Evaluation of Information Technology Governance Maturity Using COBIT 2019: A Case Study on the IT Security Industry
Abstract
This study aims to evaluate the maturity of IT governance in the IT security industry using COBIT 2019. The assessment covered 13 COBIT 2019 domains, namely APO03—Managed Enterprise Architecture, APO07—Managed Human Resources, APO12—Managed Risk, APO13—Managed Security, APO14—Managed Data, BAI02—Managed Requirements Definition, BAI03—Managed Solutions Identification & Build, BAI05—Managed Organizational Change, BAI06—Managed IT Changes, BAI07—Managed IT Change Acceptance and Transitioning, BAI09—Managed Assets, BAI10—Managed Configuration, and BAI11—Managed Projects. The research methodology included observation, domain-based question formulation, RACI interviews, data collection, and question validation testing, with maturity calculation performed using appropriate formulas. Results indicate that most domains are at Level 2 (Managed), with significant contributions to maturity at Levels 3 and 4. Significant gaps were found between the current state and the desired maturity targets for many domains, such as APO03 and BAI03. The percentage contribution from Level 2 is the highest, while contributions from Levels 3 and 4 vary, with very low contributions from Level 5. The total maturity score is 2.49, with percentage contributions from Levels 2, 3, 4, and 5 being 74%, 26%, 11%, and 3%, respectively. Recommendations include improving processes to achieve Levels 3 and 4 across more domains and investing in training and development for relevant teams.
References
AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. (2020). Information security governance challenges and critical success factors: Systematic review. Computers & security, 99, 102030. https://doi.org/10.1016/j.cose.2020.102030
Amore, E., Dilger, T., Ploder, C., Bernsteiner, R., & Mezzenzana, M. (2023). Leverage the COBIT 2019 Design Toolkit in an SME Context: A Multiple Case Study. KnE Social Sciences, 73-101. https://doi.org/10.18502/kss.v8i1.12636
Atrinawati, L. H., Ramadhani, E., Fiqar, T. P., Wiranti, Y. T., Abdullah, A. I. N. F., Saputra, H. M. J., & Tandirau, D. B. (2021, February). Assessment of process capability level in university XYZ based on COBIT 2019. In Journal of Physics: Conference Series (Vol. 1803, No. 1, p. 012033). IOP Publishing. https://doi.org/10.1088/1742-6596/1803/1/012033
Audia, R., & Sugiantoro, B. (2022). Evaluation and Implementation of IT Governance Using the 2019 COBIT Framework at the Department of Food Security, Agriculture and Fisheries of Balangan Regency. IJID (International Journal on Informatics for Development), 11(1), 152-161. https://doi.org/10.14421/ijid.2022.3381
Baker, T., & Shortland, A. (2023). The government behind insurance governance: Lessons for ransomware. Regulation & Governance, 17(4), 1000-1020. https://doi.org/10.1111/rego.12505
Chen, L., Tong, T. W., Tang, S., & Han, N. (2022). Governance and design of digital platforms: a review and future research directions on a meta-organization. Journal of management, 48(1), 147-184. https://doi.org/10.1177/01492063211045023
Christiadi, R. N., & Sutomo, R. (2023). Measurement Of It Security Governance Capabilities Using Cobit 2019 At Indonesian Business Sector. G-Tech: Jurnal Teknologi Terapan, 7(4), 1498-1508. https://doi.org/10.33379/gtech.v7i4.3170
De Haes, S., Van Grembergen, W., Joshi, A., Huygh, T., De Haes, S., Van Grembergen, W., ... & Huygh, T. (2020). COBIT as a Framework for Enterprise Governance of IT. Enterprise Governance of Information Technology: Achieving Alignment and Value in Digital Organizations, 125-162. https://doi.org/10.1007/978-3-030-25918-1_5
Dharmada, T., Wiratama, J., & Faza, A. (2024). Leveraging COBIT 2019 Framework for Recommending ERP System Module Development at Cardboard Manufacturing Industry. Journal of Information Systems and Informatics, 6(2), 1195-1214. https://doi.org/10.51519/journalisi.v6i2.764
