<![CDATA[This study examines security policies from a governance perspective within an institution to assess the level of security of assets, data, and information. The results of this study aim to analyse risks and assist the institution in mitigating those risks. This study uses a literature review of previous studies that focus on the OCTAVE-S Framework and ISO27001:2022. The subject of the study is the Academic System, while the object is UN PGRI Kediri University. The method used is based on ISO 27001:2022 and uses the OCTAVE-S framework. The research data was obtained by conducting interviews with university officials, particularly those responsible for the implementation and security of data and information. From the interview results, the assets were then identified, consisting of the categories of system information and applications, and the second was people (human resources). Next, a classification was made containing a description of the risk level, with the aim of conducting a stoplight assessment. The next step was to classify the interview results into 15 types of security practice evaluations and assign them a stoplight rating as defined earlier. Security aspects with a red stoplight rating were used to produce a risk mitigation document referring to ISO 27001:2022.]]>
Copyrights © 2025
