- This study aimsto information security in academic information systems to provide recommendations for improvements in information security management by the expected maturity level based on ISO/IEC 27002:2013. By using a qualitative descriptive approach, data collection and validation techniques with triangulation techniques are interviews, observation, and documentation. The data were analyzed by using gap analysis and to measure the maturity level determined 15 objective control and 45 security controls scattered in 5 clauses, the result of the research found that the performance of academic information system maturity level at level 2. That is, the current level of maturity is below the expected maturity level, so it needs to be increased to the expected level

Keywords : Academic Information System, Maturity Level, Information Security, Gap Analysis.