Author:
Wulansari Anita,Prasetyo Carena Learns,Mukaromah Siti,Kartika Dhian Satria Yudha,Safitri Eristya Maya,Najaf Abdul Rezha Efrat
Abstract
Bureau XYZ strived to facilitate the realization of good governance through electronic government (e-government). There were various information systems that were implemented as part of this effort, one of which was the mail management information system. Bureau XYZ has implemented an Information Security Management System (ISMS) using ISO 27001:2013 standards. Nevertheless, optimization and management of information technology risks were necessary to ensure that the implementation of the software was in accordance with the capabilities and objectives of the organization. Therefore, it was necessary to measure the capability level to determine the actions that need to be taken to improve information security risk management in implementing the software. This study aimed to obtain the capability level of the mail management information system's information security risk management process, find out the gap between the actual and desired capability level and provide recommendations for improvement according to COBIT 5. This study measured the EDM03-Ensure Risk Optimization process. The assessment results showed that the EDM03 process was at Level 1 (Performed) and had a gap value of 2 from the desired capability level, Level 3 (Established). Recommendations for improvement were also included in this study to help the organization achieve the desired level based on the assessment results, list of findings, and validation of work products.