Design of e-Government Security Governance

System Using COBIT 2019

(Trial Implementation in Badan XYZ)

Vira Septiyana Kasma* Sarwono Sutikno Kridanto Surendro

Sekolah Teknik Elektro dan Sekolah Teknik Elektro dan Sekolah Teknik Elektro dan
Informatika Informatika Informatika
Institut Teknologi Bandung Institut Teknologi Bandung Institut Teknologi Bandung
Bandung, Indonesia Bandung, Indonesia Bandung, Indonesia
virakasma@students.itb.ac.id Ssarwono@stei.itb.ac.id endro@informatika.org

Abstract—e-Government is needed to actualize clean,
effective, transparent and accountable governance as well as
quality and reliable public services. The implementation of e-
Government is currently constrained because there is no
derivative regulation, one of which is the regulation for e-
Government Security. To answer this need, this study aims to
provide input on performance management and governance
systems for e-Government Security with the hope that the
control design for e-Government Security can be met. The
results of this study are the e-Government Security Governance
System taken from 28 core models of COBIT 2019. The 28 core
models were taken using CSF and risk. Furthermore,
performance management for this governance system consists
of capability and maturity levels which is an extension of the
evaluation process in the e-Government Evaluation Guidelines
issued by the Ministry of PAN & RB. The evaluation of the
design carried out by determining the current condition of
capability and maturity level in Badan XYZ. The result of the
evaluation shows that the design possible to be implemented and
needed.
Keywords—e-Government, COBIT 2019, governance,
management, performance management, information security
I. INTRODUCTION
The implementation of e-Government (also known as
Sistem Pemerintahan Berbasis Elektronik/SPBE) is part of the
governance area of change in of the Bureaucratic Reform
(Reformasi Birokrasi) activities currently being carried out by
the Government of Indonesia. The implementation of e-
Government also supports all areas of change in the
Bureaucracy Reform as a fundamental and comprehensive
effort in the development of the state apparatus that utilizes
technology and information (T&I) so that efficient, effective,
transparent and accountable governance and quality public
services can be realized. Right now, the regulations relating to
e-Government are only regulated in Presidential
Regulation/Perpres of the Republic of Indonesia Number 95
of 2018 about e-Government. The Perpres was established to
improve the integration and efficiency of the electronic-based
government system, governance and management of e-
Government nationally. Before the enactment of the Perpres,
the government (Ministries, Institutions, and Local
Governments) had implemented e-Government individually
according to their respective capacities, and achieved very
varied levels of e-Government progress. This can be seen from
the results of the PeGI (Pemeringkatan e-Government
Indonesian) index conducted by the Ministry of
Communication and Information. The latest PeGI results in
2015 showed that the average achievement in implementing
E-GOVERNMENT at the Central Institution reached an index
value of 2.7 (good), while the Regional Government reached
an index value of 2.5 (less).
The problem is that although governance and management
of E e-Government in general and nationally are already
regulated in Perpres 95 of 2018, there are still many other
regulations that have not been regulated. One thing that has
not yet been regulated in the Perpres is regulation related to e-
Government Security or information security e-Government.
In [1], [2], [3], [4], and [5]it is mentioned that one of the risks
that influence the successful implementation of e-Government
is security factor. Even the survey on [6] states that issues
related to security (and also privacy) are of more concern to
residents than public convenience or access. The absence of
these regulations results in the implementation of e-
Government Security which cannot yet be carried out or if it
is done must be done individually so that the main purpose of
implementing e-Government is not achieved in an integrated
manner. Therefore, making information security policy on e-
Government becomes a crucial thing to do. Before entering
into the various techniques used in information security,
governance and management regulation are needed as a first
step in regulation. These governance and management
regulation can be written into a governance system as
mentioned in [7].
The question that arises is how to design a governance
system for e-Government Security. One of the frameworks
that can be used is to use COBIT 2019. COBIT 2019 is the
most recent framework from ISACA published to renew
COBIT 5. Therefore, this research will use COBIT 2019 to
design an e-Government Security Governance System using
COBIT 2019. This research will also include a step in the
process evaluation model that can be used as a performance
management system.
This paper is organized as follows. In Section II, research
and regulation related to this research will be discussed. In
Section III, we explain the methodology used in this study. We
write down the results of the research in Section IV. The
conclusions of this study are written in Section V, where we
also propose future work from this research.
II. RELATED RESEARCH AND REGULATION
To do this research, we previously looked for settings
related to this research in search engines. In Indonesia, the e-
Government evaluation is carried out using the Regulation of
Minister of Administrative and Bureaucratic
Reform/PermenPAN&RB No. 5 of 2018 about Guidelines for
Evaluating e-Government. This guideline came into force in
2018. Previously the evaluation was carried out using PeGI.
The search terms for PeGI and e-Government Evaluation
Guidelines are included in the search engine. We found the
dimension and points of evaluation in each method, but none
of it included security. It can be assumed that regulation
regarding security have not been regulated until the