Fianty, M. I., & Brian, M. (2023). Leveraging COBIT 2019 Framework to Implement IT Governance in Business Process Outsourcing Company. Journal of Information Systems and Informatics, 5(2), 568-579. https://doi.org/10.51519/journalisi.v5i2.492
Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 58, 102726. https://doi.org/10.1016/j.jisa.2020.102726
Ishlahuddin, A., Handayani, P. W., Hammi, K., & Azzahro, F. (2020, September). Analysing IT governance maturity level using COBIT 2019 framework: A case study of small size higher education institute (XYZ-edu). In 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE) (pp. 236-241). IEEE. https://doi.org/10.1109/IC2IE50715.2020.9274599
Jawad, M. M., Ali, M. H., Khaleel, A. A., & Hasan, M. F. (2023). Evaluating the performance of IT management under the implementation of the COBIT 2019 framework. Eximia, 12, 18-36. https://doi.org/10.47577/eximia.v12i1.331
Johanning, V. (2023). Organization and Management of IT: The New Role of IT and the CIO in Digital Transformation. Springer Nature. https://doi.org/10.1007/978-3-658-39572-8
Lumingkewas, C., Mambu, J. Y., & Wahyudi, A. (2023). Identification of IT governance capability level of COBIT 2019 at the Kominfo City of Bitung, North Sulawesi. TeIKa, 13(01), 1-15. https://doi.org/10.36342/teika.v13i01.3064
Pistikopoulos, E. N. (2024). Analysis of Information Technology Governance Management of Work Units in XYZ Agencies with the Cobit Framework 2019. Join: Journal of Social Science, 1(1), 19-31. https://doi.org/10.59613/774nfg93
Rabii, A., Assoul, S., Ouazzani Touhami, K., & Roudies, O. (2020). Information and cyber security maturity models: a systematic literature review. Information & Computer Security, 28(4), 627-644. https://doi.org/10.1108/ICS-03-2019-0039
Ramadhana, R., Izaac, B. V., Tangka, G. W., & Mambu, J. Y. (2023). Information Technology Governance Analysis Using the COBIT 2019 Framework at PT. Daya Adicipta Wisesa. Jurnal Informasi dan Teknologi, 141-146. https://doi.org/10.60083/jidt.v5i3.414
Solikhah, M. A., Magdalena, L., & Hatta, M. (2024). Implementation of the COBIT 2019 Framework on Information Technology Governance and Risk Management (Study Case: CV. Syntax Corporation Indonesia). Eduvest-Journal of Universal Studies, 4(8). https://doi.org/10.59188/eduvest.v4i7.1504
Syahputra, M. H. A., & Sutomo, R. (2023). Analysis of IT Performance on Management HR of Equity Firm Using COBIT 5. Journal Of Information Systems And Informatics, 5(2), 650-664. https://doi.org/10.51519/journalisi.v5i2.494
Taherdoost, H. (2022). Understanding cybersecurity frameworks and information security standards a review and comprehensive overview. Electronics, 11(14), 2181. https://doi.org/10.3390/electronics11142181
Ullah, F., Qayyum, S., Thaheem, M. J., Al-Turjman, F., & Sepasgozar, S. M. (2021). Risk management in sustainable smart cities governance: A TOE framework. Technological Forecasting and Social Change, 167, 120743. https://doi.org/10.1016/j.techfore.2021.120743
Utomo, D., Wijaya, M., Suzanna, S., Efendi, E., & Sagala, N. T. M. (2022). Leveraging COBIT 2019 to Implement IT Governance in SME Context: A Case Study of Higher Education in Campus A. CommIT (Communication and Information Technology) Journal, 16(2), 129-141. https://doi.org/10.21512/commit.v16i2.8172
Widharto, P., Suhatman, Z., & Aji, R. F. (2022). Measurement of information technology governance capability level: a case study of PT Bank BBS. TELKOMNIKA (Telecommunication Computing Electronics and Control), 20(2), 296-306. http://doi.org/10.12928/telkomnika.v20i2.21668
Yang, K. (2020). Unprecedented challenges, familiar paradoxes: COVID‐19 and governance in a new normal state of risks. Public Administration Review, 80(4), 657-664. https://doi.org/10.1111/puar.13248
Copyright (c) 2024 Journal La Multiapp
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.