Academic Information System Security Audits Using COBIT 5 Framework Domains APO12, APO13 AND DSS05


  • Yoga Megasyah Universitas Nasional Pasim
  • Adi Arga Arifnur Universitas Andalas



Information System Academic, COBIT 5, APO12, APO13, DSS05


Academic information system in an institution is very important for the administration of lectures. The fore need for a system security audit so that the administration runs without obstacles. This audit can be carried out using the COBIT 5 framework, in this research an information security audit was carried out on academic information security. by focusing on the APO12 (Manage Risk), APO13 (Manage Risk), and DSS05 (Manage Security Service) domains. The stages in this research are initiation, planning the assessment, data collection, data validation, process attribute level and reporting the result. The results of this research note that the ability level of APO12 is at level 1, APO13 at level 2 and DSS05 at level 2, which means that the institution has carried out and implemented the information technology process and achieved its objectives. To reach level 3 some recommendations are given to cover the gaps that have been determined in the APO12, APO13 and DSS05 processes.


Download data is not yet available.


Aritonang, i. J. (2018). Audit keamanan sistem informasi menggunakan framework COBIT 5 (apo13). Information technology engineering journals, 3(2), 5.

Ciptaningrum, d., nugroho, e., & adhipta, d.(2015). Audit keamanan sistem informasi pada kantor pemerintah kota yogyakarta menggunakan cobit, 5, 10.

De Haes, S., Van Grembergen, W., & Debreceny, R. S. (2013). COBIT 5 and enterprise governance of information technology: Building blocks and research opportunities. Journal of Information Systems, 27(1), 307-324.

De Haes, S., Van Grembergen, W., Joshi, A., & Huygh, T. (2020). COBIT as a Framework for Enterprise Governance of IT. In Enterprise Governance of Information Technology (pp. 125-162). Springer, Cham.

Greene, F & CISSP (2015). Selected COBIT 5 Processes for Essential Enterprise Security. ISACA.

ISACA. (2013). COBIT Process Assessment Model (PAM): Using COBIT 5, Rolling Meadows, United State of America.

IT Governance Institute (ITGI), ISACA. (2012). COBIT 5 Enabling Processes. United State of America.

Mangalaraj, G., Singh, A., & Taneja, A. (2014). IT governance frameworks and COBIT-a literature review.

Maria, e., & Haryani, e. (2011). Audit model development of academic information system: case study on academic information system of Satya Wacana. Journal of arts, science & commerce, ii (2 april 2011), 13.

Matin, i. M. M., arini, a., & wardhani, l. K. (2018). Analisis keamanan informasi data center menggunakan cobit 5. Jurnal teknik informatika, 10(2), 119–128. Https://

Messier, et al. (2014). Evaluasi Kinerja SDM. Cetakan Ketujuh. Bandung: PT. Refika Aditama.

Weber, Ron. (1999). Information Systems Control and Audit. 2nd edition. Prentice Hall Inc, New Jersey.




How to Cite

Megasyah, Y., & Arifnur, A. A. (2020). Academic Information System Security Audits Using COBIT 5 Framework Domains APO12, APO13 AND DSS05. Journal of Applied Engineering and Technological Science (JAETS), 1(2), 124–135.