978-1-7281-4880-9/19/$31.00 ©2019 IEEE

implementation of the e-Government Evaluation Guideline in
2018.
We narrowed our search on IEEExplore to find related
research. We tried searching with the search term PeGI and
found four related studies. In [8], Sensuse et al. conduct an E-
GOVERNMENT assessment using PeGI at the National
Library. In [9], Jayanti and Sensuse conducted an analysis of
factors inhibiting the implementation of e-Government. Both
of these studies do not relate to making systems or evaluation
methods. Furthermore Palijama et al. in [10] developed a
modified PeGI indicator. Anza et al. in [11] developed an e-
Government maturity framework using COBIT 5. Both of
these studies relate to the development of evaluation methods
even though security related to [10] is only one indicator point
in the Policy dimension, whereas [11] has included
measurement dimensions security. Unfortunately, both of
them still use COBI 5. As for the search term for the e-
Government Evaluation Guideline, no related research was
found.
III. METHODOLOGY
The methodology used to design the e-Government
Security Governance System as a whole uses Design Research
Methodology/ DRM [12] Type 5 as shown in Figure 1. It can
be seen that the determination of the objectives and sorting of
the main COBIT 2019 model is based on the literature.
Whereas the design of the governance system model and the
measurement system model are carried out comprehensively.
Then, at the final stage an evaluation will be carried out by
applying experiments at the locus.
A. Review-Based RC
Research Clarification/RC helps to clarify current
understanding and overall research goals, develop research
plans and provide focus for DS-I. At this stage the following
things are produced:
1. Success Factors. This factor is related to the final goal that
this research wants to contribute. The success factor of this
research is the adequacy of the e-Government Security
Governance System regulation.
2. Measured Success Factors. This factor is a measuring
factor of the Success Factor. The Measured Success Factor
of this research is the availability of input on the e-
Government Security performance management.
Fig. 1. Used DRM structure
3. Key Factors. These factors are influencing factors and
seem to be the most useful factors to overcome in order to
improve the existing situation. The Key Factor for this
research is the regulation of the process; organizational
structure; policy & procedure; information; culture, ethics
& behavior; People, skills & competencies; and services,
infrastructure & applications.
B. Review Based DS-I
Descriptive Study/ DS-I aims to improve understanding of
design and the factors that influence its success by
investigating design phenomena, to inform the development
of the model. Empirical studies conducted at DS-I in this study
were conducted with a literature review. The purpose of this
empirical study has the aim of obtaining Critical Success
Factor/ CSF, risk, regulatory dimensions, and the model of
performance measurement systems used in e-Government
Security. CFS and risk management are needed for the
achievement of e-Government Security objectives. The
security of e-Government based on Perpres 95 of 2018
includes guaranteeing confidentiality, integrity, availability,
authenticity, and nonrepudiation of resources related to data
and information, e-Government Infrastructure, and e-
Government Applications. Overall the activities in the
Security of e-Government are carried out to achieve the goals
of e-Government that have been explained in the Introduction.
Search results at IEEEXplore on May 19, 2019, showed
that at least 21 publications with intervals from 2013-2018
were found in the search terms "e-Government" AND
"success" AND "factor" AND "Indonesia". After exclusion of
publications not related to CSF in e-Government, seven
publications were obtained at the 2014-2018 interval. The
seven publications are [13], [14], [15], [16], [17], [18], and
[19]. Comparing the results in the seven publications and
selecting a CFS that has a frequency higher than four, the CSF
generated for e-Government totaled 43, divided into seven
dimensions, namely:
1. Information, including privacy and security, and
information quality;
2. Technology, including Infrastructure ICT, service
reliability, and system quality;
3. Processes, including business processes reengineering and
continuous improvement;
4. Objective, Values, and Motivation, including clear
guidance, e-Government policy and regulation;
5. Staffing and Skills, including service innovation and skills
and expertise;
6. Management and Structure, including ICT governance and
monitoring and evaluation;
7. Other resources, namely sustainable funding.
For risk, two literatures were found during the search
results in IEEEXplore on 2 May 2019, using "e-Government"
AND "governance" AND "security" as search terms. In [20]
Yingfa and Hong conducted a risk study using the PEST
analysis model. The results of this study are as follows:
1. Politics: political deception and resistance to bureaucratic
change;
2. Economy: lack of capital;
3. Social: lack of citizen participation, digital inequality, and TABLE II. MATURITY LEVELS FOR FOCUS AREAS
the negative effects of internet media; Level Characteristics
0 Incomplete—Work may or may not be completed toward
4. Technology: information security issues and information achieving the purpose of governance and management
