<![CDATA[Information security is a crucial aspect of information technology management, especially in government institutions such as the Department of Communication and Informatics (DISKOMINFO), which often faces challenges such as cyberattacks, lack of formal documentation, and limited resources in managing risks and securing data. These challenges hinder the organization’s ability to protect sensitive information and maintain public trust. This study evaluates the maturity level of information security governance at DISKOMINFO of Sampang Regency using the COBIT 5 framework, focusing on three domains: APO12 (Manage Risk), APO13 (Manage Security), and DSS05 (Manage Security Services). The method used is a case study with a descriptive qualitative approach through interviews and documentation. The results show that all three processes are at Level 1 (Performed Process), with 40.34% in the Partially Achieved category for APO12, 84.60% in the Largely Achieved category for APO13, and 57.23% in the Largely Achieved category for DSS05, where processes are carried out but not formally documented or standardized. There is a lack of monitoring and continuous improvement, making the governance reactive rather than proactive. Improvements are needed through development of policies, formal procedures, and more organized, sustainable security controls. Increasing employee awareness and allocating resources for information security are also critical. This research provides novelty by evaluating three COBIT 5 domains (APO12, APO13, DSS05) in a local government context, which has rarely been done. The findings offer a comprehensive maturity mapping as a strategic reference for improving information security governance in local government institutions.]]>
