Information is a fundamental asset in every organization. The protection of this asset, through information security processes, is very important. COBIT and ISO27001 are reference frameworks for information security management that help organizations assess their security risks and implement appropriate security controls. One of the most important parts of IT in the COBIT framework is information security management which includes confidentiality, integrity and availability of resources. Since the issues addressed in COBIT information security management are areas covered by the ISO/IEC27001 standard, the best option to address information security management in a COBIT infrastructure is to use the ISO/IEC27001 standard. For the existence and complementary use of COBIT and ISO27001, mapping COBIT processes to ISO/IEC 27001 controls is very useful. This paper explores the role of information security in COBIT and describes the approach of mapping COBIT processes to ISO/IEC27001 controls for information security management.

Information security management, COBIT, ISO/IEC 27001, PDCA cycle, STRIDE

E. Handoyo, “Analisis Tingkat Keamanan Informasi: Studi Komparasi Framework Cobit 5 Subdomain Manage Security Services (DSS05) dan NIST Sp 800 – 55,” J. CoSciTech (Computer Sci. Inf. Technol., vol. 1, no. 2, pp. 76–83, 2020.

“Rekap Serangan Siber (Januari – April 2020) | bssn.go.id.”.

“BSSN: Malware Trojan Dominasi Serangan Siber di 2020 - Tempo.co.”.

“Laporan Tahunan 2019 PUSOPSKAMSINAS BSSN | bssn.go.id.”.

A. Ključnikov, L. Mura, and D. Sklenár, “Information security management in smes: Factors of success,” Entrep. Sustain. Issues, vol. 6, no. 4, pp. 2081–2094, 2019.

Department for Digital Culture Media and Sport, “Reino Unido Cyber Security 2018,” Cyber Secur. Breaches Surv., no. 1, pp. 1–58, 2018.

M. G. Cains, L. Flora, D. Taber, Z. King, and D. S. Henshel, “Defining Cyber Security and Cyber Security Risk within a Multidisciplinary Context using Expert Elicitation,” Risk Anal., 2021.

D. Sulistyowati, F. Handayani, and Y. Suryanto, “Comparative analysis and design of cybersecurity maturity assessment methodology using nist csf, cobit, iso/iec 27002 and pci dss,” Int. J. Informatics Vis., vol. 4, no. 4, pp. 225–230, 2020.

D. R. F. Dits Prasanti, “Penelitian Kepustakaan (Library Research) dalam Penelitian Pendidikan IPA,” Pembentukan Anak Usia Dini keluarga, Sekolah, Dan Komunitas, vol. 2, no. 1, p. 15, 2018.

N. Deysel, “A model for information security control audit for amall to mid-sized organizations”, Masters thesis in Business Information Systems in the Faculty of Engineering, the Built Environment and Information Technology at the Nelson Mandela Metropolitan University, (2009) January.

IT Governance Institute (ITGI), “COBIT Mapping: Mapping of ISO/IEC 17799:2000 with COBIT”, 2nd Edition, Printed in the United States of America, United States of America, (2000).

Witjaksono, R. (2019). Audit Sistem Informasi Akademik Universitas Telkom Menggunakan Framework COBIT 5 Domain DSS Untuk Optimasi Proses Service Delivery. Jurnal Rekayasa Sistem & Industri (JRSI), 6(01), 16-23. doi:10.25124/jrsi.v6i1.341

IT Governance Institute (ITGI), “COBIT Security Baseline. An Information Security Survival Kit”, Rolling Meadows: Author. Retrieved (2008) June 30, from http://www.isaca.org.

W. Boehmer, “Appraisal of the effectiveness and efficiency of an Information Security Management System based on ISO 27001”, Proceeding of Second International Conference on Emerging Security Information, Systems and Technologies, (2008), pp. 224-31.

A. Tsohou, S. Kokolakis, C. Lambrinoudakis and S. Gritzalis, “Information Systems Security Management: A Review and a Classification of the ISO Standards”, Next Generation Society, Vol.26, Technological and Legal Issues, Part 6, (2010), pp. 220-235.

E. Humphreys, “Information security management standards: Compliance, governance and risk management”, J Information Security Technical Report, Vol.13, No. 4, (2008), pp. 247-55.

K. L.,Thomson and R. von Solms, “Information security obedience: a definition”, J Computers & Security, Vol. 24, (2005), pp. 69-75.

ISO/IEC 27001: 2005, “Information technology- Security techniques - Information security management systems- requirements,” ISO Office, Published in Switzerland (2005).

J. Heasuk, K. Seungjo and W. Dongho, “A Study on Comparative Analysis of the Information Security Management Systems”, Lecture Notes in Computer Science, Vol. 6019, (2010), pp. 510-519.

A. Nakrem, “Managing Information Security in Organizations, A Case Study”, Master thesis in information systems, (2007), Institute of information science, department of economy and social studies HIA

E. Humphreys, “Information security management standards: Compliance, governance and risk management”, J Information Security Technical Report, Vol.13, No. 4, (2008), pp. 247-55.