Libraries may be at risk of data security issues. The threat of data loss or data damage is prone to occur in libraries. Information technology embedded in libraries has developed Artificial Intelligence (AI) for information retrieval systems. The application of information technology in the Surabaya City Library has potential risks to data security and force majeure aspects so that need a disaster mitigation plant. This study aimed to implement information system risk management at Surabaya City Libraries as a disaster mitigation plan. The research method was descriptive qualitative. Based on the risk analysis, the recommendations for applying risk to information technology Surabaya City Library were elimination and engineering. The manifestation of these two recommendations made the data access protocol use multiple authentications to avoid data theft attempts due to infiltration, hacking, and cracking. Study results recommended a protocol for each data access. The protocol would save every change, deletion, and system login in the log history. Implementing data authentication twice per login can avoid data theft caused by the intrusion. This activity log is used for activity tracking when the system is infiltrated. The limitation of this study lies in the scope of the research object, namely the library, which has limitations on the system or application used and does not impact the wider community. Conclusion of research, the library can implement risk management strategy with elimination and engineering models through recording system login activities, which mitigate the risk of data breaches originating from insiders.

Risk management; Library information system; Mitigation plan; Data security

Abri, A. G., & Mahmoudzadeh, M. (2015). Impact of information technology on productivity and efficiency in Iranian manufacturing industries. Journal of Industrial Engineering International, 11(1), 143–157. https://doi.org/10.1007/s40092-014-0095-1

Aremu, M. A., & Saka, H. T. (2014). The impact of information technology on library management : A marketing perspective. Arabian Journal of Business and Management Review (OMAN Chapter), 4(4), 1–10. https://doi.org/10.12816/0019058

Brown, M. M. (2015). Revisiting the IT productivity paradox. The American Review of Public Administration, 45(5), 565–583. https://doi.org/10.1177/0275074014523102

Cardoso, A., Moreira, F., & Escudero, D. F. (2018). Information technology infrastructure library and the migration to cloud computing. Universal Access in the Information Society, 17(3), 503–515. https://doi.org/10.1007/s10209-017-0559-3

Costa, T. S., & Villalva, M. G. (2020). Technical evaluation of a PV-Diesel Hybrid system with energy storage: Case study in The Tapajós-Arapiuns Extractive Reserve, Amazon, Brazil. Energies, 13(11), 1–22. https://doi.org/10.3390/en13112969

Dina, N. Z., & Juniarta, N. (2021). Research on application of information technology for library information service. Library Philosophy and Practice, 1(1), 1–12. https://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=12441&context=libphilprac

Enakrire, R. T., & Ocholla, D. N. (2017). Information and communication technologies for knowledge management in academic libraries in Nigeria and South Africa. South African Journal of Information Management, 19(1), 1–9. https://doi.org/10.4102/sajim.v19i1.750

Fahrizandi. (2020). Pemanfaatan teknologi informasi di perpustakaan. Tik Ilmeu: Jurnal Ilmu Perpustakaan Dan Informasi, 4(1), 63–75. https://doi.org/10.29240/tik.v4i1.1160

Glăvan, D., Răcuciu, C., Moinescu, R., & Eftimie, S. (2020). Man in the middle attack on HTTPS protocol. Scientific Bulletin of Naval Academy, 23(1), 199–201. https://doi.org/10.21279/1454-864X-20-I1-026

Gotovac, S., Zelenika, D., Marušić, Ž., & Božić-štulić, D. (2020). Visual-based person detection for Search-and-Rescue with UAS: Humans vs. machine learning algorithm. Remote Sensing, 12(20), 1–25. https://doi.org/10.3390/rs12203295

Hajli, M., Sims, J. M., & Ibragimov, V. (2015). Information Technology (IT) productivity paradox in the 21st century. International Journal of Productivity and Performance Management, 64(4), 457–478. https://doi.org/10.1108/IJPPM-12-2012-0129

Hariyanto, B., Ramli, K., & Suryanto, Y. (2021). Risk management system for operational services in data center : DC Papa Oscar Cikeas case study. 2021 International Conference on Artificial Intelligence and Computer Science Technology (ICAICST), 118–123. https://doi.org/10.1109/ICAICST53116.2021.9497845

Izatri, D. I., Rohmah, N. I., & Dewi, R. S. (2020). Identifikasi risiko pada perpustakaan daerah Gresik dengan NIST SP 800-30. JURIKOM: Jurnal Riset Komputer, 7(1), 50. https://doi.org/10.30865/jurikom.v7i1.1756

Kijek, T., & Kijek, A. (2019). Is innovation the key to solving the productivity paradox? Journal of Innovation & Knowledge, 4(4), 219–225. https://doi.org/10.1016/j.jik.2017.12.010

