COBIT 2019 INFORMATION SECURITY FOCUS AREA IMPLEMENTATION FOR REINSURCO DIGITAL TRANSFORMATION

As information technology (IT) advancement evolves in Indonesia's insurance sector, organizations like ReinsurCo must accelerate their digital transformation (DT) to remain competitively viable. Although DT paves the way for new business models and operational improvements, the implementation often fails due to poor IT governance. Under the supervision of the State-Owned Enterprises Agency (SOE) and the Financial Services Authority (FSA), ReinsurCo must comply with regulations stating that SOEs must independently assess IT maturity to ensure information security. This research utilizes the five stages of Design Science Research (DSR): problem explication, requirement specification, design and development, demonstration, and evaluation. Data was collected through semi-structured interviews and both internal and external document triangulation. The data were then analyzed using the COBIT 2019 Information Security framework, implementing design factors prioritizing information technology governance and management (ITGM) objectives: APO13 Managed Security, DSS05 Managed Security Services, and BAI06 Managed IT Changes. Further analysis and identification were conducted to discover gaps against the seven component capabilities. These identified gaps were mapped into people, process, and technology aspects, which led to the creation of essential improvement recommendations. These recommendations were compiled into an implementation roadmap that can serve as a priority guide for ReinsurCo. This research is expected to provide a knowledge base for prioritizing information security management in supporting DT by implementing the COBIT 2019 Information Security framework. In a practical context, it aids ReinsurCo in controlling its strategic plans to face information security challenges. Furthermore, this study also offers extensive benefits to the insurance industry.