The purpose of this study is to produce blue prints based on the level that positively and negatively affects hardware and software in one of the Agencies in City which will later become a benchmark to avoid or overcome problems that will be faced in the IT governance and IT infrastructure. IT governance is a process relationship structure that guides and controls an organization to achieve its vision and mission by creating value that balances risk with IT and its processes. An IT facility is an entity that performs the administrative and management functions of all IT applications in the Department XYZ environment for protection against unwanted threats that require risk management assessment. Minimize the danger or risk that may arise. The two analytical methods used in this study are quantitative and qualitative risk analysis. In the future, the quantitative risk analysis (QRA) approach will focus more on analyzing the condition of IT assets to find risk factors that need serious consideration and handling. For qualitative risk analysis methods, NIST SP 80030 is used to analyze various threat and risk attributes for to provide guidelines for the management of IT facilities in Department XYZ. Based on the QRA risk assessment, it was concluded that server-class IT resources are counted as the biggest potential loss to the Service. This is reflected in the risk aspect, where power losses have the most potential damage. Qualitative assessment of risk management according to NIST SP 80030 found that the sources of high-risk threats are high-risk power grids and the Internet. This level of risk can be identified during the threat source classification process. Submission of all risk analysis results can provide the results of risk recommendations communicated with departement IT management. To then be able to help the campus make decisions that include policies, procedures, budgets, operating systems and change management.

D. Antoni, A. Syaputra, And M. Nasir, “A Literature Review Of Infrastructure Capabilities In Shared E-Government Concept,” In 2019 International Conference On Electrical Engineering And Computer Science (Icecos), 2019, Pp. 117–121.

J. Jonny And C. Darujati, “Penilaian Risiko Data Sistem Informasi Manajemen Puskesmas Dan Aset Menggunakan Iso 27005,” Sist. J. Sist. Inf., Vol. 10, No. 1, Pp. 1–12, 2021.

A. Yulianto, A. Ambarwati, And C. Darujati, “Analisis Manajemen Risiko Ti Pemeliharaan Aset Menggunakan Quantitative Risk Analysis (Qra) Pada Pt. Hms,” In Prosiding Seminar Nasional Teknologi Dan Rekayasa Informasi (Sentrin) 2016, 2016, Pp. 45–51.

B. Muslim, “Quantitative Risk Analysis Of Asset Information Technology At Stt Pagaralam,” Pros. Stta Yogyakarta (Senatik 2018), Stta, Pp. 501–509, 2018.

M. Anhar And S. U. Kalsum, “Penerapan Metode Service Quality & Quality Function Deployment (Qfd) Dalam Upaya Peningkatan Pelayanan Kepada Mahasiswa Politeknik Ketapang,” J. Sist. Tek. Ind., Vol. 18, No. 2, Pp. 75–83, 2016.

A. G. R. Padang, A. Ambarwati, And E. Setiawan, “Penilaian Manajemen Risiko Ti Menggunakan Quantitative Dan Qualitative Risk Analysis,” Sist. J. Sist. Inf., Vol. 10, No. 3, Pp. 527–537, 2021.

S. Susilo, “Analisa Tingkat Resiko Tata Kelola Teknologi Informasi Perguruan Tinggi Menggunakan Model Framework National Institute Of Standards & Technology (Nist) Special Publication 800-30 Dan It General Control Questionnaire (Itgcq),” J. Ind. Serv., Vol. 3, No. 1c, 2017.

D. Pasha, A. Thyo Priandika, And Y. Indonesian, “Analisis Tata Kelola It Dengan Domain Dss Pada Instansi Xyz Menggunakan Cobit 5,” J. Ilm. Infrastruktur Teknol. Inf., Vol. 1, No. 1, Pp. 7–12, 2020.

A. Syaputra, “Aplikasi E-Kelurahan Untuk Peningkatan Pelayanan Administrasi Dalam Mendukung Penerapan E-Government,” Matrik J. Manajemen, Tek. Inform. Dan Rekayasa Komput., Vol. 20, No. 2, Pp. 379–388, 2021.

C. M. Sufyana And E. Suharto, “Analisis Pengukuran Tingkat Kematangan Sistem Informasi Akademik Menggunakan Cobit 5.0 Di Politeknik X,” J. E-Komtek, Vol. 2, No. 2, Pp. 101–116, 2018.

M. A. Dewi, A. Ambarwati, And C. Darujati, “Analisis Risiko Kuantitatif Aset Ti Pada Blc E-Gov Dinkominfo Surabaya,” In Prosiding Semnas Inotek (Seminar Nasional Inovasi Teknologi), 2018, Vol. 2, No. 1, Pp. 7–12.

A. Ramdhani, R. Hardian, And A. Maulana Fajar, “Pembuatan Motion Graphic Pengenalan Desain Komunikasi Visual Untuk Siswa Sma-Smk.” Politeknik Harapan Bersama, 2021.

A. Asrofi And D. S. Hadmoko, “Strategi Adaptasi Masyarakat Pesisir Dalam Penanganan Bencana Banjir Rob Dan Implikasinya Terhadap Ketahanan Wilayah (Studi Di Desa Bedono Kecamatan Sayung Kabupaten Demak Jawa Tengah),” J. Ketahanan Nas., Vol. 23, No. 2, Pp. 125–144, 2017.

A. Elanda And R. L. Buana, “Analisis Manajemen Risiko Infrastruktur Dengan Metode Nist (National Institute Of Standards And Technology) Sp 800-30 (Studi Kasus: Stmik Rosma),” Elkom J. Elektron. Dan Komput., Vol. 14, No. 1, Pp. 141–151, 2021.

R. S. Aranov, D. Witarsyah, And L. Abdurrahman, “Perancangan Tata Kelola Manajemen Teknologi Informasi Smk N 4 Bandung Menggunakan Framework Cobit 5 Domain Evaluate, Direct And Monitor (Edm) & Build, Acquire And Implement (Bai),” Eproceedings Eng., Vol. 5, No. 2, 2018.

S. O. D. Ningsih And S. W. Hati, “Analisis Resiko Keselamatan Dan Kesehatan Kerja (K3) Dengan Menggunakan Metode Hazard And Operability Study (Hazop) Pada Bagian Hydrotest Manual Di Pt. Cladtek Bi Metal Manufacturing,” J. Appl. Bus. Adm., Vol. 3, No. 1, Pp. 29–39, 2019.

M. Muhaemin, “Mengembangkan Busines Continuity Planning (Bcp) Dengan Pendekatan Kuantitatif Studi Kasus: Siak-Ditjen Adminduk Kemendagri,” Just It J. Sist. Informasi, Teknol. Inf. Dan Komput., Vol. 9, No. 1, Pp. 1–11, 2018.