Audit of Information security system in the Communication and Information department is needed to determine the extent of information system carried out. This reasearch uses the ISO/ IEC 27001: 2013. Data from this reasearch were obtained based on the result of interview, observation and questionnaire. The respondent conducted a self assessment, then the researcher observe. The results of this study indicate that the average maturity level of the respondent is at level 2 (repeatable) with a value of 2.13 and the average maturity level of the finding is level 2 (repeatable) with a value of 2.40. The difference between the respondent value and the finding value show that in the sub domain information security incident management. This difference occur due to the absence of existing SOP procedure and criteria. Overall, there is no policy in developing the system through a process of security testing.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.