Assessment of information security management on Indonesian higher education institutions

Abstract

Information is one of the valuable corporate’s asset and must be protected, including for higher education institutions. Many security breach had happened on universities in Indonesia in many forms, such as penetration of the official website, website deface, and penetration to academic system to change the scores. The purpose of this research is to capture the implementation of information security management in some higher education institutions in Indonesia and not to generalize the condition of all institutions. This paper is used a descriptive approach to explore the maturity level of particular items in main clauses and controls of ISO27001:2013. The result showed that average score of maturity level is in level 2 (repeatable but initiative). It can be concluded that implementation of information security management is still limited on initiatives from its IT organization. Some controls are repeatable without adequate planning and documentations.