Model Tata Kelola BOD-SIGMA" (Board of Directors - Strategic Integration Governance pada Cyber Security)

Authors

  • Anwar Fattah uniba

DOI:

https://doi.org/10.36277/jteuniba.v10i2.1344

Keywords:

IT Cyber Security, IT Governance, COBIT, ISO 27001

Abstract

Transformasi digital telah menggeser risiko organisasi dari dominasi risiko operasional menuju risiko digital dan siber yang bersifat strategis. Meskipun kerangka tata kelola TI seperti COBIT dan standar keamanan informasi ISO/IEC 27000 banyak diadopsi, keduanya umumnya dijalankan secara paralel tanpa integrasi struktural yang eksplisit pada level dewan direksi. Kondisi ini menciptakan kesenjangan tata kelola (governance gap), di mana keamanan siber sering diperlakukan sebagai isu teknis atau kepatuhan, bukan sebagai risiko strategis yang berada dalam mandat fiduciary dewan. Metode penelitian menggunakan pendekatan kualitatif eksploratif melalui analisis literatur terintegrasi dan validasi pada lingkungan korporasi untuk menguji koherensi konseptual serta relevansi praktis model. Hasil penelitian menghasilkan model BOD-SIGMA (Board-Orchestrated Digital Security Governance and Integration Model Architecture), yang menempatkan dewan direksi sebagai titik integrasi antara prinsip evaluate–direct–monitor dalam COBIT dan mekanisme governance–risk–control dalam ISO/IEC 27014/27001. Model ini mengoperasionalkan integrasi melalui empat mekanisme utama: pemetaan dual-framework pada level strategis, struktur pelaporan terpadu CIO–CISO, siklus perencanaan dan risk appetite terintegrasi, serta dashboard kinerja siber–TI berbasis metrik integratif. Temuan menunjukkan bahwa keterlibatan aktif dewan dalam orkestrasi risiko digital berkorelasi dengan peningkatan konsistensi pengambilan keputusan strategis, transparansi akuntabilitas, dan kematangan tata kelola TI–keamanan. Studi ini menyimpulkan bahwa tata kelola siber yang efektif memerlukan integrasi sistemik antara kerangka tata kelola TI, standar keamanan informasi, dan perspektif tata kelola korporat berbasis stakeholder, dengan dewan direksi sebagai aktor sentral dalam menjembatani domain strategis dan operasional di era risiko digital yang kompleks dan dinamis.

Downloads

Download data is not yet available.

References

C. Ebert, A. Vizcaino, and A. Manjavacas, “IT governance,” IEEE Softw., 2020, [Online]. Available: https://ieeexplore.ieee.org/abstract/document/9238656/

J. Lenong, “State Cybersecurity Governance in the Fourth Industrial Revolution: An International Law Perspective,” … Fourth Ind. Revolut. Technol. Soc. …, 2020, doi: 10.1007/978-3-030-48230-5_4.

S. Héroux and A. Fortin, “Board of directors’ attributes and aspects of cybersecurity disclosure,” J. Manag. Gov., 2022, doi: 10.1007/s10997-022-09660-7.

ITGI, Board Briefing on IT Governance. 2003.

R. Nolan and F. W. McFarlan, “Information technology and the board of directors,” 2005.

Y. Maleh and Y. Maleh, “Understanding Cybersecurity Standards,” Cybersecurity in Morocco, 2022, doi: 10.1007/978-3-031-18475-8_2.

F. R. Bechara and S. B. Schuch, “Cybersecurity and global regulatory challenges,” J. Financ. Crime, 2021, doi: 10.1108/JFC-07-2020-0149.

M. H. Suwito, S. Matsumoto, J. Kawamoto, D. Gollmann, and K. Sakurai, “An analysis of IT assessment security maturity in higher education institution,” in Lecture Notes in Electrical Engineering, 2016. doi: 10.1007/978-981-10-0557-2_69.

M. Spremić, “IT governance mechanisms in managing IT business value,” WSEAS Trans. Inf. Sci. Appl., 2009.

ISO; IEC, “Corporate governance of information technology (ISO/IEC 38500:2008(E)),” 2008.

