Security audit on loan debit network corporation system using cobit 5 and iso 27001: 2013

Abstract

Stakeholders in a company have a right knowing about optimizing information security management. It can affect a company's performances and reputation. Information is the biggest business driver in an organization or company. This research aims to measure the capability of the company which is implemented information security governance that impacts on enterprise risk. The Loan Debit Network Corporation system is the main system that supports the company's business process for corporate lending transactions management. The capability level measurement is based on COBIT 5.0 for Information security and ISO 27001: 2013 Guidelines as a value against the Information Security Governance component rating. It starts with aligning organizational goals from COBIT 5.0 perspectives to obtain five COBIT 5.0 IT processes. The current capability is at level 2.5. Improvement recommendation from level 2.8 to level 3 refers to best practice recommended by COBIT 5.0 for Information Security.