Integrating COBIT 2019 and ISO/IEC 27001 for Strengthening IT Governance and Information Security

Authors

  • Hendry Universitas Pembangunan Panca Budi Author
  • Muhammad Noor Hasan Siregar Universitas Graha Nusantara Author
  • Deni Apriadi Institut Teknologi Muhammadiyah Sumatera Author
  • Alfiarini STMIK Bina Nusantara Jaya Lubuklinggau Author
  • Nuranisah Universitas Battuta Author

DOI:

https://doi.org/10.64803/cessmuds.v1.40
   

Keywords:

COBIT 2019, ISO/IEC 27001, IT Governance, Information Security Management, Framework Integration, Risk Managemen, Compliance

Abstract

This study aims to develop and evaluate an integrated framework combining COBIT 2019 and ISO/IEC 27001 to enhance IT governance and information security management. Using a qualitative-descriptive approach, the research involved document analysis, expert interviews, and a case-based validation within a government institution. The integration process consisted of three phases: mapping, harmonization, and synthesis, which resulted in the development of the Integrated IT Governance and Security Framework (IGSF). The findings reveal a high degree of alignment between COBIT 2019’s governance domains and ISO/IEC 27001’s security control structures, forming a unified model that strengthens strategic alignment, risk management, and compliance. Expert validation confirmed that the IGSF facilitates better communication between governance and security teams, reduces redundancy, and enhances operational efficiency. The practical case study demonstrated improved coordination, documentation, and audit readiness following implementation. This study contributes to IT governance and information security literature by presenting a structured, adaptable framework that organizations can adopt to achieve both governance excellence and security resilience. The results also suggest potential for future quantitative evaluation to measure the impact of this integration on organizational performance and compliance outcomes.

References

Adebola Folorunso, Ifeoluwa Wada, Bunmi Samuel, & Viqaruddin Mohammed. (2024). Security compliance and its implication for cybersecurity. World Journal of Advanced Research and Reviews, 24(1), 2105–2121. https://doi.org/10.30574/wjarr.2024.24.1.3170

Ayat, M., & Shafiee, S. (2025). Developing a comprehensive IT governance framework for Iranian hospitals: a fuzzy Delphi approach. International Journal of Health Governance, 1–12.

Basiru, J. O., Ejiofor, C. L., Onukwulu, E. C., & Attah, R. U. (2023). Optimizing Administrative Operations: A Conceptual Framework for Strategic Resource Management in Corporate Settings. International Journal of Multidisciplinary Research and Growth Evaluation, 4(1), 760–773. https://doi.org/10.54660/.ijmrge.2023.4.1.760-773

Delaila, S. A., & Zondi, S. (2025). The Governance-Security-Development Nexus: Rethinking African Structures for Transformative Change. Journal of African Innovation and Advanced Studies. https://doi.org/10.70382/ajaias.v8i2.040

Dharmananda, M., Defalla, B. M. A., Purohit, N., Singh, S. K., Joseph, B., Mohanadasan, T., Mittal, M., & Vyas, P. (2024). Strategic integration: Exploring the intersection of technology, finance, and management in today’s business environment. Journal of Infrastructure, Policy and Development, 8(8), 4871. https://doi.org/10.24294/jipd.v8i8.4871

Fähndrich, J. (2023). A literature review on the impact of digitalisation on management control. Journal of Management Control, 34(1), 9–65. https://doi.org/10.1007/s00187-022-00349-4

Hariyanto, E., Wahyuni, S., Akmal, R., & Tauhid, B. (2023). Designing An Attendance Application With A Web-Based Face Camera. International Journal Of Computer Sciences and Mathematics Engineering, 2(2), 241–247.

Hermansyah, H., Wijaya, R. F., & Utomo, R. B. (2023). Metode Waterfall Dalam Rancang Bangun Sistem Informasi Manajemen Kegiatan Masjid Berbasis Web. KLIK: Kajian Ilmiah Informatika Dan Komputer, 3(5), 563–571.

