Measurement of IT Security Governance Capabilities Using COBIT 2019 at Indonesian Business Sector

Abstract

IT governance implementation in companies has occurred in the enterprise sector up to the BUMN scale. As stated in the Regulation of the Minister of Foreign Affairs Number 2 of 2013, Article 2(1) binds the business world. In the corporate sector, there are IT security issues. The measurement process uses the COBIT 2019 framework. The measurements taken will provide an analysis of the capacity level and gaps. Data was collected using quantitative (questionnaire) and qualitative (documentary studies and interviews) methods. The three relevant subdomains to measure are APO12 – Risk Management, APO13 – Managed Security, and DSS05 – Managed Security Services. The results of the capacity measurement show that the APO12 subdomain is at level 2, APO13 is at level 2, and DSS05 is stopped at level 2. These results indicate that there is a gap in the DSS05 subdomain. The results obtained show recommendations for improvement and level increase, especially in the DSS05 subdomain. The enterprise sector needs improvements in endpoint security policies, access policies, and event logs in IT incidents.