INFORMATION SECURITY GOVERNANCE DESIGN USING COBIT 2019 FRAMEWORK AND ISO/IEC 27001:2013 (CASE STUDY DITRESKRIMSUS POLDA XYZ)
Based on Presidential Regulation Number 95 of 2018 concerning Electronic Based Government Systems (SPBE), outlined in the Decree of the Chief of the Indonesian National Police No. Pol. SKEP / 360 / VI / 2005, dated June 10, 2005, concerning the Grand Strategy of the National Police for 2005 to 20...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/53887 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Based on Presidential Regulation Number 95 of 2018 concerning Electronic Based
Government Systems (SPBE), outlined in the Decree of the Chief of the Indonesian
National Police No. Pol. SKEP / 360 / VI / 2005, dated June 10, 2005, concerning
the Grand Strategy of the National Police for 2005 to 2025, strive for excellence on
the National Police's strategic plan, explaining the use of technology at all levels
under the Polri's duties. The use of technology has been applied in all areas of
Polri's duties. However, this technology does not yet have a level of capability in
information security management. For this reason, a draft information governance
recommendation is required by combining COBIT 2019 framework and ISO/IEC
27001: 2013 concerning Information Security Management Systems (ISMS) in the
form of a roadmap. This study uses the Design Science Research Methodology
(DSRM) research method. The design was carried out by mapping ISO/IEC 27001:
2013 into COBIT 2019 framework. ISO/IEC 270001: 2013, which has been mapped
into the core model domain of COBIT 2019 framework, then selected using the
cascade goals and design factors based on the vision, mission, and objectives of the
Ditreskrimsus Polda XYZ. This mapping resulted in 29 selected COBIT 2019 core
model domains which became the basis for designing and assessing information
security management capabilities at Ditreskrimsus Polda XYZ. The assessment
based on the 29 domains of COBIT 2019 core model shows that Ditreskrimsus
Polda XYZ has not been able to meet the target level 3 capability in managing
information security. The results of this study are information security governance
documents that meet the criteria for information security governance
organizational structures, human resources, information security policies, and
procedures based on the 29 domains of COBIT 2019 core model, which must be
applied to Ditreskrimsus Polda XYZ in the form of a roadmap starting at 2021-
2025 in managing information security.
|
|---|