<![CDATA[PT Tirta Investama (AQUA) Pandaan is one company that has been utilizing information technology (IT) to support its business process. All activities are managed directly by the division of Danone Information Systems (DAN'IS) as the responsible for the provision and development of technology facilities and corporate information systems. The existence of such utilization, certainly raises the evaluation material in order to maintain the functionality of technology to keep stable. This study aims to evaluate the process of ensure risk optimization, manage security, and manage security services. Two of the three processes are examples of processes related to information security. Information security is selected as an audit object, since the company has a policy on the IS Security Policy document managed by the DAN'IS Security Analyst. This study uses the COBIT 5 framework as the main reference. The research method is doing by observation, interview, and analysis through assessment sheet to describe the condition of Base Practices (BP), Work Product (WP), Generic Practices (GP), and Generic Work Product (GWP) of EDM03 (Ensure Risk Optimization), APO13 (Manage Security), and DSS05 (Manage Security Services). So it is known the capability level of the three processes are at level 3. Each process has different gap levels. Therefore, a recommendation is given as a guide improving the quality of risk optimization and information security so as to reach the targeted level of achievement.]]>
Copyrights © 2018
