Step 1-2%u2022 Implement SIEMfor continous security monitoring%u2022 Automate and Orchestrate with SOARStep 3-4%u2022 Enhance Endpoint Security with EDR and XDR %u2022 Insider Threat Monitoring with UEBA%u2022 Continous Network Monitoring With NDRStep 5-6%u2022 Continous Attack Surface Monitoring with ASM%u2022 Leverage CTI & TIP and Collaboration %u2022 PAM for Critical ResourcesStep 7-8%u2022 Prevent Data Leekage with DLP & ITDR %u2022 Regular Security Assesment (Pentest)%u2022 Red Team Excercise with BAS & CTEMStep 9-10%u2022 Utilize SASE/SSE for Secure Access%u2022 Adopt a Zero-Trust Security Model To effectively combat sophisticated cyber threat and implement next generation security technologies, organization need to take a comprehensive and proactive approach to cybersecurity. This involves understanding the evolving nature of cyber threats, recognizing the limitations of tradisional security tools, and adpoting advanced technologies that can anticipate, detect, and respond to threat in real-time.Pelindungan Data Pribadi (PDP)PT Pertamina Hulu Energi patuh terhadap perundangundangan Republik Indonesia dan memperhatikan aspek kepatuhan yang tertuang dalam Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi (UU PDP) adalah regulasi yang mengatur perlindungan data pribadi di Indonesia.Pada tahun 2024, Fungsi IT memulai dengan melakukan kajian/assessment kepatuhan atas regulasi UU PDP, melakukan assessment terhadap checklist yang diberikan PT Pertamina (Persero), kajian kebijakan dan pengenalan/sosialisasi Record of Processing Activities (ROPA).Selain itu, Fungsi IT juga membantu memfasilitasi untuk mengenalkan ROPA (Record of Processing Activities) adalah catatan yang berisi dokumentasi tentang bagaimana suatu organisasi memproses data pribadi. ROPA merupakan persyaratan dalam regulasi perlindungan data, termasuk dalam General Data Protection Regulation (GDPR) di Uni Eropa dan Undang-Undang Perlindungan Data Pribadi (UU PDP) di Indonesia. Sosialisasi ROPA kepada setiap fungsi diadakan di PHE Tower Jakarta pada tanggal 24 Oktober 2024.Saat ini, PT Pertamina Hulu Energi masih mempersiapkan tata kelola PDP dan arahan dari PT Pertamina (Persero) untuk memastikan keselarasan di Pertamina Group. IT Subholding Upstream tetap konsisten dalam menjaga komitmennya untuk melindungi aset informasi perusahaan dan mengelola keamanan informasi Perusahaan sebagai Objek Vital Nasional dari sektor Migas, guna memastikan keberlanjutan bisnis. Upaya ini senantiasa selaras dengan strategi bisnis yang berlandaskan pada transformasi digital, sehingga mampu mendukung pertumbuhan dan inovasi perusahaan secara berkelanjutan. Selama periode pelaporan, tidak ada pengaduan yang diterima perusahaan mengenai pelanggaran terhadap privasi pelanggan ataupun hilangnya data pelanggan. [GRI 418-1]Personal Data Protection (PDP)PT Pertamina Hulu Energi complies with the laws of the Republic of Indonesia and pays attention to the compliance aspects contained in Law Number 27 of 2022 concerning Personal Data Protection (UU PDP) which is a regulation that governs the protection of personal data in Indonesia. In 2024, the IT Function began by conducting a compliance study/assessment of regulations under the PDP Law, conducting an assessment of the checklist provided by PT Pertamina (Persero), policy reviews and introduction/dissemination of the Record of Processing Activities (ROPA).In addition, the IT function also helps facilitate the introduction of ROPA (Record of Processing Activities) which is a record containing documentation on how the organization processes personal data. ROPA is a requirement in data protection regulations, including the General Data Protection Regulation (GDPR) in the European Union and the Personal Data Protection Act (UU PDP) in Indonesia. The dissemination of ROPA to each function was held at PHE Tower Jakarta on October 24, 2024.Currently, PT Pertamina Hulu Energi is still preparing PDP governance and direction from PT Pertamina (Persero) to ensure alignment in Pertamina Group. The IT of the Subholding Upstream remains consistent in maintaining its commitment to protecting the company's information assets and managing the Company's information security as a National Vital Object from the Oil and Gas sector, in order to ensure business sustainability. This effort is always in line with the business strategy based on digital transformation, so as to support the company's growth and innovation in a sustainable manner. During the reporting period, the company received no complaints regarding violations of customer privacy or loss of customer data. [GRI 418-1]01020304050607080910Generating Shared Value for the Community Menciptakan Nilai Bersama bagi Masyarakat11 PT Pertamina Hulu Energi 331