Indonesian Interdisciplinary Journal of Sharia Economics (Jan 2024)
Development of an Integrated it Risk Management Framework for Electronic-Based Government Systems: A Case Study of The XYZ Ministry
Abstract
This study establishes a robust IT risk management and governance framework for The XYZ Ministry. The design combines ISO 31000 and NIST SP 800-30 methodologies, tailored for electronic-based government systems and alignment with regulatory mandates. The research emphasizes improved IT risk management, incident response, and disaster recovery, targeting optimal electronic-based government operations. Adapting this model offers solutions for central and local government entities. Using ISO 31000 and NIST SP 800-30 revision 1, a risk priority matrix was produced, showcasing the relationship between assets and threats, and identifying varying risk levels. Specifically, the most significant risk at The XYZ Ministry was outdated policies. This risk is due to the slow adaptation to central government regulations and current IT standards. This highlights the need for the ministry to incorporate risk management outcomes into its IT governance, essential for risk mitigation and strategic alignment with government directives.
Keywords
