Title: Information System Security Analysis of XYZ Company Using COBIT 5 Framework and ISO 27001:2013
Abstract: Abstract Information system security is now very important to prevent from an attack. Besides that, low level security can harm the productivity of an organization. The purpose of this research is to ascertain and know the level of information system security in XYZ Company, because it has never conducted an audit information system security. In this research, it used the COBIT 5 framework to audit information security management system in a company based on the ISO 27001 standard. This audit was conducted to identify information system security that was not good. In addition to improving the information security management system that will be adjusted to the ISO 27001 standard. This research was composed by applying a qualitative methodology, observation of the activity in the company and reviews related information security management system literature document existing. For the auditing using COBIT 5 framework, audit focuses on four kinds process that consists of APO12, DSS05, MEA02 dan EDM03. The audit COBIT 5 two results in consisting of “Managed Process” Level on APO12, MEA02 and EDM03 and “Performed Process” level on DSS05. The resulting of this research will be used a reference to the improvement of existing information system security in the company.