Abstract:
University of Riau has implemented a website-based library information system to
facilitate library management activities. In addition to providing benefits in the form of
speed and ease of access, this information system is vulnerable to the risk of crime so that
high level of security is required. Therefore, it is necessary to carry out an assessment of
information system security risks to find out the risks that may occur and the carry out
risk mitigation to reduce these risks. This study used The Failure Mode and Effect
Analysis method to identify the risks that may occur. Based on the results of the analysis,
obtained 18 risks along with 30 potential causes. There were four potential causes with
a high level, four potential causes with a medium level, 21 potential causes with a low
level, and one potential cause with a very low level. Then risk mitigation is carried out
based in ISO/IEC 27001:2013 as a control used in risk management.
