Evaluation of Information Technology Governance Maturity Using COBIT 2019: A Case Study on the IT Security Industry

  • Rachmad Syarul Hidayat Information Technology, Pradita University, Indonesia
  • Richardus Eko Indrajit Information Technology, Pradita University, Indonesia
  • Erick Dazki Information Technology, Pradita University, Indonesia
Keywords: IT Governance, COBIT 2019, Governance Maturity, Maturity Evaluation, IT Security Industry

Abstract

This study aims to evaluate the maturity of IT governance in the IT security industry using COBIT 2019. The assessment covered 13 COBIT 2019 domains, namely APO03—Managed Enterprise Architecture, APO07—Managed Human Resources, APO12—Managed Risk, APO13—Managed Security, APO14—Managed Data, BAI02—Managed Requirements Definition, BAI03—Managed Solutions Identification & Build, BAI05—Managed Organizational Change, BAI06—Managed IT Changes, BAI07—Managed IT Change Acceptance and Transitioning, BAI09—Managed Assets, BAI10—Managed Configuration,  and BAI11—Managed Projects. The research methodology included observation, domain-based question formulation, RACI interviews, data collection, and question validation testing, with maturity calculation performed using appropriate formulas. Results indicate that most domains are at Level 2 (Managed), with significant contributions to maturity at Levels 3 and 4. Significant gaps were found between the current state and the desired maturity targets for many domains, such as APO03 and BAI03. The percentage contribution from Level 2 is the highest, while contributions from Levels 3 and 4 vary, with very low contributions from Level 5. The total maturity score is 2.49, with percentage contributions from Levels 2, 3, 4, and 5 being 74%, 26%, 11%, and 3%, respectively. Recommendations include improving processes to achieve Levels 3 and 4 across more domains and investing in training and development for relevant teams.

References

AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. (2020). Information security governance challenges and critical success factors: Systematic review. Computers & security, 99, 102030. https://doi.org/10.1016/j.cose.2020.102030

Amore, E., Dilger, T., Ploder, C., Bernsteiner, R., & Mezzenzana, M. (2023). Leverage the COBIT 2019 Design Toolkit in an SME Context: A Multiple Case Study. KnE Social Sciences, 73-101. https://doi.org/10.18502/kss.v8i1.12636

Atrinawati, L. H., Ramadhani, E., Fiqar, T. P., Wiranti, Y. T., Abdullah, A. I. N. F., Saputra, H. M. J., & Tandirau, D. B. (2021, February). Assessment of process capability level in university XYZ based on COBIT 2019. In Journal of Physics: Conference Series (Vol. 1803, No. 1, p. 012033). IOP Publishing. https://doi.org/10.1088/1742-6596/1803/1/012033

Audia, R., & Sugiantoro, B. (2022). Evaluation and Implementation of IT Governance Using the 2019 COBIT Framework at the Department of Food Security, Agriculture and Fisheries of Balangan Regency. IJID (International Journal on Informatics for Development), 11(1), 152-161. https://doi.org/10.14421/ijid.2022.3381

Baker, T., & Shortland, A. (2023). The government behind insurance governance: Lessons for ransomware. Regulation & Governance, 17(4), 1000-1020. https://doi.org/10.1111/rego.12505

Chen, L., Tong, T. W., Tang, S., & Han, N. (2022). Governance and design of digital platforms: a review and future research directions on a meta-organization. Journal of management, 48(1), 147-184. https://doi.org/10.1177/01492063211045023

Christiadi, R. N., & Sutomo, R. (2023). Measurement Of It Security Governance Capabilities Using Cobit 2019 At Indonesian Business Sector. G-Tech: Jurnal Teknologi Terapan, 7(4), 1498-1508. https://doi.org/10.33379/gtech.v7i4.3170

De Haes, S., Van Grembergen, W., Joshi, A., Huygh, T., De Haes, S., Van Grembergen, W., ... & Huygh, T. (2020). COBIT as a Framework for Enterprise Governance of IT. Enterprise Governance of Information Technology: Achieving Alignment and Value in Digital Organizations, 125-162. https://doi.org/10.1007/978-3-030-25918-1_5

Dharmada, T., Wiratama, J., & Faza, A. (2024). Leveraging COBIT 2019 Framework for Recommending ERP System Module Development at Cardboard Manufacturing Industry. Journal of Information Systems and Informatics, 6(2), 1195-1214. https://doi.org/10.51519/journalisi.v6i2.764

