Data and Information Security Audit Using IT Baseline Protection Manual At PT. XYZ

Abstract

Development of technology security issues is one important aspect of an information system. Data security and information governance in an enterprise has an important role in maintaining the confidentiality of data in the company and keeping the data intact. Without good data security governance it will arise various problems such as vulnerable to hacker attacks and theft of important corporate data, the identity of employees in the company prone to be stolen by using phishing websites, and loss of data caused by technical things like sudden power outages or lost internet connection . The IT Baseline Protection Manual provides an effective way of understanding needs and priorities in securing data through the process of measuring the level of maturity (Capability Level). Audit of data and information security at PT. XYZ aims to measure the level of data security process capability using domains available in the IT Baseline Protection Manual. The audit stage starts from the case study survey, the selection of the IT Baseline Manual Protection domain and the results of the questionnaire obtained as a representation of the level of maturity with the assessment standard using Maturity Level. Maturity Level value obtained from the results of data security and information security using the domain of IT Baseline Protection Manual that is equal to 2,695 of the maximum score 5. Audit results show that the maturity level of dataI security process at PT. XYZ is at Level 2 (Managed) which still needs to be improved to achieve maximum data security.

Index Terms—Audit, IT Baseline Protection Manual, Maturity Level.