INFORMATION SYSTEM SECURITY EVALUATION USING COBIT 5 FRAMEWORK

Abstract

Most companies use information technology to develop their business. But there are things to note, some threats can occur and cause losses. Undesirable events hinder the achievement of company goals and strategies. PT XYZ believes that information security is important in all business activities. Threats that can compromise information security. Information is an important asset for PT XYZ. Therefore, it is necessary to evaluate or measure the controls and activities that have been implemented to protect company data/information. Evaluation in this paper uses the COBIT 5 Framework which focuses on Manage Security Services (DSS05). Keywords: Evaluation, COBIT 5, Manage Security Services, Capability Level