PT Dyandra Promosindo merupakan perusahaan yang bergerak dibidang event organizer, dimana dalam menjalankan proses bisnisnya sehari-hari pasti akan selalu berhubungan dengan informasi penting dari klien mereka. Oleh karena itu perlu dilakukan risk assessment untuk menghindari hilangnya confidentiality, integrity dan availability dari suatu aset informasi. Penulis ingin mengetahui seberapa besar dampak risiko yang mengancam keamanan aset informasi dan memberikan rekomendasai kontrol pada aset tersebut. Proses risk assessment dapat dibagi menjadi tiga tahapan yaitu, risk identification secara interview dan peninjauan dokumen, risk analysis dengan menggunakan asset valuation dan vulnerability and threat rating, dan terakhir risk evaluation menggunakan pengukuran risk impact. Hasil dari penelitian ini didapatkan 10 aset informasi kritis yang teridentifikasi dan hanya 1 yang masuk ke kelompok mitigasi risiko Tolerable dimana aset-aset lainnya dikelompok Acceptable. Rekomendasi kontrol untuk risiko aset informasi PT Dyandra Promosindo yang berdasarkan pada Annex A ISO/IEC 27001:2022 didapatkan 15 kontrol, yang terdiri dari 4 Organizational control, 5 People control, 1 Physical control, dan 5 Technological control.

---

PT Dyandra Promosindo is a company that operates in the event organizer sector, when carrying out their daily business processes they will always be in contact with important information from their clients. Therefore, it is necessary to carry out a risk assessment to avoid loss of confidentiality, integrity and availability of an information asset. The author wants to know how big the risk impact that threatens the security of information assets and provide control recommendations over these assets. The risk assessment process can be divided into three stages, namely, risk identification through interviews and document review, risk analysis using asset valuation and vulnerability and threat ratings, and finally risk evaluation using risk impact measurements. The results of this research showed that 10 critical information assets were identified and only 1 was in the Tolerable risk mitigation group where the other assets were in the Acceptable group. Recommendations for controls for PT Dyandra Promosindo information assets risk based on Annex A ISO/IEC 27001:2022 show 15 controls consisting of 4 Organizational control, 5 People control, 1 Physical control, and 5 Technological control.