Information is one of the important and valuable assets for the life of an organization's business. Information management is needed to maintain the confidentiality, integrity, and availability of the information from cyber attacks. These cyber attacks can be in form of viruses, malware, phishing, Distributed Denial-of-service (DoS), fraud, and Ransomware.

The education sector is a significant contributor to the increase in cyber attacks during the COVID-19 pandemic. The use of ICT in higher education must have right information security

This study aims to Analysis the risks of information security in higher education. Identification of information security risks necessary for the organization to take appropriate preventive and mitigating actions.

OCTAVE Allegro is the framework used to perform risk management in this research. This framework focuses on the information assets owned by the organization. How the asset is used, stored, transferred, occurs and how threats (threats), vulnerabilities (vulnerabilities) and disturbances can be on the asset. The results of this study are recommendations for mitigating approach for identified risks.

Kementrian Kesehatan.( 2019), “Pedoman Pembatasan Sosial Bersekala Besar Dalam Rangka Percepatan Penanganan Corona Virus Disease 2019 (COVID-19)”, Kementrian Kesehatan RI [Online]. Available: http://hukor.kemkes.go.id/uploads/produk_hukum/PMK_No__9_Th_2020_ttg_Pedoman_Pembatasan_Sosial_Berskala_Besar_Dalam_Penanganan_COVID-19.pdf. [Accessed: 26-Jul-2021]

Kaspersky. (2020), “DDoS during the COVID-19 pandemic: attacks on educational and municipal websites tripled in Q1 2020”, [Online]. Available: https://usa.kaspersky.com/about/press-releases/2020_ddos-during-the-covid-19-pandemic-attacks-on-educational-and-municipal

Caralli, r. a r. a. c. et al. (2007) ‗introducing octave allegro : improving the information security risk assessment process‘,

young, (may), pp. 1–113

.

Keating, C. G.( 2014), “Validating the OCTAVE Allegro Information Systems Risk Assessment Methodology: A Case Study”.

Krutz, r. and vines, r. (2001) the cissp prep guide: mastering the ten domains of computer security. available at:

http://cdn.preterhuman.net/texts/computing/security/the cissp prep guide mastering the ten domains of computer security 2001.pdf

Jufri, m. t., hendayun, m. and suharto, t. (2017) ‗risk-assessment based academic information system security policy using octave allegro and iso 27002‘, 2017 second international conference on informatics and computing (icic), pp. 1–6. doi:10.1109/iac.2017.8280541.

Supradono, b. (2009) ‗manajemen risiko keamanan informasi dengan menggunakan metode octave (operationally critical

threat , asset , and vulnerability evaluation )‘, 2(1), pp. 4–8.

Wangen, G., “Information Security Risk Assessment: A Method Comparison, Computer”, 50(4), 52–61. 2017.