Within the Ministry of Communication and Information (KOMINFO), there is one system called "Sistem Layanan Aptika Terintegrasi" in the e-Business Application Services Sub-Sector, which serves to bridge the services provided by KOMINFO to its stakeholder. With the amount of important data in the service, management of information security is needed to support the business processes of the organization, and ensure that all data in the system is secured so that it can reduce the potential losses that can arise. To improve the quality of the information security, it is necessary to do an evaluation and analysis in order to find out the current conditions of information security management. This study uses the COBIT 5 framework as one of the frameworks for evaluating information technology governance in specific domains for information security, namely DSS05 (Manage Security Services), APO13 (Manage Security), and EDM03 (Ensure Risk Optimisation). By using COBIT 5, organizations can find out the capability level of each process and its gap level of the desired conditions. After knowing the gap level of each processes, recommendation are given to focus on detailing standards and procedure, improving documents regarding the duties and roles of each party, as well as increasing awareness regarding information security and risk optimisation.
Copyrights © 2019