Evaluation of Basic Principles of Information Security at University Using COBIT 5

Abstract

Information security issues commonly arise in a company and institution, including those in University. Some of the threats and attacks are unauthorized access, system user accountability, and logical and physical issues. This study reveals the obedience rate of the information security principle in Universitas Amikom Purwokerto and provides a recovery strategy. The domains being used were APO13, DSS5, and MEA3. The researcher employed a descriptive quantitative method by having documentation, interview, and administering a questionnaire to the respondents.  The respondents were 83 employees who got selected by using the purposive sampling technique. The result shows that the capability level is in level 3, known as the established process. It means that the employees have applied the current procedure, even though they have not applied information security management. The proposed refinement strategy emphasizes the security policy, classification and asset management, physics and environment security, and business continuity management. The gap can be fixed by implementing the proposed refinement strategy. Future researchers may evaluate obedience based on the identified variables by keeping the standard in mind.