Conventional Sharia Priority Prospera About BTN
Investor Relation PPID Career |
icon-individu
Profile

Contact Us

150286 1500286 +62 87771500286 @bankbtn @Facebook @btn @btn @bankbtn PT Bank Tabungan Negara

Simulation & Information

Simulation

Converter E-Converter Kurs Calculation Deposit Deposit Simulation Credit Consumer Credit Simulation
panah Service Rates arrow SBDK

Lokasi Cabang

EN | ID |

Saya sedang mencari layanan

Conventional
Conventional
Syaria
Sharia
Priority
Priority
Conventional
Prospera
banner mobile about
About BTN
Investor Relation PPID Career
Back

Cyber Security

As the digital era continues to evolve, BTN consistently innovates to provide convenience and ease in transactions. However, digital service expansion also brings risks related to information security, such as identity theft, data leakage , and data misuse.

BTN recognizes that protecting customer data is a top priority. Therefore, BTN is fully committed to maintaining the highest standards in serving and protecting your data across all our line of business.

BTN has established an IT Security Division under the Directorate of IT, focusing on comprehensive information security management. This unit is actively supervised by the Board of Directors through the Information Technology Steering Committee (KPTI). IT Security Division has developed and implemented a framework aligned with regulatory requirements and international cybersecurity best practices. This ensures continuous resilience in cybersecurity strategy and operations, broadly categorized into three main aspects: People, Process, and Technology.

People

IT Security Division has dedicated personnel and resources to ensure comprehensive information security management across strategic, governance, operational, and continuous 24x7 monitoring with a prevention and detection approaches.

BTN also has a Digital and Operational Risk Management Unit that independently monitors information security risks to align with BTN's risk appetite and strategy. To ensure the adequacy of information security functions, BTN conducts annual audits both internally (through the Internal Audit Unit) and externally (via reputable Independent External Parties).

BTN also recognizes that information security depends on the awareness of all involved parties, We regularly conducts information security awareness campaigns and training for all relevant stakeholders, including :

  • Customer Cybersecurity Awareness Programs : Providing education on data security and safe transaction practices through our website (https://www.btn.co.id/id-ID/Security-Awareness), e-channels, social media, and marketing events.


  • Continuous Cybersecurity Training : Hosting training sessions and campaigns through various media


  • Cybersecurity Simulations : Testing employee readiness through scenario-based security simulations


  • Cybersecurity Certifications : Providing training and certification for employees.


Process

BTN implements governance that comply with regulations and international standards for information security, documented in various policies, including :

  • IT Procedure Policy No. KK.5-A


  • IT Security Policy No. KK.5-B


  • Data Governance Policy No. KK.9-M


  • Logical Access Control System Governance Policy No. KK.9-Q


  • Digital & Cyber IT Risk Management Policy No. KK.8-E

BTN has a dedicated Computer Security Incident Response Team (CSIRT) responsible for responding to information security incidents. CSIRT is a collaboration between the IT Security Division, other BTN units, and external institutions, including the National Cyber and Crypto Agency (BSSN) and the Ministry of Communication and Digital (Komdigi). The team ensures effective and swift responses to threats using the following framework :

  1. Preparation : Incident management planning, including cybersecurity maturity assessments, maintaining a cybersecurity incident playbook, and regular security awareness education.
  2. Detection & Analysis : Monitoring system vulnerabilities, network traffic, conducting regular security testing, and ensuring the effectiveness of established protection controls.
  3. Containment, Eradication & Recovery : Managing cyberattacks and restoring system operations with a structured approach, including evidence collection, impact containment, system recovery, eradication, and escalation and reporting.
  4. Post-Incident Activity : Developing lessons learned and updating the incident playbook as part of continuous improvement.

BTN has also obtained ISO 27001:2022 Certification for Information Security Management System (ISMS), demonstrating compliance with information security standards.

Technology

To ensure information security, BTN implements the principle of defense-in-depth , ensuring each technology layer is protected with advanced security tools. This multi-layered security approach covers hardware, software, networks, applications, and data to minimizing the risks of information leaks and cyberattacks.

By implementing advanced security technologies at every level, BTN aims to create a resilient ecosystem capable of addressing various evolving security threats.