Analytical and Evaluation Capability Level of Knowledge Management For Penetration Tester Knowledge Preservation Using Cobit®5 Self-Assessment In an It Security Company

Abstract

The purpose of this study is to standardize work roles and their level of proficiency and to determine the ability of Knowledge Management in preserving Pentester Knowledge using Confluence® at XYZ Company. The data used and processed in this study were obtained from interviews and observations with the principal for work roles. The results of standardization of job roles are obtained by mapping using the NICE Framework, and proficiency levels can be mapped using the CIISec Framework. Knowledge Management capability assessment is carried out using COBIT®5 Domain APO07 (Manage Human Resources and BAI08 (Manage Knowledge). Observations and interviews are carried out in the order of data collection where respondents are represented by IT Director, HR Head, Confluence Manager, Sales Department Chair, and Team IT Governance The result of Capability Level is 2 (Managed Process), meaning that IT Governance at the time of implementing Knowledge Management has generally been carried out with planning, monitoring and adjustment, but several processes have not yet been implemented, have been presented to the Company's management as feedback and recommendations for improvement of planning process.