• Maturity Assessment on the Dimensions of IT-Security • Gap Analysis and Definition of Roadmap and Associated Action Plan • Security Operation Center • Threat Intellegence • Brand Protection • Security Governance • Awareness and Training • Data Security, Account and Access Management • End Point Security • Application Security • Network Security • Perimeter Security • Computer Security Incident Response Team (CSIRT) • IT Recovery Orchestration • Strategic Post-CyberAttack Analysis Identification Protection Detection Response Recovery BRI has a cyber security policy that regulates information security bank-wide. The cyber security policy is prepared based on the international standard of ISO27001: 2013, PCI DSS, and POJK No.38/POJK.03/2016 concerning the Application of Risk Management in the Use of Information Technology by Commercial Banks. The following is the response flow to disruptions, vulnerabilities and attacks on BRI services in the Computer Security Incident Response Team (CSIRT) at BRI, starting from pre-incident planning to post-incident evaluation and reporting. Plan & Prepare Detection & Reporting Mitigation Containment Eradication Recovery Communication Response Pasca Insiden Pra Incident Monitoring Report & Evolution 1 2 3 4 To ensure the security of the BRI system, security aspects must be included in every application development process (Software Development Life Cycle - SDLC) both at the design, development, and system/application testing stages. Based on the SDLC, the BRI released system/application will be checked for security quality starting from the plan or planning stage, code & build, testing, to the deployment and operational stages. PT Bank Rakyat Indonesia (Persero) Tbk. 2023 Annual Report 433 Business Support Functions Overview
RkJQdWJsaXNoZXIy NTM2MDQ5