Evaluation of Governance in Information Systems Security to Minimize Information Technology Risks
Abstract views: 166
,
PDF downloads: 123
Abstract
Information system security within XYZ University constitutes a vital component of its IT framework, exerting significant influence over security levels across all facets of the information systems. Among the numerous implemented information system services at the university, a considerable portion lacks active security measures within operational systems. In pursuit of achieving uniform governance, this study adopts the most recent COBIT 2019 framework. The primary objective of this research is to evaluate the degree to which current information system security management aligns with the process achievement values stipulated in the COBIT 2019 standard. This evaluation entails the calculation of maturity level values that gauge performance levels in managing information system security. Findings from the COBIT 2019 Design assessment conducted at XYZ University's LTIK reveal that individuals scoring above 80 or those requiring Capability Level 4 include APO12 and BAI10. Moreover, the calculation outcomes for each subdomain reveal the presence of 2 subdomains at Level 4, 4 subdomains at Level 3, 15 subdomains at Level 2, and 19 subdomains at Level 1. The identification outcomes underscore the existence of gaps within each domain. Particularly, the APO12 and BAI10 domains exhibit a gap spanning 2 levels.
Downloads
References
M. R. Asghar, Q. Hu, and S. Zeadally, “Cybersecurity in industrial control systems: Issues, technologies, and challenges,” Computer Networks, vol. 165, Dec. 2019, doi: 10.1016/j.comnet.2019.106946.
I. Lee, “Cybersecurity: Risk management framework and investment cost analysis,” Bus Horiz, vol. 64, no. 5, pp. 659–671, Sep. 2021, doi: 10.1016/j.bushor.2021.02.022.
I. G. N. Mantra, M. S. Hartawan, H. Saragih, and A. A. Rahman, “Web vulnerability assessment and maturity model analysis on Indonesia higher education,” in Procedia Computer Science, Elsevier B.V., 2019, pp. 1165–1172. doi: 10.1016/j.procs.2019.11.229.
R. M. Tawafak, A. Romli, S. I. Malik, and M. Shakir, “IT Governance Impact on Academic Performance Development,” International Journal of Emerging Technologies in Learning, vol. 15, no. 18, pp. 73–85, 2020, doi: 10.3991/ijet.v15i18.15367.
S. Fernandez, M. Imanullah, M. Y. Fathoni, and P. Pahrizal, “Utilization of the COBIT 2019 framework to identify the level of governance in internet services,” JURNAL INFOTEL, vol. 14, no. 3, pp. 188–195, Aug. 2022, doi: 10.20895/infotel.v14i3.791.
A. Irsheid, A. Murad, M. Alnajdawi, and A. Qusef, “Information security risk management models for cloud hosted systems: A comparative study,” in Procedia Computer Science, Elsevier B.V., 2022, pp. 205–217. doi: 10.1016/j.procs.2022.08.025.
G. Breda and M. Kiss, “Overview of information security standards in the field of special protected industry 4.0 areas & industrial security,” in Procedia Manufacturing, Elsevier B.V., 2020, pp. 580–590. doi: 10.1016/j.promfg.2020.03.084.
D. Sulistyowati, F. Handayani, and Y. Suryanto, “Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS,” International Journal On Informatics Visualization, vol. 4, no. 2, 2020.
L. Ramadani, B. Maulidya Izzati, and Y. Mayagita Tarigan, “Managing Information Technology Risks to Achieve Business Goals: A Case of Pharmaceutical Company,” International Journal On Informatics Visualization, vol. 7, no. 2, pp. 345–355, 2023, [Online]. Available: www.joiv.org/index.php/joiv
M. Ikhsan, A. P. Widodo, and K. Adi, “Systematic Literature Review on Corporate Information Technology Governance in Indonesia using Cobit 2019,” Prisma Sains : Jurnal Pengkajian Ilmu dan Pembelajaran Matematika dan IPA IKIP Mataram, vol. 9, no. 2, p. 354, Dec. 2021, doi: 10.33394/j-ps.v9i2.4370.