innovation issues. objectives in the focus area.
1 Initial—Work is completed, but the full goal and intent of the
Furthermore, Tang and Jia in [21] conducted an e- focus area are not yet achieved.
Government risk study based on a dynamic system. This study 2 Managed—Planning and performance measurement take place,
divides internal and external risks into four categories: although not yet in a standardized way.
3 Defined—Enterprise wide standards provide guidance across
1. technological loopholes, such as virus infections, software the enterprise.
and hardware deficiencies, circuit degradation; 4 Quantitative—The enterprise is data driven, with quantitative
performance improvement.
2. negligence of management, such as lack of security 5 Optimizing—The enterprise is focused on continuous
awareness, operating errors, internal damage; improvement.
3. malicious attacks, such as hacker attacks, dangerous
IV. RESULTS
distortions, information terrorism, information spies;
An example of the results of this system modelling is the
4. sudden events, such as natural disasters, sudden power six components of APO13.01 as listed below. APO13.01 is a
failure, other incidents. part of the process of APO13 which has the objective of
For the measurement system model, the e-Government Managed Security. In APO13 the establishment, operation
Evaluation Guideline in PermenPAN & RB Number 5 of 2018 and monitoring of an information security management
consists of two evaluations. The evaluation is the evaluation system is carried out. The overall purpose of APO13 is to keep
of processes and technical functions. This research will not the impact and incidence of information security incidents at
discuss technical functions and will only focus on evaluating the level of organizational risk appetite.
processes developed based on CMMI. Because CMMI is also A. Process and Information Flow
applied in Performance Management in COBIT 2019, the
capability and maturity level of this system will use the The Process describes a set of practices and activities
capabilities and maturity of COBIT 2019 as listed in Table I organized to achieve certain goals and produces a series of
and Table II. outputs that support the achievement of objectives related to
the overall T&I. The writing process is combined with the
C. Comprehensive PS Information Flow. The Information Flow is spread throughout
Prescriptive Study/ PS aims to develop support the organization and includes all information produced and
systematically, taking into account the results of DS-I and to used by the organization. Both the Governance Activities in
develop models. Based on CSF results and risks from DS-1,
the main COBIT 2019 model that can support the achievement TABLE III. SELECTION RESULTS OF CORE MODEL
of CFS and manage risk is determined. From 40 core models COBIT 2019
No. IT Control for e-Government
of COBIT 2019, 28 core models were obtained and can be Reference
seen in Table III. 1
Ensured Governance Framework Setting and EDM01
Maintenance
D. Initial DS-II 2 Ensured Risk Optimization EDM03
This stage discusses how empirical studies can be used to 3 Ensured Stakeholder Engagement EDM05
4 Managed I&T management framework APO01
evaluate the application and design impact of models that have 5 Managed strategy APO02
been developed at the PS stage. In this research, the model 6 Managed innovation APO04
from Comprehensive PS will implemented in Badan XYZ to 7 Managed budget and costs APO06
evaluate clarity of purpose, possible applicability, 8 Managed human resources APO07
effectiveness and efficiency, and have a clear formulation. 9 Managed relationships APO08
10 Managed service agreements APO09
TABLE I. CAPABILITY LEVELS FOR PROCESSES 11 Managed quality APO11
12 Managed risk APO12
Level Characteristics 13 Managed security APO13
0 1. Lack of any basic capability 14 Managed data APO14
2. Incomplete approach to address governance and 15 Managed solutions identification and build BAI03
management purpose 16 Managed IT changes BAI06
3. May or may not be meeting the intent of any process
Managed IT change acceptance and BAI07
practices 17
transitioning
1 The process more or less achieves its purpose through the
18 Managed projects BAI11
application of an incomplete set of activities that can be
characterized as initial or intuitive—not very organized. 19 Managed operations DSS01
2 The process achieves its purpose through the application of a 20 Managed service requests and incidents DSS02
basic, yet complete, set of activities that can be characterized as 21 Managed problems DSS03
performed 22 Managed continuity DSS04
3 The process achieves its purpose in a much more organized way 23 Managed security services DSS05
using organizational assets. Processes typically are well 24 Managed business process controls DSS06
defined. Managed performance and conformance MEA01
25
4 The process achieves its purpose, is well defined, and its monitoring
performance is (quantitatively) measured. 26 Managed system of internal control MEA02
5 The process achieves its purpose, is well defined, its Managed compliance with external MEA03
27
performance is measured to improve performance and requirements
continuous improvement is pursued. 28 Managed assurance MEA04
the Process and the Output in the Information Flow have both TABLE V. ORGANIZATIONAL STRUCTURES APO13.01
been determined for their capabilities. The Process and Practice

