Maturity Level Analysis of Digital Evidence Handling on Integrated Criminal Justice System based on NIST SP800-53 Revision 5 Using NIST Maturity

Abstract

The challenge of handling digital evidence in an integrated justice system is that it is vulnerable, easy to change, and destroyed, so it needs to be protected from security threats when stored, processed, and transmitted by each interconnected law enforcer. This study aims planning evaluation as a part to enhance security control by analyzing the maturity level of XYZ's organization as a law enforcement in handling digital evidence in an integrated criminal justice system. So far, there has been no research that measures the level of maturity in the handling of potential digital evidence. This study uses the NIST SP800-53 Rev 5 security control standard and measures the maturity level using NIST Maturity. The result of the research is that the current organizational maturity level is 2.1 (range 0-5). The XYZ organization, in general, has had a pattern in dealing with digital potential in terms of information security and privacy, but it has not been established so it is still vulnerable, inconsistent, and reactive. Organizations need to improve control of information security and privacy optimally so that the security of digital evidence can be guaranteed. These results can be part of the evaluation process of the organization's planning to improve security controls.