AUDIT KEAMANAN SISTEM INFORMASI DI DINAS XYZ PROVINSI LAMPUNG MENGGUNAKAN STANDAR ISO/IEC 27001:2013

Abstract

Audit of Information security system in the Communication and Information department is needed to determine the extent of information system carried out. This reasearch uses the ISO/ IEC 27001: 2013. Data from this reasearch were obtained based on the result of interview, observation and questionnaire.  The respondent conducted a self assessment, then the researcher observe. The results of this study indicate that the average maturity level of the respondent is at level 2 (repeatable) with a value of 2.13 and the average maturity level of the finding is  level 2 (repeatable) with a value of 2.40. The difference between the respondent value and the finding value show that in the sub domain information security incident management. This difference occur due to the absence of existing SOP procedure and criteria. Overall, there is no policy in developing the system through a process of security testing.