E. Amore, T. Dilger, C. Ploder, R. Bernsteiner, and M. Mezzenzana, “Leverage the COBIT 2019 Design Toolkit in an SME Context: A Multiple Case Study,” KnE Social Sciences, Feb. 2023, doi: 10.18502/kss.v8i1.12636.
L. Jaime and J. Barata, “How can FLOSS Support COBIT 2019? Coverage Analysis and a Conceptual Framework,” Procedia Comput Sci, vol. 219, pp. 680–687, 2023, doi: 10.1016/j.procs.2023.01.339.
R. Hanafi, M. Munir, S. Suwatno, and C. Furqon, “Identification of IT Governance and Management Objectives and Target Process Capability Level in Government Institution,” INTENSIF: Jurnal Ilmiah Penelitian dan Penerapan Teknologi Sistem Informasi, vol. 7, no. 2, pp. 290–308, Aug. 2023, doi: 10.29407/intensif.v7i2.20108.
A. Ishlahuddin, P. W. Handayani, K. Hammi, and F. Azzahro, “Analysing IT Governance Maturity Level using COBIT 2019 Framework: A Case Study of Small Size Higher Education Institute (XYZ-edu),” in 2020 3rd International Conference on Computer and Informatics Engineering, IC2IE 2020, Institute of Electrical and Electronics Engineers Inc., Sep. 2020, pp. 236–241. doi: 10.1109/IC2IE50715.2020.9274599.
A. Gerl, M. Von Der Heyde, R. Groß, R. Seck, and L. Watkowski, “Applying COBIT 2019 to IT Governance in Higher Education,” INFORMATIK, 2020.
G. Bagus, R. Francolla, G. Rihart Mandoya, M. D. Walangitan, and E. Lompoliu, “Information Technology Governance Audit Using The COBIT 2019 Framework at XYZ Institution,” DESEMBER 2022 Cogito Smart Journal |, vol. 8, no. 2, 2022.
M. Yasin, A. Akhmad Arman, I. J. M. Edward, and W. Shalannanda, “Designing information security governance recommendations and roadmap using COBIT 2019 Framework and ISO 27001:2013 (Case Study Ditreskrimsus Polda XYZ),” in Proceeding of 14th International Conference on Telecommunication Systems, Services, and Applications, TSSA 2020, Institute of Electrical and Electronics Engineers Inc., Nov. 2020. doi: 10.1109/TSSA51342.2020.9310875.
S. Slapničar, T. Vuko, M. Čular, and M. Drašček, “Effectiveness of cybersecurity audit,” International Journal of Accounting Information Systems, vol. 44, Mar. 2022, doi: 10.1016/j.accinf.2021.100548.
S. Lee, F. J. Costello, and K. C. Lee, “Hierarchical balanced scorecard-based organizational goals and the efficiency of controls processes,” J Bus Res, vol. 132, pp. 270–288, Aug. 2021, doi: 10.1016/j.jbusres.2021.04.038.
M. Malatji, A. Marnewick, and S. von Solms, “Validation of a socio-technical management process for optimising cybersecurity practices,” Comput Secur, vol. 95, Aug. 2020, doi: 10.1016/j.cose.2020.101846.
A. Mukhopadhyay and S. Jain, “A framework for cyber-risk insurance against ransomware: A mixed-method approach,” Int J Inf Manage, vol. 74, Feb. 2024, doi: 10.1016/j.ijinfomgt.2023.102724.
A. Irhandayaningsih, “Performance Measurement of Information Technology Governance in the Library of Diponegoro University Using COBIT Assessment Framework,” in E3S Web of Conferences, EDP Sciences, Nov. 2020. doi: 10.1051/e3sconf/202020215001.
H. Yubo, “IT Risk Control for Internet Finance Based on COBIT,” in Proceedings - 2020 International Conference on Big Data and Artificial Intelligence and Software Engineering, ICBASE 2020, Institute of Electrical and Electronics Engineers Inc., Oct. 2020, pp. 275–278. doi: 10.1109/ICBASE51474.2020.00064.
