Scribd Logo
Upload

Welcome to Scribd!

  • Cluster ICT - 2017-Print

    Uploaded by

    Hery Kurniawan
    20 views6 pages
    This document summarizes the key risks for the ICT cluster of PT Semen Indonesia (Persero) Tbk in 2017. Three main risks are identified: 1) Failure of device functions (data center and network) due to power supply disruptions, suboptimal maintenance, poor vendor performance, or cyber crimes. Controls include preventative maintenance, backup UPS, redundant data centers, authorization systems, and security agreements. 2) Cyber crimes from security holes, external/internal fraud, or human error. Controls include periodic firewall updates, implementing security information and event management, and perimeter security firewalls. 3) Incorrect data from poor design/configuration, input errors, fraud, or human error

    Original Description:

    nn

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes the key risks for the ICT cluster of PT Semen Indonesia (Persero) Tbk in 2017. Three main risks are identified: 1) Failure of device functions (data center and network) due to power supply disruptions, suboptimal maintenance, poor vendor performance, or cyber crimes. Controls include preventative maintenance, backup UPS, redundant data centers, authorization systems, and security agreements. 2) Cyber crimes from security holes, external/internal fraud, or human error. Controls include periodic firewall updates, implementing security information and event management, and perimeter security firewalls. 3) Incorrect data from poor design/configuration, input errors, fraud, or human error

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views6 pages

    Cluster ICT - 2017-Print

    Uploaded by

    Hery Kurniawan
    This document summarizes the key risks for the ICT cluster of PT Semen Indonesia (Persero) Tbk in 2017. Three main risks are identified: 1) Failure of device functions (data center and network) due to power supply disruptions, suboptimal maintenance, poor vendor performance, or cyber crimes. Controls include preventative maintenance, backup UPS, redundant data centers, authorization systems, and security agreements. 2) Cyber crimes from security holes, external/internal fraud, or human error. Controls include periodic firewall updates, implementing security information and event management, and perimeter security firewalls. 3) Incorrect data from poor design/configuration, input errors, fraud, or human error

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Process Cluster 10: ICT

    1 Trigger Strategic Request Service & Change Support Request Development


    Request Request

    Key Key Key Key


    Risk Risk Risk Risk
    Incident
    Management

    Perencanaan System Development Release Service Level Business Continuity


    2 Process Strategis Life Cycle Management Management Request Fulfilment Planning

    ICT Development ICT Business Continuity

    Problem
    Management

    ICT Services

    System Analyst &


    3 Input Hardware ICT Software & License Network Programmer Data & Informasi Data Center Power Supply

    Key Key Key Key Key Key


    Risk Risk Risk Risk Risk Risk

    4 Output ICT MP New Service Available, Secure, Disaster Recovery Disaster Recovery ICT Maturity Level
    Reliable Service Planning Center

    5 Customers HoldCo & OpCo Subsidiary Afiliasi Distributor Supplier Bank

    6 Partners Software Principle Software Provider Network Provider Hardware Provider Konsultan IT BPO Bank
    DAFTAR RISIKO
    PT SEMEN INDONESIA (PERSERO) TBK.
    TAHUN 2017

    Departemen Cluster ICT

    IDENTIFIKASI RISIKO PENGENDALIAN INTERNAL Analisis Risiko Evaluasi Penanganan Risiko (Mitigasi)
    Risiko
    Dokumen Terkait
    Pengendalian Yang
    No Nama Risiko Sebab Risiko L C TR RP Action Plan Unit/ PIC
    Dilakukan Keterangan
    (1) (2) (3) (6) (8) (9) (10) (11) (12) (13) (14)
    1 Risiko Kegagalan Fungsi Gangguan Power Supply Preventive Maintenance - Dokumen NMS 4 3 12 1 Koordinasi dengan Keuangan & Dept Layanan ICT
    Perangkat (Data Center & Pemeliharaan tidak optimal (Network Monitoring Akuntasi dan Procurement terkait
    Jaringan) Kinerja Vendor & Network System) Metode Pembayaran
    Provider tidak baik (co- Implementasi ISO 27001 Information
    location Data Center) Back Up UPS khusus ICT Kontrak Security Management System
    Fraud (pihak ketiga)
    Suspend Layanan Provider
    Sebab Kahar (Force Majeure) Redundant Data Center di Perintah Kerja (dalam
    Cyber Crime tempat yang berbeda pengembangan)
    (pihak ketiga)
    By System
    Sistem Otorisasi dan Audit
    IT Security System Prosedur Security
    Management

    Non-Disclosure Agreement Dokumen NDA


    IDENTIFIKASI RISIKO PENGENDALIAN INTERNAL Analisis Risiko Evaluasi Penanganan Risiko (Mitigasi)
    Risiko
    Dokumen Terkait
    Pengendalian Yang
    No Nama Risiko Sebab Risiko Dilakukan L C TR RP Action Plan Unit/ PIC
    Keterangan
    (1) (2) (3) (6) (8) (9) (10) (11) (12) (13) (14)
    2 Risiko Cyber Crime Security hole Update patch firewall - Dasboard Firmware 4 3 12 2 Implementasi Security Information & - Biro Demand
    External fraud secara periodik (otomatis, perangkat Event Management (SIEM) Management &
    manual) Implementasi perimeter security Bisnis Proses
    firewall jaringan di OpCo, saat ini baru - Biro Operasi ICT
    terpasang di Gateway internet saja. SP / ST / SG

    Menyediakan teknisi yang


    mempunyai kompetensi dalam
    Internal fraud Menyediakan aplikasi - Aplikasi Service Desk menyelesaiakan gangguan
    Human Error Service Desk untuk
    melaporkan gangguan

