Information System Security Audit Based on the DSS05 Framework Cobit 5 at Higher Education XX

Currently, information has become a commodity or basic need, it can even be said that we are already in an "information-based social" era. It is undeniable that the ability to access and ensure the availability of information quickly and accurately has become a very essential component for an organization, whether in the form of social or commercial organizations, educational institutions such as universities, government agencies, and individuals. Various channels were created to regulate access rights to information, to prevent unauthorized people from accessing it, to minimize losses for the owner of the information. Based on the results of interviews with the research object of XX college, there are still frequent disruptions to information system security such as attacks on servers that result in server downtime, attacks on institutional e-mails that result in being unable to receive or even send e-mails, and other disturbances. This certainly harms information services at the tertiary institution, therefore an information system security audit is required. This study aims to measure the level of information system security capabilities using the Cobit 5 framework in the APO13 and DSS05 domains. Based on the results of the audit, it was found that the GAP value was 3.6 for the APO13 domain or at level 1 while 3.4 for the GAP DSS05 value or at level 2, it can be concluded that the information system security maturity level is still very low so that it needs improvement. It is recommended to make SOPs and documentation of maintenance, control, and periodic security evaluation, install an antivirus that has high and up to date protection accuracy, and make regular maintenance reports both on software and hardware.