Dari hasil monitoring top risk tersebut, belum ditemukan cyber attack yang menembus infrastruktur TI di PHE. Dalam proses mitigasi risiko 2024, telah dilakukan update versioning perangkat parameter security, implementasi Development Security Operation (DevSecOps) sebagai platform/media baru untuk pengembangan Solusi layanan IT telah launching per September 2024, dan IT System Rejuvenate berupa peremajaan layanan IT (aplikasi, database, dan infrastruktur). Dalam menjamin kelangsungan operasional dan layanan TI, dilakukan uji coba disaster recovery atas IT System Rejuvenateyang dilaksanakan pada Desember 2024. Dashboard Monitoring Attack Periode Desember 2024 Subholding UpstreamTop Risk Cyberattack Monitoring Dashboard for Period of December 2024 of Subholding UpstreamPengelolaan Risiko Cyber AttackTop Risk merupakan daftar/profil risiko yang perlu mendapat perhatian utama dari Direksi yang melampaui threshold dan/atau sesuai diskresi Direksi. Risiko Cyber Attack menjadi salah satu Top Risk 2024 dari Fungsi IT. Secara rutin Fungsi IT membuat laporan dashboard monitoring yang mencakup kegiatan risk assessment, risk treatment, monitoring & review, dan communication & consultation. Laporan yang telah disusun disampaikan kepada Fungsi Risk Management untuk dilakukan challenge session, approval, dan upload dokumen Top Risk yang telah ditinjau oleh pimpinan tertinggi Fungsi IT menggunakan sistem ERMS. Pada tahun 2024, terdapat 46 (empat puluh enam) Risk Treatment, di mana realisasi pengelolaan Top RiskFungsi IT periode 2024 (Risk Management Performance) adalah sebesar 100% dari annual plan. Berikut adalah Dashboard Monitoring Top Risk Subholding Upstream periode Desember 2024:Cyberattack Risk ManagementTop Riskis a list/profile of risks that need primary attention from the Board of Directors that exceed the threshold and/or according to the Board of Directors' discretion. Cyber Attack Risk is one of the Top Risks in 2024 from the IT Function. The IT Function routinely creates a monitoring dashboard report that includes risk assessment, risk treatment, monitoring & review, and communication & consultation activities. The prepared report is submitted to the Risk Management Function for a challenge session, approval, and upload of Top Risk documents that have been reviewed by the highest leadership of the IT Function using the ERMS system. In 2024, there were 46 (fortysix) Risk Treatments, where the realization of the management of the Top Risk of the IT Function for the 2024 period (Risk Management Performance) was 100% of the annual plan.The following is the Upstream Subholding Top Risk Monitoring Dashboard for the December 2024 period:From the results of the top risk monitoring, no cyber attacks have been found that have penetrated the IT infrastructure at PHE. In the 2024 risk mitigation process, a versioning update of the security parameter device has been conducted, the implementation of Development Security Operation (DevSecOps) as a new platform/media for the development of IT service solutions has been launched in September 2024, and IT System Rejuvenate in the form of rejuvenation of IT services (applications, databases, and infrastructure). In ensuring the continuity of IT operations and services, a disaster recovery trial was conducted on the IT System Rejuvenate which was conducted in December 2024.0102030405 Good Corporate Governance Tata kelola Perusahaan0607 PT Pertamina Hulu Energi 621