Kirilov, L., & Mitev, Y. (2021). An approach for implementing the information technology infrastructure library. Comptes Rendus de l’Acade’mie Bulgare Des Sciences. https://doi.org/10.7546/CRABS.2021.05.11

Madasu, V. K. (2015). Web authentication and authorization and role of HTTP, HTTPS protocol in networking. Journal of Multidisciplinary Engineering Science and Technology (JMEST), 2(3), 381–383. https://www.jmest.org/wp-content/uploads/JMESTN42350525.pdf

Mahmood, K., Ahmad, S., Rehman, S. U., & Ashiq, M. (2021). Evaluating library service quality of college libraries: The perspective of a developing country. Sustainability, 13(5), 1–13. https://doi.org/10.3390/su13052989

Mansouri, A., & Asl, N. S. (2019). Assessing mobile application components in providing library services. The Electronic Library, 37(1), 49–66. https://doi.org/10.1108/EL-10-2018-0204

Mehta, D., & Wang, X. (2020). COVID-19 and digital library services: A case study of a university library. Digital Library Perspectives, 36(4), 351–363. https://doi.org/10.1108/DLP-05-2020-0030

Peters, T., & Dickinson, T. E. (2020). A history of the distance library services conference. Journal of Library & Information Services in Distance Learning, 14(2), 96–109. https://doi.org/10.1080/1533290X.2020.1809600

Polák, P. (2017). The productivity paradox: A meta-analysis. Information Economics and Policy, 38(1), 38–54. https://doi.org/10.1016/j.infoecopol.2016.11.003

Pouti, N., & Taghva, M. R. (2020). Determining organizational maturity of information technology with information technology and business alignment approach by capability maturity model integration and best practices of information technology infrastructure library: Case study Kermanshah E. Iranian Journal of Information Processing and Management, 35(2), 519–552. https://jipm.irandoc.ac.ir/article_699590_79a3d7cc0cfbcd6e79e258241681b194.pdf?lang=en

Qintharah, Y. N. (2019). Perancangan penerapan manajemen risiko. JRAK: Jurnal Riset Akuntansi Dan Komputerisasi Akuntansi, 10(1), 67–86. https://doi.org/10.33558/jrak.v10i1.1645

Santoso, R., & Mujayana, M. (2021). Penerapan manajemen risiko umkm madu di kecamatan badas kabupaten kediri di tengah pandemi Covid-19. Jurnal Nusantara Aplikasi Manajemen Bisnis, 6(1), 74–85. https://ojs.unpkediri.ac.id/index.php/manajemen/article/view/15643/2005

Santoso, R. (2022). Disrupsi pandemi dan strategi pemulihan industri kreatif. Jurnal Manajemen Dan Kewirausahaan, 7(1), 48–58. https://ejournal.uniska-kediri.ac.id/index.php/ManajemenKewirausahaan/article/view/2101/1453

Schmeelk, S. (2020). Creating a standardized risk assessment framework library for healthcare information technology. Proceedings of the 53rd Hawaii International Conference on System Sciences, 3881–3890. https://scholarspace.manoa.hawaii.edu/server/api/core/bitstreams/25a313a2-9ca6-4df1-913c-26fe0dc79b98/content

Sharma, S., & Rawal, Y. S. (2021). The possibilities of artificial intelligence in the hotel industry. Proceedings of First Global Conference on Artificial Intelligence and Applications (GCAIA 2020), 695–702. https://doi.org/10.1007/978-981-33-4604-8_53

Twum, K. K., Yalley, A. A., Agyapong, G. K.-Q., & Ofori, D. (2021). The influence of public university library service quality and library brand image on user loyalty. International Review on Public and Nonprofit Marketing, 18(2), 207–227. https://doi.org/10.1007/s12208-020-00269-w

Vempere, L., Jasevics, A., Zemite, L., & Vempers, G. (2021). Methodology for investment evaluation in electricity generation modules according to the requirements of the European Union. Latvian Journal of Physics and Technical Sciences, 58(3), 15–31. https://doi.org/10.2478/lpts-2021-0014

Wang, D., Zhong, D., & Li, L. (2022). A comprehensive study of the role of cloud computing on the Information Technology Infrastructure Library (ITIL) processes. Library Hi Tech, 40(6), 1954–1975. https://doi.org/10.1108/LHT-01-2021-0031

Winata, A. P., Fadelina, R., & S.-B. (2021). New normal and library services in Indonesia: A case study of university libraries. Digital Library Perspectives, 37(1), 77–84. https://doi.org/10.1108/DLP-07-2020-0059

Zeng, W. (2019). A methodology for cost‐benefit analysis of information security technologies. Concurrency and Computation: Practice and Experience, 31(7), 1–12. https://doi.org/10.1002/cpe.5004