Enterprise Risk
Information Flow of APO13.01 can be seen in Table IV.

Administration

Information
Committee

Manager
Head IT

Security
CISO
B. Organizational Structure

CIO
Organizational Structure is the main decision-making
entity in an organization. Organizational Structure APO13.01
can be seen in Table V. The level of involvement in the APO13.01 R R A R R
Organizational Structure can be divided:
TABLE VI. PEOPLE, SKILLS AND COMPETENCIES APO13
a. Responsible (R). The role of R means the party doing an
activity. Skill Related Guidance (Standards, Detailed
Frameworks, Compliance Reference
b. Accountable (A). Role A has the right to make a "yes" or Requirements)
"no" final decision on an activity, as well as answer the Information Skills Framework for the Information
questions of other parties. security Information Age V6, 2015 security SCTY
Information e-Competence Framework (e- D. Enable—
C. People, Skills and Competencies security CF)—A common European D.1.
strategy Framework for ICT Professionals Information
People, Skills and Competencies are needed to make good development in all industry sectors - Part 1: Security
decisions, implement corrective actions, and successfully Framework, 2016 Strategy
complete all activities. People, skills and competencies of Development
APO13 can be seen in Table VI.
TABLE VII. POLICIES AND PROCEDURES APO13
D. Policy and Procedure
Relevant Policy Related Detailed
Policies and Procedure translate desired behavior into Policy Description Guidance Reference
practical guidelines for day-to-day management. The policies Information Sets behavioral 1.ISO/IEC 1. 5.2 Policy;
and framework of APO13 can be seen in Table VII. security guidelines to 27001:2013/ 2. 5.
and privacy protect corporate Cor .2:2015(E); Information
E. Culture, Ethics and Behavior policy information, 2.ISO/IEC security
Culture, Ethics and Behavior of APO13 can be seen in systems and 27002:2013/ policies;
infrastructure. Cor. 2:2015(E); 3. 3.2
Table VIII. Given that 3.National Awareness
F. Infrastructure and Applications business Institute of and
requirements Standards and training
a. Configuration management tools regarding security Technology (AT-1);
and storage Special 4. 04.01
b. Security and privacy awareness services are more dynamic Publication Information
than I&T risk 800-53, Security
c. Third-party security assessment services management and Revision 5 Policy;
privacy, their (Draft), August 5. SM1.1
TABLE IV. PROCESS AND INFORMATION FLOW APO13.01 governance 2017; Information
should be handled 4.HITRUST CSF Security
Practice APO13.01 Establish and maintain an information separately from version 9, Policy
security management system (ISMS) that of I&T risk September
Description Establish and maintain an information security and privacy. For 2017; (5) ISF,
management system (ISMS) that provides a standard, operational The Standard of
formal and continuous approach to information security efficiency, Good Practice
management, enabling secure technology and business synchronize for Information
processes that are aligned with business requirements. information Security 2016
Capability Activities/BP security policy
2 1) Define the scope and boundaries of the information with I&T risk and
security management system (ISMS) in terms of the privacy policy.
characteristics of the enterprise, the organization, its
location, assets and technology. Include details of, and
justification for, any exclusions from the scope. For the implementation of the e-Government Security
2) Define an ISMS in accordance with enterprise policy
and the context in which the enterprise operates.
Governance System, the 28 core models are not recommended
3) Align the ISMS with the overall enterprise approach to to be applied simultaneously because the resources needed
the management of security. will be too much. For this reason, Focus Areas are needed for
4) Obtain management authorization to implement and grouping. The Focus Area is a specific governance topic,
operate or change the ISMS. domain, or problem that can be addressed by a collection of
5) Prepare and maintain a statement of applicability that key models and their components. For example, the
describes the scope of the ISMS.
