Performance Measurement of Security Academic Information System using Maturity Level

TL;DR

This paper assesses the maturity level of security in academic information systems using ISO/IEC 27002:2013, identifying gaps and recommending improvements to reach the desired security management standards.

Contribution

It introduces a method to measure security maturity levels in academic systems based on ISO standards, highlighting current deficiencies and areas for enhancement.

Findings

Current maturity level is at level 2, below the expected level.

Identified gaps in security controls based on 15 objectives and 45 controls.

Recommendations provided for improving security maturity.

Abstract

This study aims to information security in academic information systems to provide recommendations for improvements in information security management by the expected maturity level based on ISO/IEC 27002:2013. By using a qualitative descriptive approach, data collection and validation techniques with triangulation techniques are interviews, observation, and documentation. The data were analyzed by using gap analysis and to measure the maturity level determined 15 objective control and 45 security controls scattered in 5 clauses, the result of the research found that the performance of academic information system maturity level at level 2. That is, the current level of maturity is below the expected maturity level, so it needs to be increased to the expected level.