Information Technology Governance is currently widely implemented in companies. One of the domains that can be of concern is risk management. The application of TKTI in this domain can help companies identify, evaluate, reduce, and manage risks related to their business to achieve company goals better. In this case, three frameworks can be considered, including NIST, ISO 27001, and Octave, but implementing these frameworks only sometimes goes as planned. This study aims to identify the factors that cause the ineffectiveness of implementing Information Technology Governance (ITG) in the risk management domain using the NIST, ISO 27001, and Octave frameworks. Through an analysis of existing literature and data processing, this study found that factors such as lack of understanding of the framework, lack of adequate resources, and implementation challenges play an essential role in ineffectiveness. This study concludes by providing valuable insights for organizations seeking to strengthen their risk management capabilities.

Jeffry, A., Khotama, M., Chandra, A., Gunawan, C. K., & Kurniadi, J. F. O. (2018). "Audit Fingerprint pada PT X dengan Framework COBIT 4.1." J. Informatika dan Sistem Informasi, vol. 4, no. 1, pp. 34-43.

Gushelmi, N., Neldi, M., & Septiadi, Y. (2022). "Analisa Kualitas Sistem Informasi Manajemen Menggunakan Framework Cobit 5 (Studi Kasus Pada Kantor Dprd Kabupaten Sijunjung)." J. Teknologi Dan Sistem Informasi Bisnis, vol. 4, no. 1, pp. 89-96.

Rizvi, S., Khan, M., Tanveer, B., Ahmed, E., & Vandana, V. (2018). "Security Risks, Challenges, and Their Management in Cloud Computing." In Proceedings of the 11th International Conference on Security of Information and Networks, Athens, Greece, pp. 305-312.

Sabillon, R., Cano, J., Serra-Ruiz, J., Gibert, X., & Fernandez, L. (2016). "Cybersecurity Challenges and the Small and Medium Enterprise." In Proceedings of the 10th International Conference on Security of Information and Networks, ACM, New York, NY, pp. 501-504.

Alcaraz, C., & Zeadally, S. (2015). "Critical infrastructure protection: Requirements and challenges for the 21st century." Int. J. Crit. Infrastruct. Prot., vol. 8, pp. 53-66.

Alshaikh, M., Ahmad, S., Maynard, S. B., & Chang, S. (2017). "Requirements Engineering for Cybersecurity: Issues and Challenges." 5th IEEE International Conference on Cyber Security and Cloud Computing (IEEE CSCloud), pp. 15-20.

Courtney, J. F. (2020). "Cybersecurity Issues and Challenges: In Brief." Report, Congressional Research Service. Available online.

Bartnes, M., Moe, N., & Heegaard, P. (2016). "The future of information security incident management training: A case study of electrical power companies." Computers & Security, vol. 61, pp. 10.1016/j.cose.2016.05.004.

Posthumus, S. (2004). "A framework for the governance of information security." Computers & Security, vol. 23, pp. 638-646.

Ashenden, D. (2008). "Information Security management: A human challenge?" Inf. Secur. Tech. Rep.

Triandini, E., Jayanatha, S., Indrawan, A., Putra, G., & Iswara, B. (2019). "Metode Systematic Literature Review untuk Identifikasi Platform dan Metode Pengembangan Sistem Informasi di Indonesia." Indonesian J. Inf. Syst.

Susanto, H., Almunawar, M., & Tuan, Y. (2011). "Information security management system standards: A comparative study of the big five." Int. J. Electr. Comput. Sci. IJECS-IJENS, vol. 11, no. 5, pp. 23-29.

Kuligowski, C. (2009). "Comparison of IT Security Standards." Masters of Science Information Security and Assurance, 65. Retrieved from http://www.federalcybersecurity.org/CourseFiles/WhitePapers/ISOvNIST.pdf.

Kundra, V. (2011). "Federal Cloud Computing Strategy." Washington: U.S. Chief Information Officer.

Iorga, M., & Karmel, A. (2015). "Managing Risk in a Cloud Ecosystem." IEEE Cloud Comput., vol. 2, pp. 51-57.

Caralli, R. A. (2007). "Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process." Pittsburgh: Carnegie Mellon University.