Risk Assessment on Information Asset an academic Application Using ISO 27001

This research an assessment of the risk correlated with information security related to assets within an academic application at a university. Universities should value data as a critical asset that influences information security. The aim of this research is to determine risk in information assets and business impact to a university. This research identifies the risk associated with assets categories; then, calculates assets value conforming to criteria confidentiality, integrity, and availability developed by ISO 27001; and finally, creates risk analysis by evaluating the risk levels. This research obtains data using depth interview with executive committee members and questionnaire for staff. The findings from this study suggest that information assets (data user and password) correlate with high-risk levels. They have a problem in information security risk is Poor management, in particular in association with the absence of a systematic process for backup data, no network logging or reporting documentation for an incident and no clear standard operating procedure. This research contribution is that universities can use this knowledge develop better security systems to protect valuable assets.