Rini Audia and B. Sugiantoro, “Evaluation and Implementation of IT Governance Using the 2019 COBIT Framework at the Department of Food Security, Agriculture and Fisheries of Balangan Regency,” IJID (International Journal on Informatics for Development), vol. 11, no. 1, pp. 152–161, Aug. 2022, doi: 10.14421/ijid.2022.3381.
F. Ajismanto and S. Surahmat, “Information Technology Governance Analysis Of Stmik Palcomtech In The New Normal Era Using Cobit 2019 Method,” Journal of Computer Networks, Architecture and High Performance Computing, vol. 3, no. 2, pp. 263–272, Nov. 2021, doi: 10.47709/cnahpc.v3i2.1097.
G. Toaza, C. Montenegro, and C. Salazar, “Designing an I&T Governance System in the Context of Strategic Public Sector Based on COBIT 2019 Framework. Case Study in a Developing Country,” in ACM International Conference Proceeding Series, Association for Computing Machinery, Aug. 2022, pp. 401–406. doi: 10.1145/3564858.3564920.
D. Henriques, R. Almeida, R. Pereira, M. M. da Silva, and I. S. Bianchi, “How IT governance can assist iot project implementation,” International Journal of Information Systems and Project Management, vol. 8, no. 3, pp. 25–45, 2020, doi: 10.12821/ijispm080302.
R. Adhitya Nugraha and R. Syaidah, “Smart Campus Governance Design for XYZ Polytechnic Based on COBIT 2019,” International Journal On Informatics Visualization, 2022, [Online]. Available: www.joiv.org/index.php/joiv
A. Safitri, I. Syafii, and K. Adi, “Measuring the Performance of Information System Governance using Framework COBIT 2019,” Int J Comput Appl, vol. 174, no. 31, pp. 23–30, Apr. 2021, doi: 10.5120/ijca2021921253.
D. Utomo, M. Wijaya, and N. Tri Maretta Sagala, “Leveraging COBIT 2019 to Implement IT Governance in SME Context: A Case Study of Higher Education in Campus A,” 2022.
M. Lestari, A. Iriani, and H. Hendry, “Information Technology Governance Design in DevOps-Based E-Marketplace Companies Using COBIT 2019 Framework,” INTENSIF: Jurnal Ilmiah Penelitian dan Penerapan Teknologi Sistem Informasi, vol. 6, no. 2, pp. 233–252, Aug. 2022, doi: 10.29407/intensif.v6i2.18104.
M. M. Alratrout, B. A. Thani, N. Taleb, and R. Said, “The Challenges of Compliance it Governance Frameworks in the UAE,” International Journal of Emerging Multidisciplinaries, 2022, doi: 10.54938/ijemdcsai.2022.01.2.140.
H. Nurcahya, E. Setiawan, and B. Permana, “Information Technology Governance Audit Using COBIT Framework 2019 (Case Study: Mandiri University),” Budapest International Research and Critics Institute-Journal (BIRCI-Journal), 2022, doi: 10.33258/birci.v5i1.4566.
J. Grabis et al., “The Information System Security Governance Tasks in Small and Medium Enterprises,” 2020.
S. Samsinar and R. Sinaga, “Information Technology Governance Audit at XYZ College Using COBIT Framework 2019,” Berkala Sainstek, vol. 10, no. 2, p. 58, Jun. 2022, doi: 10.19184/bst.v10i2.30325.
V. Kasma Septiyana, S. Sutikno, and K. Surendro, “Design of e-Government Security Governance System Using COBIT 2019,” in International Conference on ICT for Smart Society (ICISS), International Conference on ICT for Smart Society (ICISS), 2019.
Copyright (c) 2024 Yulia Darmi, Sandhy Fernandez, M Yoka Fathoni, Sena Wijayanto
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
1. Copyright on any article is retained by the author(s).
2. The author grants the journal, right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work’s authorship and initial publication in this journal.
3. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal’s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
4. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
5. The article and any associated published material is distributed under the Creative Commons Attribution-ShareAlike 4.0 International License
