Information Technology Governance Analysis to Reduce Information Security Risks Using Cobit 2019: A Case Study of Manufacturing Companies

Abstract

PT Krakatau Steel (Persero) Tbk is a company engaged in the manufacturing industry that utilizes digital transformation to improve efficiency, optimize facilities and assist organizations in making business decisions quickly. However, there are new challenges in implementing digital transformation, namely increasing dependence on information technology (IT) and triggering high potential threats to information security. Therefore, good information technology governance is needed in managing information security. The research method is based on the Control Objectives for Information Technologies (COBIT) framework version 2019 as the best guide in managing information technology governance. The research was conducted in several stages, including data collection through observation of policy documents and interviews with employees of the BEICT (Business Enables & Information Communication Technology) Department who are responsible for managing services and maintaining the company's digital assets. Evaluation of the maturity level was carried out on 8 priority objectives consisting of EDM03, EDM05, APO12, APO13, APO14, BAI09, DSS05, and MEA04 based on design factor assessment. The results of the analysis of selected domain activities, the IT governance maturity level was at 2.56 (managed level). Indicates that the organization has managed and implemented information security activities, but some activities do not yet have written policies or procedures. With recommendations in the form of proposed improvements to the aspects of people, processes and technology, it is hoped that it can increase the level of maturity of IT governance in reducing information security risks and supporting digital transformation programs.