Huda, M. (2024). Trust as a key element for quality communication and information management: insights into developing safe cyber-organisational sustainability. International Journal of Organizational Analysis, 32(8), 1539–1558. https://doi.org/10.1108/IJOA-12-2022-3532

Leego, S., & Bider, I. (2023). Improving IT Governance, Security and Privacy Using Fractal Enterprise Modeling: A Case of a Highly Regulated Company. Lecture Notes in Business Information Processing, 493 LNBIP, 199–213. https://doi.org/10.1007/978-3-031-43126-5_15

Melaku, H. M. (2023). A Dynamic and Adaptive Cybersecurity Governance Framework. Journal of Cybersecurity and Privacy, 3(3), 327–350. https://doi.org/10.3390/jcp3030017

Olaniyi, O. O., Olaoye, O. O., & Okunleye, O. J. (2023). Effects of Information Governance (IG) on Profitability in the Nigerian Banking Sector. Asian Journal of Economics, Business and Accounting, 23(18), 22–35. https://doi.org/10.9734/ajeba/2023/v23i181055

Polisetty, A., Chakraborty, D., G, S., Kar, A. K., & Pahari, S. (2024). What Determines AI Adoption in Companies? Mixed-Method Evidence. Journal of Computer Information Systems, 64(3), 370–387. https://doi.org/10.1080/08874417.2023.2219668

Rizal, C., Supiyandi, S., Zen, M., & Eka, M. (2022). Perancangan Server Kantor Desa Tomuan Holbung Berbasis Client Server. Bulletin of Information Technology (BIT), 3(1), 27–33.

Rodríguez-Mejías, S., Degli-Esposti, S., González-García, S., & Parra-Calderón, C. L. (2024). Toward the European Health Data Space: The IMPaCT-Data secure infrastructure for EHR-based precision medicine research. Journal of Biomedical Informatics, 156, 104670. https://doi.org/10.1016/j.jbi.2024.104670

Saeed, S., Altamimi, S. A., Alkayyal, N. A., Alshehri, E., & Alabbad, D. A. (2023). Digital Transformation and Cybersecurity Challenges for Businesses Resilience: Issues and Recommendations. Sensors, 23(15), 6666. https://doi.org/10.3390/s23156666

Sholeh, M. B., & Pramudya, N. D. (2025). Comparative Study of Information System Governance Frameworks: Foundations for IT Risk Management Using COBIT 2019 and ITIL. Jurnal Transformatika, 22(2), 73–80. https://doi.org/10.26623/fh0vee39

Sitorus, Z., Hariyanto, E., & Kurniawan, F. (2022). Desain Sitem Edukasi Rumah Baca Berbasis Resource Sharing Dengan Model Web Based Learning Di Desa Lau Gumba Kabupaten Karo. Bulletin of Information Technology (BIT), 3(1), 56–59.

Supiyandi, S., Zen, M., Rizal, C., & Eka, M. (2022). Perancangan Sistem Informasi Desa Tomuan Holbung Menggunakan Metode Waterfall. JURIKOM (Jurnal Riset Komputer), 9(2), 274–280.

Udoh, O. R. (2024). Enhancing Internal Audit Efficiency for Effective Risk Management and Corporate Governance Frameworks. International Journal of Research Publication and Reviews, 5(12), 3646–3659. https://doi.org/10.55248/gengpi.5.1224.250122

Downloads

Published

2025-11-03

Issue

Vol. 1 (2025)

Section

Articles

License

Copyright (c) 2025 Hendry, Muhammad Noor Hasan Siregar, Deni Apriadi, Alfiarini, Nuranisah (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

How to Cite

Integrating COBIT 2019 and ISO/IEC 27001 for Strengthening IT Governance and Information Security. (2025). Proceedings of The International Conference on Computer Science, Engineering, Social Science, and Multi-Disciplinary Studies, 1, 225-231. https://doi.org/10.64803/cessmuds.v1.40