Tania, Nabila2022-08-022022-08-022022-03PerpustakaanElfitrahttps://repository.unri.ac.id/handle/123456789/10629University of Riau has implemented a website-based library information system to facilitate library management activities. In addition to providing benefits in the form of speed and ease of access, this information system is vulnerable to the risk of crime so that high level of security is required. Therefore, it is necessary to carry out an assessment of information system security risks to find out the risks that may occur and the carry out risk mitigation to reduce these risks. This study used The Failure Mode and Effect Analysis method to identify the risks that may occur. Based on the results of the analysis, obtained 18 risks along with 30 potential causes. There were four potential causes with a high level, four potential causes with a medium level, 21 potential causes with a low level, and one potential cause with a very low level. Then risk mitigation is carried out based in ISO/IEC 27001:2013 as a control used in risk management.enInformation System SecurityFailure Mode and Effect AnalysisRisk MitigationISO/IEC 27001:2013Article