<![CDATA[Background: XYZ Agency has adopted information technology but faces phishing attacks, spam, unclear information security roles, and a lack of prior security evaluation. Therefore, its readiness and maturity must be assessed using the KAMI Index 5.0 and ISO/IEC 27001:2022. Objective: This study aims to evaluate the level of information security readiness and maturity at Institution XYZ, a government agency under the Ministry of Finance of the Republic of Indonesia, using the KAMI Index Version 5.0 aligned with ISO/IEC 27001:2022, and to formulate structured improvement recommendations. Methods: This study employed a qualitative descriptive case study approach through interviews, observation, and document review. Data were assessed using KAMI 5.0, validated through triangulation and member-checking, with coder reliability confirmed by Cohen’s Kappa. Results: The assessment results obtained for the Electronic Systems Category were 29 points, indicating a high level of dependency, with a total score of 347 points across the six evaluation areas. The maturity level falls within the range of I–II, corresponding to a status of basic framework compliance. Subsequently, 97 recommendations for improvement were provided, referring to ISO/IEC 27001:2022. Conclusion: The formulation of these recommendations is expected to assist XYZ Agency in enhancing information security management and mitigating identified risks.]]>
Copyrights © 2026
