SUMMARY
This paper describes the implementation of OCTAVE Allegro method to evaluate several aspects related to information security risks of the information technology applied in a health institution. The evaluation was conducted at RSUD XYZ and referred to five impact areas: reputation and customer confidence, finance, productivity, security and health, and also penalties and punishment. The results show that the impact area of reputation and customer confidence has the highest risk assessment result among other areas. The overall result and discussion presented in this paper certainly does not violate the code of ethics for RSUD XYZ.