6) Define and communicate Information security Information Security Focus Area of this governance system
management roles and responsibilities. consists of EDM01, APO01, APO02, APO04, APO07,
7) Communicate the ISMS approach. APO09, APO11, APO12, APO13, DSS02, DSS05, DSS06,
Information Flow/WP MEA02 and MEA04 obtained from process in APO13.
Input (From) Output (To) Capability
Outside Enterprise APO13.01WP01 APO01.05 2 With regard to performance management, the
COBIT security ISMS scope DSS06.03 implementation of performance measurements is carried out
approach statement using Table IX. In general, the determination of the capability
APO13.01WP02 Internal 2
ISMS policy level is carried out as follows:
 TABLE VIII. CULTURE, ETHICS AND BEHAVIOR APO13.01 identified and the desire for the implementation of the
Key Culture Elements Related Detailed measurement is created by the leader.
Guidance Reference
Establish a culture of security and 1) ISO/IEC 1) 7.3
2. Determine the current conditions. The initial stage for this
privacy awareness that positively 27001:2013/ Awareness; phase is to determine the Focus Area for measurement.
influences desirable behavior and Cor.2:2015(E) 2) Framework
actual implementation of security 2) Creating a to achieve
3. Determine the expected conditions. After the initial
and privacy policy in daily Culture of an process capability level and Focus Area maturity level are
practice. Provide sufficient Security, intentional known in the second phase, in the third phase the target
security and privacy guidance, ISACA, 2011 security process capability level and target Focus Area maturity
indicate security and privacy aware level need to be determined.
champions (including C-level culture (all
executives, leaders in HR, and chapters) 4. Determine the change activities. The change activities in
security and/or privacy this fourth phase are activities that need to be carried out
professionals) and proactively
support and communicate security
to achieve the target level that has been determined in the
and privacy programs, innovations third phase.
and challenges.
5. Carry out change activities. The change activities specified
in phase four will not have an impact if they are not
1. For each process in the list, the intended achievements (N implemented.
/P /L /F) must be determined for each activity at level 2. 6. Assess the conditions after implementing the change
Furthermore, the following is carried out as follows: activities. After the activities in phase five have been
a. If all level 2 activities in each practice have been rated carried out (or can also be carried out periodically within
L or F, this process at least, meets level 2 requirements. a certain period, for example one year), a repeat
measurement of the maturity of the e-Government
b. If any level 2 activities in all process practices have Security capability needs to be done.
been rated N or P, then the evaluation of the need to
achieve the objectives of this process: 7. Follow up on condition assessment. By comparing the
results of the capability level and initial maturity level with
1) If necessary, ability level 1 must be the target for the implementation of the change activities, corrective
the process. steps can be taken.
2) If not, the process can be ruled out (still in level 2). To evaluate the design system, the measurement tools as
2. For each process on the list that has been given level 2 seen in Table IX is given out to six participants appointed in
capability, the desired performance (N/ P/ L/ F) must be Badan XYZ. The scoop of the evaluation design system is
determined for each activity at level 3. Then, the following Information Security Focus Area which consists of 14 core
is done as follows: model. The participant then using the tools to determine the
current conditions of capability and maturity level of Badan
a. If all level 3 activities in each practice have been rated XYZ. The result of the measurement is the capability level for
L or F, the process at least, meets level 3 requirements. all core model is 1 and the maturity level for Information
b. If there are level 3 activities in all process practices that Security Focus Area is 1. And for the evaluation criteria, the
