DISKOMINFO Sukabumi city is Office that has the task of implementing regional authority in field of management of Information and Communication Technology. The consequence of application of Information and Communication Technology (ICT) is with emergence of security risks. As happened in Sukabumi City Government Information System, hacking occurs by unauthorized parties. There are several ways to maintain information security, by applying information security to information technology layer technically or by doing governance. The implementation of this governance is a necessity and has become a necessity and a demand. One of them is using COBIT 5 framework with the COBIT for information security section, which focuses on information security and provides more complete guidelines and practices for information security professionals and other related parties at each interprise level. In a study at DISKOMINFO Kota Sukabumi, the selection of the COBIT 5 framework domain, was taken by mapping the organization's objectives with EG COBIT and ITRG goals. From the election was taken the enabler of EDM01, APO01, APO02, APO03, BAI02, DSS03, DSS05. The results show that Information Technology security management in DISKOMINFO is still at level 1.