Smart Security Risk Management pada Bali Smart Island menggunakan OSINT, OTGv4.2, dan ISO 31000 2018

The integration of web-based services and information on Bali Smart Island, on the one hand, provides convenience, but on the other hand raises issues of threats and risks related to system, data, and information security. Current security testing only uses OWASP and OSINT but is not accompanied by risk assessment and risk management. This research conducted security testing on the Bali Smart Island domain using a combination of OSINT and OWASP Testing Guide (OTGv4.2) accompanied by ISO 31000:208 risk assessment and risk management. The research uses experimental methodology with Proof of Concept (PoC) using the Harvester tool in the target domain. The test results measure the level of risk, accompanied by recommendations. The final results of the research show that the combination of OSINT, OTGv4.2, and ISO 31000:2018, can provide the best and most effective solution for information technology security risk management guidelines on the Bali Smart Island, through security testing, assessing security test results, evaluation, and providing recommendations post-evaluation system improvements. In the future, this research can be continued by using a combination of other tools and methods for web security.