D. Sulistyowati, F. Handayani, and Y. Suryanto, “Comparative analysis and design of cybersecurity maturity assessment methodology using nist csf, cobit, iso/iec 27002 and pci dss,” JOIV Int. J. …, 2020, [Online]. Available: http://joiv.org/index.php/joiv/article/view/482

G. J. Selig, “Implementing IT Governance A Practical Guide to Global Best Practices in IT Management,” Van Haren Publ., 2008.

S. Ali and P. Green, “Effective information technology governance mechanisms in public sectors: An Australian case,” in PACIS 2006 - 10th Pacific Asia Conference on Information Systems: ICT and Innovation Economy, 2006. [14] P. Weil and J. W. Ross, “IT Governance : How Top Performers Manage IT,” Int. J. Eletronic Gov. Res., 2005, doi: 10.2139/ssrn.664612.

R. Kerkdijk, S. Tesink, F. Fransen, and F. Falconieri, “Evidence-Based Prioritization of Cybersecurity Threats,” 2021, isaca.org. [Online]. Available: https://www.isaca.org/resources/isaca-journal/issues/2021/volume-6/evidence-based-prioritization-of-cybersecurity-threats

N. Shariffuddin and A. Mohamed, “IT Security and IT Governance Alignment: A Review,” … 3rd Int. Conf. …, 2020, doi: 10.1145/3386723.3387843.

M. B. Rahman, T. Karim, and I. U. Chowdhury, “Role of Boards in Cybersecurity Risk Profiling: The Case of Bangladeshi Commercial Banks,” 2021. [Online]. Available: https://www.academia.edu/download/78532978/5-Role-of-Boards-in-Cyber-Security.pdf

T. P. Liang, Y. C. Chiu, S. P. J. Wu, and D. Straub, “The impact of IT governance on organizational performance,” in 17th Americas Conference on Information Systems 2011, AMCIS 2011, 2011.

N. Lankton, J. B. Price, and M. Karim, “Cybersecurity breaches and the role of information technology governance in audit committee charters,” J. Inf. …, 2021, [Online]. Available: https://publications.aaahq.org/jis/article-abstract/35/1/101/945

IT Governance Institute, Board Briefing on IT Governance. 2003.

S. De Haes and W. Van Grembergen, “IT Governance and its Mechanisms,” Inf. Syst. Control J., 2004, doi: citeulike-article-id:9755150.

M. C. Jensen and W. H. Meckling, “Theory of the firm: Managerial behavior, agency costs and ownership structure,” J. financ. econ., 1976, doi: 10.1016/0304-405X(76)90026-X.

S. Kotcharin, S. Eldridge, and J. Freeman, “Investigating the relationships between internal integration and external integration and their impact on combinative competitive capabilities,” no. January 2016, pp. 1–12, 2010.

Z. Zulkifli, N. A. Molok, N. Z. binti A. Rahim, and S. Talib, Cyber Security Awareness Among Secondary School Students in Malaysia. 2020.

H. F. Al-Turkistani, S. Aldobaian, and ..., “Enterprise architecture frameworks assessment: Capabilities, cyber security and resiliency review,” 2021 1st Int. …, 2021, [Online]. Available: https://ieeexplore.ieee.org/abstract/document/9425343/

University of Technology Sydney, “Board Cybersecurity Governance Framewor,” University of Technology Sydney. {27] Board-Level Cybersecurity Governance Models, “No Title,” 2025.

ISACA, “Five Lines of Accountability: Extending the Three Lines Model,” vol. 1, 2024.

CISA, “Cybersecurity Governance Principles for Boards,” 2925.

C. Marnewick and L. Labuschagne, “An investigation into the governance of information technology projects in South Africa,” Int. J. Proj. Manag., 2011, doi: 10.1016/j.ijproman.2010.07.004.

W. van Grembergen and S. de Haes, “COBIT as a Framework for Enterprise Governance of IT,” Enterp. Gov. Inf.

Downloads

Published

2026-04-30

Issue

Vol. 10 No. 2 (2026): JTE UNIBA (Jurnal Teknik Elektro Uniba)

Section

Articles

License

Copyright (c) 2026 Anwar Fattah

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.