Fianty, M. I., & Brian, M. (2023). Leveraging COBIT 2019 Framework to Implement IT Governance in Business Process Outsourcing Company. Journal of Information Systems and Informatics, 5(2), 568-579. https://doi.org/10.51519/journalisi.v5i2.492

Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 58, 102726. https://doi.org/10.1016/j.jisa.2020.102726

Ishlahuddin, A., Handayani, P. W., Hammi, K., & Azzahro, F. (2020, September). Analysing IT governance maturity level using COBIT 2019 framework: A case study of small size higher education institute (XYZ-edu). In 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE) (pp. 236-241). IEEE. https://doi.org/10.1109/IC2IE50715.2020.9274599

Jawad, M. M., Ali, M. H., Khaleel, A. A., & Hasan, M. F. (2023). Evaluating the performance of IT management under the implementation of the COBIT 2019 framework. Eximia, 12, 18-36. https://doi.org/10.47577/eximia.v12i1.331

Johanning, V. (2023). Organization and Management of IT: The New Role of IT and the CIO in Digital Transformation. Springer Nature. https://doi.org/10.1007/978-3-658-39572-8

Lumingkewas, C., Mambu, J. Y., & Wahyudi, A. (2023). Identification of IT governance capability level of COBIT 2019 at the Kominfo City of Bitung, North Sulawesi. TeIKa, 13(01), 1-15. https://doi.org/10.36342/teika.v13i01.3064

Pistikopoulos, E. N. (2024). Analysis of Information Technology Governance Management of Work Units in XYZ Agencies with the Cobit Framework 2019. Join: Journal of Social Science, 1(1), 19-31. https://doi.org/10.59613/774nfg93

Rabii, A., Assoul, S., Ouazzani Touhami, K., & Roudies, O. (2020). Information and cyber security maturity models: a systematic literature review. Information & Computer Security, 28(4), 627-644. https://doi.org/10.1108/ICS-03-2019-0039

Ramadhana, R., Izaac, B. V., Tangka, G. W., & Mambu, J. Y. (2023). Information Technology Governance Analysis Using the COBIT 2019 Framework at PT. Daya Adicipta Wisesa. Jurnal Informasi dan Teknologi, 141-146. https://doi.org/10.60083/jidt.v5i3.414

Solikhah, M. A., Magdalena, L., & Hatta, M. (2024). Implementation of the COBIT 2019 Framework on Information Technology Governance and Risk Management (Study Case: CV. Syntax Corporation Indonesia). Eduvest-Journal of Universal Studies, 4(8). https://doi.org/10.59188/eduvest.v4i7.1504

Syahputra, M. H. A., & Sutomo, R. (2023). Analysis of IT Performance on Management HR of Equity Firm Using COBIT 5. Journal Of Information Systems And Informatics, 5(2), 650-664. https://doi.org/10.51519/journalisi.v5i2.494

Taherdoost, H. (2022). Understanding cybersecurity frameworks and information security standards a review and comprehensive overview. Electronics, 11(14), 2181. https://doi.org/10.3390/electronics11142181

Ullah, F., Qayyum, S., Thaheem, M. J., Al-Turjman, F., & Sepasgozar, S. M. (2021). Risk management in sustainable smart cities governance: A TOE framework. Technological Forecasting and Social Change, 167, 120743. https://doi.org/10.1016/j.techfore.2021.120743

Utomo, D., Wijaya, M., Suzanna, S., Efendi, E., & Sagala, N. T. M. (2022). Leveraging COBIT 2019 to Implement IT Governance in SME Context: A Case Study of Higher Education in Campus A. CommIT (Communication and Information Technology) Journal, 16(2), 129-141. https://doi.org/10.21512/commit.v16i2.8172

Widharto, P., Suhatman, Z., & Aji, R. F. (2022). Measurement of information technology governance capability level: a case study of PT Bank BBS. TELKOMNIKA (Telecommunication Computing Electronics and Control), 20(2), 296-306. http://doi.org/10.12928/telkomnika.v20i2.21668

Yang, K. (2020). Unprecedented challenges, familiar paradoxes: COVID‐19 and governance in a new normal state of risks. Public Administration Review, 80(4), 657-664. https://doi.org/10.1111/puar.13248

Published
2024-08-31
How to Cite
Hidayat, R. S., Indrajit , R. E., & Dazki , E. (2024). Evaluation of Information Technology Governance Maturity Using COBIT 2019: A Case Study on the IT Security Industry. Journal La Multiapp, 5(4), 478-487. https://doi.org/10.37899/journallamultiapp.v5i4.1514