Lailatul Maulida

Public institutions increasingly depend on IT assets to sustain essential operations, yet many still lack structured risk management frameworks. At TVRI East Java, the absence of a dedicated IT division underscores the need to evaluate asset vulnerabilities and threat exposures systematically. This study identifies and prioritizes critical IT assets and their associated risks using the Quantitative Risk Analysis (QRA) method. Data were gathered through interviews, document analysis, and expert validation. Thirteen IT assets were assessed against fifteen potential threats, and quantitative metrics such as Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE) were used to estimate financial impacts. The analysis showed that personal computers are the most critical assets, primarily threatened by computer viruses, while minor peripherals pose minimal risk. Expert verification confirmed that the findings reflect real operational conditions. However, the study’s scope was limited by the reliance on a single expert for data validation, which may constrain the broader applicability of the findings. The results provide a structured basis for risk mitigation strategies and can guide similar institutions in strengthening IT asset management.