<![CDATA[This study evaluates the implementation of an ISO/IEC 27001:2022-based Information Security Management System (ISMS) in an information technology unit at a university. The method used is quantitative descriptive with Gap Analysis, through observation, documentation study, and a compliance questionnaire for 93 Annex A controls. The results show that ISMS implementation is at a moderate level with a medium compliance category. Most controls have been implemented according to SOPs (40% with a score of 3), but there are still obstacles in the form of uneven control implementation (16% with a score of 0) and a lack of formal documentation (14% with a score of 1). The effectiveness of ISMS is influenced by management support, documentation standardization, and a culture of information security awareness. This study recommends improving documentation, strengthening internal audits, and preparing for international certification through an ISMS development roadmap to strengthen the university's information security resilience against cyber threats.]]>
Copyrights © 2026