    3 Risiko Salah Data Salah Desain & Konfigurasi Menyediakan aplikasi - Aplikasi Service Desk 3 1 3 3 Menyediakan teknisi yang - Biro Demand
    Salah Input Service Desk untuk (Incident request) mempunyai kompetensi sesuai Management &
    Fraud pelaporan gangguan aplikasi yang digunakan oleh user Bisnis Proses
    Human Error - Biro Operasi ICT
    User Knowledge/Skill Validasi entri data pada - Aplikasi yang di-release SP / ST / SG
    Work Overload setiap aplikasi yang ICT
    digunakan oleh user
    Mengatur hak akses user - Role matrix user
    dalam menggunakan
    aplikasi

    4 Risiko Salah Input (Human User Knowledge/Skill 0


    Error) Work Overload
    IDENTIFIKASI RISIKO PENGENDALIAN INTERNAL Analisis Risiko Evaluasi Penanganan Risiko (Mitigasi)
    Risiko
    Dokumen Terkait
    Pengendalian Yang
    No Nama Risiko Sebab Risiko Dilakukan L C TR RP Action Plan Unit/ PIC
    Keterangan
    (1) (2) (3) (6) (8) (9) (10) (11) (12) (13) (14)
    5 Risiko Penggunaan Illegal Ketidaktahuan Melakukan pembatasan User Active Directory 3 1 3 4 Penerapan asset management tool Biro Kinerja & Tata
    Software Penggunaan Komputer instalasi software pada yang terintegrasi dengan permintaan Kelola ICT Group
    Pribadi end user device oleh user Biro Operasi ICT
    Pemakaian software SP / ST / SG
    melebihi kuota Mencatat permintaan Tiket Permintaan
    software dari user (software)
    menggunakan aplikasi
    Service Desk
    Melakukan evaluasi Evaluasi & Approval
    kebutuhan pada tiket permintaan
    permintaan software dari
    user

    1 Risiko Project Procurement Permintaan Project yang Menetapkan PMO untuk - Dokumen SDLC 4 4 16 1 Koordinasi dengan user peminta Dept ICT
    (Delivery Time) mendadak mengontrol project Koordinasi dengan procurement Development
    Kinerja Vendor / Supplier Membuat kontrak payung project
    (wanprestasi) Progress mingguan & development
    Proses Procurement yang Bulanan - Project Management Menetapkan standard waktu
    lama Tools procurement & SDLC
    - Laporan Bulanan

    2 Risiko Salah Desain (termasuk Salah Requirement (user & Menetapkan blueprint - Dokumen blueprint 4 4 16 3 Membuat standard dokumen Dept ICT
    pemilihan platform) teknologi) sebagai acuan project blueprint, Quality Assurance dan User Development
    Kompetensi Engineer Acceptance Test
    Kendala budget project Menetapkan personel - Dokumen testing
    (anggaran dan/atau waktu) khusus untuk melakukan
    testing
    IDENTIFIKASI RISIKO PENGENDALIAN INTERNAL Analisis Risiko Evaluasi Penanganan Risiko (Mitigasi)
    Risiko
    Dokumen Terkait
    Pengendalian Yang
    No Nama Risiko Sebab Risiko Dilakukan L C TR RP Action Plan Unit/ PIC
    Keterangan
    (1) (2) (3) (6) (8) (9) (10) (11) (12) (13) (14)
    3 Risiko Kegagalan Change Delivery time procurement Menetapkan SOP - Dokumen SOP 3 4 12 4 Membuat standard dokumen SOP Dept ICT
    Management (Strategi tidak tepat waktu dan user role matrix Development
    Implementasi) Komunikasi & koordinasi Menetapkan User Matrix - Dokumen user role
    antar proyek - user matrix Memastikan dilakukan training Business Process
    Konflik prioritas antara Melakukan training dan terhadap aplikasi yang dikembangkan Owner
    proyek dengan support kepada user - Dokumen user guide
    user/management

    4 Risiko Project Perubahan Kebijakan Pengerjaan project sesuai - Dokumen Form User 4 4 16 2 Membuat dokumen blueprint dengan Dept ICT
    Request/Requirement Manajemen & Organisasi dengan Business Blueprint Requirement melibatkan semua BPO Development
    Melampaui Scope Awal Salah Requirement (user
    atau teknologi) - Dokumen Business Business Process
    Perkembangan Teknologi Blueprint Owner

    5 Key Person meninggalkan Mutasi dan Promosi Untuk satu role diisi oleh - SK Mutasi dan 3 3 9 5 Menetapkan standard kontrak Dept ICT
    project Vendor wanprestasi lebih dari 1 orang Organisasi procurement tentang key person Development
    Vendor mundur Disebutkan aturan - Kontrak Procurement project dengan vendor
    Perubahan organisasi pengunduran diri vendor - Dokumen Teknis terkait Dept.
    dalam Kontrak aplikasi Untuk project business related Procurement
    procurement dibuatkan SK Team
    Dokumentasi aplikasi
    dibuat selengkap mungkin Progress rutin project
    (Dokumentasi teknis dan
    business process)
    IDENTIFIKASI RISIKO PENGENDALIAN INTERNAL Analisis Risiko Evaluasi Penanganan Risiko (Mitigasi)
    Risiko
    Dokumen Terkait
    Pengendalian Yang
    No Nama Risiko Sebab Risiko Dilakukan L C TR RP Action Plan Unit/ PIC
    Keterangan
    (1) (2) (3) (6) (8) (9) (10) (11) (12) (13) (14)
    6 Risiko Masterplan ICT Teknologi Obsolete Review ICTM minimal 1 - ICT Master Plan 2 2 4 6 Melakukan review secara rutin Dept ICT
    Perubahan arah strategi tahun sekali minimal 1 kali dalam satu tahun Development
    perusahaan
    Dept. ICT Services

    You might also like