been managed properly. To overcome these problems, risk management needed SIMWAS. This study aims design analyze using NIST SP 800-30 framework. focuses a particular infrastructure its boundaries. Since purpose perform technical analysis of core IT infrastructure, it highly prescriptive. It has nine primary steps conduct assessment. The framework by identifying threats, vulnerabilities, impacts, likelihoods, recommendations for controls. assessment carried out analyzing data obtained from results interviews, observations, document reviews. this show four low-level risks, eight moderate-level five high-level risks. Very low levels are acceptable according appetite owner, moderate, high, very high-risk require avoidance, transfer reduction. need carry residual cost-benefit implementing controls each scenarios.