Evaluation of Governance in Information Systems Security to Minimize Information Technology Risks

Abstract

Information system security within XYZ University constitutes a vital component of its IT framework, exerting significant influence over security levels across all facets of the information systems. Among the numerous implemented information system services at the university, a considerable portion lacks active security measures within operational systems. In pursuit of achieving uniform governance, this study adopts the most recent COBIT 2019 framework. The primary objective of this research is to evaluate the degree to which current information system security management aligns with the process achievement values stipulated in the COBIT 2019 standard. This evaluation entails the calculation of maturity level values that gauge performance levels in managing information system security. Findings from the COBIT 2019 Design assessment conducted at XYZ University's LTIK reveal that individuals scoring above 80 or those requiring Capability Level 4 include APO12 and BAI10. Moreover, the calculation outcomes for each subdomain reveal the presence of 2 subdomains at Level 4, 4 subdomains at Level 3, 15 subdomains at Level 2, and 19 subdomains at Level 1. The identification outcomes underscore the existence of gaps within each domain. Particularly, the APO12 and BAI10 domains exhibit a gap spanning 2 levels.