Manajemen keamanan informasi menggunakan framework COBIT 5 dan ISO 27001:2013 dalam pembuatan dokumen standard operating procedure

Abstract

This research to improve the quality of public services in accordance with the expectations of the community as service users. According to ISO 27001: 2013, an information security management system is an integrated part of an organizational process and in overall information security management in maintaining confidentiality, integrity and availability of information, managing and controlling security risks. information. To maintain consistency in providing optimal services, internal improvements need to be made to build a management system that will guarantee the quality of the education process according to the set standards. So, one of which is a standard that will become a reference in the form of an SOP (Standard Operating Procedure) on information security management. This research was conducted in Regional Financial and Aset Management Board (BPKAD) East Java Province. Therefore, this study proposes the making of SOP (Standard Operating Procedure) as a standard regarding information management using the Cobit 5 and ISO 27001:2013 framework. This study proposes the making of SOP (Standard Operating Procedure) as a standard regarding information management using the Cobit 5 and ISO 27001:2013 framework. This research will produce SOP documents that refer to Cobit 5 and ISO 27001: 2013 regarding information system security management. This research resulted, (1) document processing problems procedures; (2) aset management procedures; (3) server and network access room management system; (4) facility management procedures; (5) change management procedures; (6) management of capacity management procedures; (7) LOG management procedures; (8) management of service continuity procedures; (9) remote access management procedures; (10) backup management procedures.