Professional Documents
Culture Documents
It governance factors
Activity cycle
WHO
Business process
Governance
Organisational structure
Human resource
Information Flow
Hardware,software operationability and security
Pasal 4 Clear roles and responsibility between BOC, BOD, IT committee, and IT divisions
Pasal 5 BOD responsibility (Plan, set Policy,guidelines, communicate said guidelines , and evaluate
results)
Committee member
IT director
Risk Director
Head of IT divisions
Head of Business unit related to IT usage
Administration fines if don’t
Have IT committee
Have a specialised IT division
Have it mappings and regular evaluation of said mappings
Have clear responsibilities
Fines such as
Factors to be considered
Life cycle
Plan-design-implement-control
IT strategic planning
PASAL 15
IT RISK MANAGEMENT
NEEED TO HAVE
RISK IDENTIFICATION
RISK MEASURE
RISK MONITORING
RISK CONTROL
PASAL 16
IT Information security
Aspect :
People
Process
Technology
Physical
Pasal 17
PASAL 18
DRP
Identify
Perlindungan Aset
Deteksi insiden siber
Penanggulangan dan pemulihan
Pasal 22
RCSA
Pasal 23
Screnario testing
Penetration testing (source code SAST,MAST, Black-box Penetration test)
Pasal 25
Pasal 29
Identify vendor
Selection Process
Analisis IT VENDOR
Qualification
Cost benefit analysis
Risk factors
IF FOUND mishaps
IT infrastructure placement
Execption
Need to
Pasal 48
PASAL 53
Internal control
Need to have
Regular monitoring
Remediation to audit findings
Auditory bodies for IT process