Security level analysis of academic information systems based on standard ISO 27002:2003 using SSE-CMM (1802.03613v2)

Abstract: This research was conducted to find out the level of information security in an organization to give recommendations improvements in information security management at the organization. This research uses the ISO 27002 by involving the entire clause that exists in ISO 27002 check-lists. Based on the analysis results, 13 objective controls and 43 security controls were scattered in 3 clauses of ISO 27002. From the analysis it was concluded that the maturity level of information system security governance was 2.51, which means the level of security is still at level 2 planned and tracked is planned and tracked actively) but is approaching level 3 well defined.