have been rated N or P, then set a level 2 target for the six-participant rate that the purpose of the design model is
process. clear, the design system can be implemented and needed in the
organization. However, the language used in the design model
3. For levels 4 and 5 do the same with step 2 above. is difficult to understand so that additional information must
Achievement (N/ P/ L/ F) is done by weighing the be added or the measurement can be done with assistance.
results obtained in the Consideration column by: V. CONCLUSIONS
1. Not for achievement less than equal to 15%; The research problem raised in this study is how to design
2. Partially for achievements between 15% to 50%; an e-Government Security Governance System. The design
uses COBIT 2019 which is a new framework launched in
3. Largely for achievements between 50% to 85%; 2018. The design of the governance system in this study uses
the Type 5 DRM methodology. From the RC step for setting
4. Fully for achievements of more than 85%.
goals, the Success Factors, Measured Success Factors and Key
Whereas the level of maturity can be determined by taking Factors are obtained. In the DS-I step for understanding, 28
the lowest value of the capability level of the core model in core models out of 40 core models at COBIT 2019 have been
the Focus Area. In terms of the overall governance system selected as part of the e-Government Security Governance
being implemented, the level of maturity can be seen from the System. Then, in the PS step a governance system model has
lowest capability level of the 28 core models used in the e- been created. For each major model in the e-Government
Government Security Governance System. Security Governance System, there are six components,
namely: Process and Information Flow; Organizational
The design system can be implemented through seven structure; People, Skills and Competencies; Policy and
steps: Procedure; Culture, Ethics and Behavior; and Services,
1. Building a commitment to measuring the maturity and Infrastructure and Applications. Modelling the performance
capability of the e-Government Security. In this phase, the measurement system for this Governance system is inherent
main events, conditions, or problems that serve as a in the Process and Information Flow component. In this
stimulus for the implementation of the measurement are component, the level of capability and output of governance
activities has been determined so that it can be easily carried
out to determine the achievements that have or have not been
carried out. For implementation, the Focus Area and type of
level of control can be used to give priority to implementation.
Then, the level of maturity can be taken from the capability
level of the core models within the scope of the Focus Area or
the overall scope of e-Government Security.
From the results mentioned above, the Key Factors on RC
have been included in the established governance system. The
Measured Success Factors submitted to RC have also been
answered by the management of the performance of the
governance system. Because the Measured Success Factor has
been fulfilled, the Success Factor of this research can also be
said to be fulfilled. The next research that can be done is to
design technical regulation for e-Government Security, such
as type of algorithm and key length.
REFERENCE
[1] S. Yingfa dan Y. Hong, “The Risk Study of E-Governance Based on
PEST Analysis Model,” dalam International Conference on E-
Business and E-Government, Guangzhou, Tiongkok, 2010.
[2] X. Wenhua dan Y. Jian, “E-Government and the Change of
Government Management Mode,” dalam International Conference on
E-Business and E-Government, Guangzhou, Tiongkok, 2010.
[3] H. Wang dan J. Hou, “The External and Internal Barriers to E-
Government Implementation,” dalam International Conference on
Management and Service Science, Wuhan, Tiongkok, 2010.
[4] K. Sunassee, T. Vythilingum dan R. K. Sungkur, “Providing improved
services to citizens, a critical review of E-Government facilities,”
dalam 1st International Conference on Next Generation Computing
Applications (NextComp), Mauritius, Mauritius, 2017.
