Implementation of APO12, APO13 and DSS05 Sub-Domains in COBIT 2019 to Improve Information System Security at LAZIS Sabilillah Malang

Abstract

The rapid digital transformation requires non-profit organizations such as LAZIS Sabilillah Malang to adopt a robust information security system. A ransomware attack in 2022 exposed the vulnerabilities in their current governance practices. This research aims to enhance the organization’s information security by implementing APO12 (Managed Risk), APO13 (Managed Security), and DSS05 (Managed Security Services) sub-domains from the COBIT 2019 framework. A qualitative case study method was used, supported by descriptive analysis through interviews, observations, and questionnaires using a Likert scale distributed to four key informants. The results indicate that most sub-domains have not yet reached the target capability level, with an average gap of one level below the standard. This study delivers a set of Standard Operating Procedures (SOPs) as practical references and a prioritized roadmap for improvement based on urgency and feasibility.