Information technology governance has an important role in regulating the use and utilization of information technology at the X Institusions. Problems in the X Institusions, especially in the management of information technology security. In this research, the process design on COBIT 5 is the DSS05 and APO13 domains that focuses on ensuring the management of information technology security. Based on the capability level assessment for the DSS05 and APO13 domains, the results are still at level 1. Level 1 means that the IT security governance process has been implemented but the documentation process is incomplete. Therefore, IT security audits are needed in managing, directing and evaluating IT resources to create optimization of IT utilization. The target set is level 2, where management carries out processes that have been planned, monitored, and adjusted, as well as the exact products set, controlled and maintained.

Keywords: COBIT 5, IT Governance, Security, Capability 

Tata kelola teknologi informasi memiliki peranan penting dalam mengatur penggunaan dan pemanfaatan teknologi informasi di Instansi X. Permasalahan yang muncul pada Instansi X, terutama pada bagian pengelolaan keamanan teknolgi informasi. Pada penelitian dilakukan perancangan proses pada COBIT 5 yaitu domain DSS05 dan APO13 yang berfokus dalam memastikan pengelolaan keamanan teknologi informasi. Berdasarkan penilaian tingkat kapabilitas untuk domain DSS05 dan APO13, hasilnya masih berada di level 1. Level 1 memiliki arti bahwa proses tata kelola keamanan TI telah dilaksanakan namun proses dokumentasi belum lengkap. Oleh karena itu, perlu adanya audit tata kelola keamanan TI dalam mengelola mengarahkan, dan mengevaluasi sumber daya TI untuk menciptakan optimalisasi pemanfaatan TI. Target yang ditetapkan adalah level 2, dimana manajemen melaksanakan proses yang telah direncanakan, dimonitor, dan disesuaikan, serta produk yang tepat ditetapkan, dikontrol dan dipelihara.

Kata kunci: COBIT 5, Tata Kelola TI, Keamanan, Kapabilitas

C. Juiz, C. Guerrero, and I. Lera, “Implementing Good Governance Principles for the Public Sector in Information Technology Governance Frameworks,” Open Journal of Accounting, vol. 3, no. 1, pp. 9–27, 2014, doi: 10.4236/ojacct.2014.31003.

L. Al Omari, P. H. Barnes, and G. Pitman, “Optimising COBIT 5 for IT Governance : Examples from the Public Sector,” in International Conference on Applied and Theoretical Information Systems Research, 2012, pp. 1–13.

R. Jumardi, “Kajian Kebijakan Keamanan Sistem Informasi Sebagai Bentuk Perlindungan Kerahasiaan Pribadi Karyawan Perusahaan XYZ,” Journal Scientific and Applied Informatics, vol. 1, no. 1, pp. 13–17, 2018, doi: 10.36085/jsai.v1i1.8.

L. N. Amali, “Tata Kelola TI Yang Efektif di Organisasi Pemerintahan Daerah,” in Seminar Nasional Sistem Informasi Indonesia, 2013, pp. 37–43.

ISACA, COBIT 5 Framework. United States of America: ISACA, 2012.

K. Youssfi, J. Boutahar, and S. Elghazi, “A Tool Design of Cobit Roadmap Implementation,” International Journal of Advanced Computer Science and Applications, vol. 5, no. 7, pp. 86–94, 2014, doi: 10.14569/ijacsa.2014.050714.

D. A. O. Turang, D. Y. Ratnasari, and I. Y. Pasa, “Audit Teknologi Informasi Bandung Techno Park Menggunakan Framework COBIT 5 Pada Domain EDM (Evaluate, Direct, And Monitor),” INTEK: Jurnal Informatika dan Teknologi Informasi, vol. 1, no. 2, pp. 11–19, 2018.

ISACA, Enabling Processes. United States of America: ISACA, 2012.

ISACA, COBIT 5: A business framework for Governance and Management of Enterprise IT. United States of America: ISACA, 2012.

ISACA, COBIT 5 for Assurance. United States of America: ISACA, 2012.

A. Pasquini and E. Galiè, “COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process,” in Proceedings of FIKUSZ ’13 Symposium for Young Researchers, 2013, pp. 67–76.

ISO/IEC, Software Engineering-Process Assessment-Part 2: Performing an Assessment. Switzerland: ISO, 2003.

ISACA, COBIT 5 for Risk. United States of America: ISACA, 2013.