Audit Keamanan Sistem Informasi Manajemen Rumah Sakit Dengan Framework COBIT 2019 Pada RSUD Palembang BARI

This study examines the implementation of information system at RSUD Palembang BARI with the aim of enhancing information system security. In this context, a security audit is conducted using the COBIT 2019 framework. The COBIT 2019 domains and processes utilizing include EDM03, APO12, APO13, APO14, and DSS05. The research involves the identification and evaluation of information security risks, determination of necessary security controls, and ensuring compliance with the information security standards established by COBIT 2019. The findings indicate that the level of information system security at RSUD Palembang BARI is at level 3 (Defined), with a gap analysis difference of 1 level below the expected target. Based on the above results, efforts to improve and enhance the information system security at RSUD Palembang BARI are still needed. The use of information system security techniques such as vulnerability scanning, penetration testing, WAF, IDS and IPS, and data encryption, as well as improving security in terms of server physical aspects such as installing CCTV and restricting user access with access cards or fingerprints, can be implemented to ensure compliance with relevant information security standards. Consideration for obtaining security certifications, like ISO 27001, should also be taken. Additionally, the quality of human resources in terms of policy-making and the ability of employees to address threats and attacks on information system security should be improved through training and strengthening coordination among employees.