Academic Information System Security Audits Using COBIT 5 Framework Domains APO12, APO13 AND DSS05

Abstract

Academic information system in an institution is very important for the administration of lectures. The fore need for a system security audit so that the administration runs without obstacles. This audit can be carried out using the COBIT 5 framework, in this research an information security audit was carried out on academic information security. by focusing on the APO12 (Manage Risk), APO13 (Manage Risk), and DSS05 (Manage Security Service) domains. The stages in this research are initiation, planning the assessment, data collection, data validation, process attribute level and reporting the result. The results of this research note that the ability level of APO12 is at level 1, APO13 at level 2 and DSS05 at level 2, which means that the institution has carried out and implemented the information technology process and achieved its objectives. To reach level 3 some recommendations are given to cover the gaps that have been determined in the APO12, APO13 and DSS05 processes.