Security Capability Assessment on Network Monitoring Information System Using COBIT 5 for Information Security Aris PRATIWI 1 , Dwi Rosa INDAH 2* , Jaidan JAUHARI 3 and Mgs. Afriyan FIRDAUS 4 1,2,3,4 Department of Information Systems Faculty of Computer Science Universitas Sriwijaya, South Sumatera, Indonesia *Corresponding author: indah812@unsri.ac.id ABSTRACT PT Telekomunikasi Indonesia, Tbk. (Telkom) is a State-Owned Enterprises (SOEs), which provides products and services of information and communication technology services and telecommunications networks in Indonesia. Telkom has implemented a network disturbance monitoring information system which includes the NOSSA application. To ensure a reliable and safe system, it is necessary to measure the system's security capability. COBIT 5 for Information Security is a framework that can provide overall technical and non-technical information security governance. The results of the measurement for process EDM03, APO13, and DSS05 is at level 4 (processes that are running can be predicted), the process APO12 and BAI06 are at level 3 (the running process is stable). The capability of the measurement results can be used to recommend solving and decision making in the organization. Keywords: COBIT 5, Process Assessment Model, security capability assessment, network monitoring information system, information security INTRODUCTION In the era of information and communication technology, information security becomes very important. Information security has become a fundamental issue for businesses, organizations, and governments while vulnerability Information Exchange Environment (IEE) has increased as the threat of widespread and complicated [1]. Information system security illustrates the protection of computer devices, data, facilities, and information from irresponsible parties, but in practice, information system security does not receive special attention from the system manager [2]. PT Telekomunikasi Indonesia, TBK (Telkom) is a State-Owned Enterprises (SOEs), which provides products and services of information and communication technology services and telecommunications networks in Indonesia [3]. To enhance the company's business needs Telkom has implemented the system for monitoring information system network interference, in which there are NOSSA applications (New Operation Support System Assurance). As one of the SOE, the company must implement an information security management system, it is relevant to the regulation of the Minister of Communication and Information about the information security management system implementation for the organization of the electronic system for public services [4]. Based on interviews and data recorded in 2017, the number of networks connected to Telkom's South Sumatra Communication Area (WITEL) is approximately 101 FIMO (Fiber Modernization) and 674 BTS (Base Transceiver Station) towers and has 178 million cellular subscribers. To ensure the system is reliable and secure, as providers of public services, Telkom is required to conduct an audit of the system, it is done to prevent loss of data and information that could be threaten for Telkom’s operation activities [4]. One of the efforts to prevent this is the need for measurement of system security capabilities to determine the confidentiality, integrity, and availability because the system can be said to be safe if it meets these three principles. A framework that can provide comprehensive information security governance that specifically addresses security audits is called COBIT 5 for Information Security. COBIT 5 for Information Security can help companies to reduce their risks by managing security appropriately [5]. Information and related technologies are the core of the company, but information security is the core of stakeholder trust [6]. METHODOLOGY The methodology of this study are as follows: Figure 1 Research Framework Establish COBIT 5 Process Based on process based on enterprise goals with IT-related goals adjusted to COBIT 5 for information Capability level assessment with PAM Recommended Improvements Advances in Intelligent Systems Research, volume 172 Sriwijaya International Conference on Information Technology and Its Applications (SICONIAN 2019) Copyright © 2020 The Authors. Published by Atlantis Press SARL. This is an open access article distributed under the CC BY-NC 4.0 license -http://creativecommons.org/licenses/by-nc/4.0/. 167