IT Security capability development
CISO division has developed and
implemented
Security
Awareness Program to educate and train all employees from BoD & BoC,
Manager,
Staff, Clerk to increase employees’ security awareness level. Security
Awareness
Program has thematic topics and using various methods (e.g. Newsletter,
Podcast,
Poster, e-Learning).
Sample of topics: Data classification, how to handle data properly, How
to
transfer
data securely, How to identify phishing email, etc. This Security
Awareness
Program
also covers contractors and third party as audiences. In addition, CISO
division
also test the employees by conduction phishing email campaign to equip
employees
with near-real phishing attack experience, so they can identify and
avoid
phishing
email.
Bank Mandiri Human Resources Which Receiving Cyber-Security Training & Awareness Based On Job Level
As of June 2022, Bank Mandiri has established the EDA (Enterprise Data Analytics) Division, comprising over 140 data scientists and data analytics professionals. Additionally, the bank operates the CISO Division, which comprises 87 employees dedicated to the management of cybersecurity threats. To ensure adherence to international standards and best practices, Bank Mandiri has also implemented and obtained certification in various areas:
- ISO 27001 For Security Operation Center To Manage Cyber Security Threats In Banking Systems & Cyber Operations
- ISO 9005 For Contact Center, Operation Of Data Center, Disaster Recovery Center & IT Infrastructure
- ISO 20000 For IT Application Support
- ISO 37001 2021 For Anti-Bribery Management Support
- ISO 17025:2017 For Laboratory Forensic Digital
- ISO 90001 For Contact Center, Data Center, Disaster Recovery Center & IT Infra
- Bank Mandiri Has A CSIRT (Computer Security Incident Response Team) That Is Capable Of Detecting And Responding To Cybersecurity Incidents Properly Which Is Registered To National Cyber And Crypto Agency (BSSN – Badan Siber Dan Sandi Negara).
Bank Mandiri
maintains a
dedicated CSIRT (Computer Security Incident Response Team) that possesses the
proficiency to detect and effectively respond to cybersecurity incidents. In a
commitment to bolster its cybersecurity defenses and actively contribute to
national
cybersecurity efforts, Bank Mandiri's CSIRT is registered with the National
Cyber
and Crypto Agency (BSSN - Badan Siber dan Sandi Negara).
The scope of the personal data protection strengthening program covers not only
customer personal data but also the personal data processing of employees and
third parties working with Bank Mandiri. The personal data protection
strengthening program consists of 15 main activities: