Sistemasi: Jurnal Sistem Informasi (Sep 2024)
Risk Management Analysis of PT XYZ Using COBIT 2019 with Domain EDM03, APO12, APO13, and DSS05
Abstract
Technology that continues to develop indirectly forces people to adapt to these developments. The vital role of technology is becoming increasingly felt during the COVID-19 pandemic when all world activities are paralyzed and only allowed to communicate online. However, the enormous benefits of technology are also directly proportional to the risks that may occur. Therefore, IT Risk Management is needed to mitigate potential sources of threat. This research aims to analyze IT risk management by measuring the level of capability, gap analysis, and providing recommendations for improvement using the COBIT 2019 framework to support PT XYZ's work performance and IT security. Researchers used qualitative methods with data collection techniques through observation, interviews, and questionnaires. The results showed that the risk management domain that was the research focus EDM03, APO12, APO13, and DSS05 had a gap between the expected capabilities and what was happening in the company. Therefore, improvement recommendations are needed, such as determining the level of IT risk and socializing it with stakeholders, recording IT risk events, building an Information Security Management System (ISMS), implementing a network filtering mechanism, and regularly evaluating information about potential new threats by reviewing product security and vendor or third-party services.