Library information systems and information assets administered to users become the backbone of library service with the support of information technology. Howevet the application of library information systems that grows rapidly may raise the riskthat causesfailures threatening librarians in assessing sources of risk threats. Risks may include events and conditions that lead to disruption in information services and the problem of the decision-making process evaluation although not documented in writing. Informants of this study consist of librarians who have social interaction with library information system. The method uses qualitative case study approach with in-depth interviews and direct observation.
The results ofthe study identifies the riskin a hang of backup server is high, i
The purpose of this study is to describe the implementation of risk management in information systems at Gadjah Mada University Library using NISTSP 800-30 frame work and to determine factors that affect the implementation of risk management in information systems at the library. Risk management in information systems at Gadjah Mada University Library has been implemented to anticipate the various sources of risk threats by conducting risk assessment, risk mitigation and risk electricity is high, in security systems is high, in passwords is high, in authorization permission is moderate and in human resources is moderate. To reduce and eliminate the risk impact, Gadjah Mada University Library conducts risk mitigation by transferring the risk from a library information system
servers to PSDI (Center for Systems and Information Resources), while the risk evaluation of the activities is carried out continuously and consistently by the librarians to implement control and activities in risk mitigation to the extent acceptable to the library. Factors affectiig the implementation of risk management information systems at the Gadjah Mada University Library are influenced by the policies of the University, the perception of the library's head and human resources and technical
capabilities in the fi eld of information technology.

Darmawi, Herman. 2006. Manajemen Risiko. Jakarta: Bumi Aksara.

Djojosoeharso, Soeisno. 1999. Prinsip-prinsip Manajemen Risiko dan Asuransi. Jakarta: Salemba Empat.

Gibson, Darril. 2011. Managing Risk in Information Systems. Sudbury: Jones & Bartlett Learning.

Hanafi, Mamduh M. 2009. Manajemen Risiko. Yogakarta: UUP STIM YKPN.

Idroes, Ferry N. 2008. Manajemen Risiko Perbankan: Pemahaman Pendektan 3 Pilar Kesepakatan Bassel II Terkait Aplikasi Regulasi dan Pelaksanaannya di Indonesia. Jakarta: Rajawali Pers.

Indrajit, Richardus Eko. 2000. Pengantar Konsep Dasar Manajemen Sistem Informasi dan Teknologi Informasi. Jakarta: Elex Media Komputindo.

Maulana, M.M dan Supangkat, S.H. 2006. “Pemodelan Framework Manajemen Risiko Teknologi Informasi untuk Perusahaan di Negara Berkembang”. Pada Prosiding Konfrensi Nasional Teknologi Informasi & Komunikasi untuk Indonesia. 121-126. 3-4 Mei, Bandung.

Muntashir. 2012. Analisis Webometrics pada Perpustakaan Perguruan Tinggi Negeri di Indonesia. Visi Pustaka. Vol.14. No.2., Agustus.

Oetomo, Budi Sutedjo Dharma. 2002. Perencanaan dan Pembangunan Sistem Informasi. Yogyakarta: Penerbit Andi.

Pinontoan, Jimmy H .2010. Manajemen Risiko TI – Konsep-konsep.

Majalah PC Media.Oktober 2010.

_________________ .2010. Manajemen Risiko TI – Penerapan Praktis.

Majalah PC Media. November 2010.

Undang-Undang Nomor 43 Tahun 2007 tentang Perpustakaan.

Setiarso, Bambang. 1997. Penerapan Teknologi Informasi dalam Sistem Dokumentasi dan Perpustakaan. Jakarta: Grasindo.

Suduc, A.M., M. Bizoi dan F.G. Filip, 2010. Audit for Information Systems Security. Journal Informatica Economica, 14(1), 43-48.

Supriyanto, Wahyu dan Ahmad Muhsin. 2008. Teknologi Informasi Perpustakaan; Strategi Perencanan Perpustakaan Digital. Yogyakarta: Kanisius.

Stoneburner G, A. Goguen and A. Feringa. 2002. Risk Management Guide for Information Technology Systems., Recommendation of the National Institute of Standart and Technology Special Publication 800-30.

Tantra, Rudy. 2012. Manajemen Proyek Sistem Informasi. Yogyakarta: Penerbit Andi.