Framework for Cyber Security Governance Framework for OT Security Framework for Cyber Security OperationsISO 27001 is designed as a standar and more of a test that requires certain measures to passCenter for Internet Security Critical Security Controls for Effective Cyber Defense (CIS-CSC)The CIS control is publication of best practice guidelines for computer security that organizations should implement to block or mitigate known attacksISA/IEC 62443International series of standards that address cybersecurity for operational technology in automation and control systemNIST SP 800-82R3Guide to Operational Technology (OT) SecurityNation Institute of Standard & Technology Cyber Security Framework (NIST CSF)The NIST CSF is designed as a guide, serves as an instruction manual. In the NIST CSF, there is no certification or audit process.1 2 43 5b. Information Security PolicyPT Pertamina Hulu Energi menggunakan kerangka berbasis ISO 27001:2022 (Information Security Management Systems (ISMS)) dalam pengaturan Tata Kelola Kelola Keamanan Informasi. PHE Subholding Upstream telah memiliki sistem Tata Kelola Keamanan Informasi yaitu berupa Pedoman dan Tata Kelola Organisasi (TKO) yang berstandard internasional ISO 27001:2022 Sistem Manajemen Keamanan Informasi. c. Enterprise Security Architecture (ESA, CS Fabric)i. Enterprise Security ArchitecturePertamina Hulu Energi telah mengembangkan Enterprise Cybersecurity Architecture yang komprehensif berdasarkan pada SABSA Framework, sebuah metodologi keamanan informasi yang terstruktur dan berlapis. Implementasi frameworkini memungkinkan perusahaan untuk menyelaraskan strategi keamanan siber dengan tujuan bisnis dan kebutuhan operasional secara holistik. Melalui pendekatan ini, Pertamina Hulu Energi dapat memastikan bahwa kontrol keamanan diterapkan secara konsisten di seluruh organisasi, dengan mempertimbangkan aspek bisnis, risiko, teknologi, dan manusia. Enterprise Cybersecurity Architectureini menjadi fondasi yang memperkuat postur keamanan siber perusahaan dan meningkatkan ketahanan terhadap ancaman yang terus berkembang dalam lanskap digital yang kompleks.b. Information Security PolicyPT Pertamina Hulu Energi uses a framework based on ISO 27001:2022 (Information Security Management Systems (ISMS)) in the arrangement of Information Security Governance Management. PHE Subholding Upstream has an Information Security Governance system in the form of Guidelines and Organizational Governance (TKO) which meets the international standard ISO 27001:2022 Information Security Management System.c. Enterprise Security Architecture (ESA, CS Fabric)i. Enterprise Security ArchitecturePertamina Hulu Energi has developed a comprehensive Enterprise Cybersecurity Architecture based on the SABSA Framework, a structured and layered information security methodology. The implementation of this framework allows the company to align cybersecurity strategies with business objectives and operational needs holistically. Through this approach, Pertamina Hulu Energi can ensure that security controls are applied consistently across the organization, taking into account business, risk, technology, and human aspects. This Enterprise Cybersecurity Architecture is the foundation that strengthens the company's cybersecurity posture and increases resilience to evolving threats in a complex digital landscape.HULU ENERGILaporan Keberlanjutan %u2022 Sustainability Report 322