[5] M. Alshehri and S. Drew, "Implementation of e-Government:
Advantages and Challenges," in E-Activity and Leading Technologies
2010, Oviedo, Spanyol, 2010.
[6] M. Moon dan E. Welch, “Same bed, different dreams?: a comparative
analysis of citizen,” dalam 37th Annual Hawaii International
Conference on System Sciences, Big Island, AS, 2004.
[7] ISACA, COBIT 2019 Intoduction and Methodology, Schaumburg:
ISACA, 2018.
[8] D. I. Sensuse, A. Nasbey, Nordianto, R. Dewiyanti, R. Novira and M.
F. Dzulfikar, "PeGI in practice: The e-Government assessment in
National Library of Indonesia," in 5th International Conference on
Cyber and IT Service Management (CITSM), Denpasar, 2017.
[9] J. K. Putri and D. I. Sensuse, "Obstacle Factor Analysis of E-
Government Implementation at the Ministry of Tourism," in
International Conference on Advanced Computer Science and
Information Systems (ICACSIS), Yogyakarta, 2018.
TABLE IX. APO13.01 PERFORMANCE MEASUREMENT SHEET CAPABILITY LEVEL 2
Objective APO13 Managed Security
Achievements 1-Initial
Level Target Component Capability Activity
2-Terkelola Practice
1- Initial APO13.01 2-Managed APO13.01.1
APO13.01.2
APO13.01.3
APO13.01.4
APO13.01.5
APO13.01.6
APO13.01.7
Information
Flow
APO13.01 1- Initial APO13.01.WP01
APO13.01.WP02
[10] F. Palijama, S. Sumpeno dan A. D. Wibawa, “Developing modified
PeGI indicators for e-Government Ranking method,” dalam 1st
International Conference on Information Technology, Information
Systems and Electrical Engineering (ICITISEE), Yogyakarta,
Indonesia, 2016.
[11] F. A. Anza , D. I. Sensuse dan A. Ramadhan, “Developing E-
Government maturity framework based on COBIT 5 and
implementing in city level: Case study Depok city and South
Tangerang city,” dalam 4th International Conference on Electrical
Engineering, Computer Science and Informatics (EECSI),
Yogyakarta, Indonesia, 2017.
[12] L. T. Blessing dan A. Chakrabarti, DRM, a Design Research
Methodology, London: Springer, 2009.
[13] D. Napitupulu dan D. I. Sensuse, “The Critical Success Factors Study
for eGovernment Implementation,” International Journal of
Computer Applications, vol. 89, no. 16, pp. 23-32, 2014.
[14] D. Napitupulu dan D. I. Sensuse, “Validity and reliability study for e-
Government success factors,” dalam International Conference on
Cyber and IT Service Management (CITSM), Tangerang Selatan,
Indonesia, 2014.
[15] D. Napitupulu dan D. I. Sensuse, “Toward maturity model of e-
Government implementation based on success factors,” dalam
International Conference on Advanced Computer Science and
Information System, Jakarta, Indonesia, 2014.
[16] R. Meiyanti, M. Misbah, D. Napitupulu, R. Kunthi, T. I. Nastiti, D. I.
Sensuse dan Y. G. Sucahyo, “Systematic review of critical success
factors of E-Government: Definition and realization,” dalam
International Conference on Sustainable Information Engineering
and Technology (SIET), Malang, Indonesia, 2017.
[17] D. Napitupulu, D. I. Sensuse dan Y. G. Sucahyo, “Critical success
factors of e-Government implementation based on meta-
ethnography,” dalam 5th International Conference on Cyber and IT
Service Management (CITSM), Denpasar, Indonesia, 2017.
[18] G. S. F. Surya dan A. Amalia, “The critical success factors model for
e-Government implementation in Indonesia,” dalam 5th International
Conference on Information and Communication Technology
(ICoIC7), Kota Malaka, Malaysia, 2017.
[19] D. Napitupulu dan D. I. Sensuse, “Sosio-technical factors of E-
Government implementation,” dalam 4th International Conference on
Electrical Engineering, Computer Science and Informatics (EECSI),
Yogyakarta, Indonesia, 2017.
[20] S. Yingfa and Y. Hong, "The Risk Study of E-Governance Based on
PEST Analysis Model," in International Conference on E-Business
and E-Government, Guangzhou, Tiongkok, 2010.
[21] Z. Tang and X. Jia, "E-Government Risks Research Based on System
Dynamics," in International Conference on Wireless
Communications, Networking and Mobile Computing, Shanghai,
Tiongkok, 2007.
[22] ISACA, IT Control Objectives for Sarbanes-Oxley: Using COBIT 5
in the Design and Implementation of Internal Controls Over Financial
Reporting 3rd Edition, Rolling Meadows: ISACA, 2014.
Achievements
Consideration
(N/P/L/F)
L
L
L
L
L
L
L
L
N