Information and Communication Technology (ICT) Governance is strongly associated with the successful of an organization's management especially about how to control physical assets, data and information were applied. In organizations, universities (Higher Education) Data and information is extremely important given the orientation of utilization is in the form of shared knowledge, through teaching and learning, research and community service (Tri Dharma). With a potential source of threats posed by humans (Human Threats), natural disasters (Natural Threats), and disruption of the environment (Environmental Threats) can interfere with the management of ICT colleges. NIST Framework Model is implemented by integrating the concept of Information Technology (IT) Risk Management through assessment risk mitigation strategies and recommendations to measure the probability of the threat and the level of impact on the institution. Then, through indepth interviews with ICT department/unit using IT General Control Questionnaire (ITGCQ) and also review operational documents to found risk analysis issues. Risk analysis results are summarized in the form of safeguard implementation plan to reduce the level of IT risk governance PTS. XYZ. More and more ICT management activities that do not have control, the higher the level of risk management of ICT. 

Stoneburner, Gary. 2002. Risk Management Guide for Information Technology System. USA:NIST Special Publication 800-30.

Purwanto, Yudha. 2010. Audit Teknologi Informasi dengan COBIT 4.1 dan IS Risk Assesment (Studi Kasus Bagian Pengolahan Data PTS XYZ. Bali: Konferensi Nasional Sistem dan Informatika 2010.

Firmansyah, Hendra Sandhi. 2010. Implementasi Framework Manajemen Resiko Penggunaan Teknologi Informasi Perbankan. Bandung: Seminar Munas Aptikom 2010.

Nikolic, Bozo. Dimitrijevic, Ljiljana Ruzic. 2009. Risk Assesment of Information Technology Systems. The Higher Education Technical School of Professional Studie Issues In Informing Science and Technology Vol. 6 2009: Novi Sad, Serbia.

Moeller, Robert R. 2005. Brink’s Modern Internal Auditing 6th Edition. USA:John Wiley & Sons

McGehee, Brad. 2009. Brad’s Sure Guide to SQL Server Maintenance Plans. Simple Talk Publishing.

Creswell, J. W. 1998. Qualitatif Inquiry and Research Design. Sage Publications, Inc: California.