AUDIT SECURITY SERVICES AT PT.

XYZ
(Case Study PT. POS Indonesia Bandung)
AULIA PRIMADANI
1106100047

Introduction

Formulation of the problem

How does the application of controls
related to security services in PT. XYZ?
How is the capability of security services in
the PT. XYZ?
How IT security improvement
recommendations on security services at
PT. XYZ

Research Goal
Measure the effectiveness of the control of
the security services information system in
PT. XYZ.
Conduct an assessment capability of
security services contained in the PT. XYZ.
Develop recommendations for
improvement of security services required
by PT. XYZ

Benefit of research
Increase IT security fixes on PT. XYZ.
Improve the performance of the company

Scope of problem
The object of research only on security and Quality
Assurance division in the directorate of information
technology and financial services area headquarters
of PT. XYZ.
Asessment against the security services that are
used only in the domain Deliver Service Support
05.01,05.02,05.03,05.04 and 05.05.
Asessment Process during Assessment Capability
level using Process Asessment Model (PAM) in the
framework COBIT 5.
The output of the assessment only an open
recommendations

Conceptual model

systematical research

Timeline of Research

Risk Assessment
Product B

Feature
Feature
Feature
Feature

1
2
3
4

Capability Level

Conclusion
DSS 05.01
PT. XYZ must be able to ensure that the training has been
done can be implemented by a trainee.
DSS 05.02
PT. XYZ should implement only authorized devices can fit
into the corporate network and the level of user access
rights for all internal systems.
All levels of network security should get updates version of
the routine and periodic security.
PT. XYZ must perform data encryption on all internal
systems are contained in the company.
PT. XYZ must perform tests on all devices contained in the
protection of network and connectivity to ensure all devices
support the maximum operational.

Conclusion [1]
DSS 05.03
PT. XYZ should implement encryption information in a storage medium
PT. XYZ must perform security management of endpoints based on the
safety standards required for all devices support contained in the
company
PT. XYZ must make improvements to the encryption information
PT. XYZ must update our security in an integrated system for the
security of critical data on companies
DSS 05.04
Care permissions conducted by PT. XYZ must be able to ensure that
the information obtained by the user is in conformity with the
functions of office
PT. XYZ authenticate access to information assets must be used to
protect the user's identity management
All security functions on identity and access management should be
handled by the party responsible for the PT. XYZ
PT. XYZ should use the standard in managing user identity and access
logic

Conclusion [2]
DSS 05.05
PT. XYZ must perform updating information in determining which
parties are allowed to enter the site IT
Capability Level
PT. XYZ making process related documentation work has been
done
PT. XYZ has made the documentation related to the definition of
the work done.
PT. XYZ conduct regular monitoring of the process of work that has
been done
PT. XYZ perform tasks related documentation, the rights and
obligations of each party is responsible in the process of work that
has been done.

TERIMA
KASIH