Reminder: As June 2, 2025, starting from 10 am - 12 pm our website will be having maintenance.
Logo

Strengthening BUMN Cybersecurity through SK-275

18 June, 2025 - Cyber Security
bg

The Framework of SK-275

SK-275 adopts NIST and CIS as its primary references and introduces 15 priority cybersecurity controls categorized into five key areas including:

Category

Control Objectives 

Identity

Establish and maintain an inventory of all company assets.

Establish and maintain an inventory of all accounts.

Establish and maintain an inventory of all service accounts.

Protect

Restrict administrator access rights to designated administrator accounts.

Implement and maintain anti-malware software

Manage access controls for remotely connected assets.

Detect

Collect audit logs.

Centralize audit logs.

Review audit logs.

Configure automatic anti-malware scans on removable media.

Respond

Disable inactive accounts.

Assign personnel to manage the company’s incident handling process.

Establish and maintain an incident response process.

Recover

Perform automated backups.

Test backup recovery.

 

Alternative Measures: Risk Assessment

In cases where BUMN cannot fully implement the 15 controls, they must conduct a comprehensive risk assessment for any unimplemented minimum controls. This assessment should cover:

  • Risk Appetite: The level of risk the company is prepared to accept to achieve its goals.
  • Risk Treatment: Strategies to address identified risks effectively.
  • Risk Mitigation: Actions designed to reduce risks or their impact.

Reporting Obligations

BUMN are required to report their progress in implementing the established controls annually through the BUMN Annual Report to the Ministry of State-Owned Enterprises. This ensures ongoing accountability and alignment with the ministry's cybersecurity objectives.

Related Articles

Screenshot 2025-06-16 at 16.24.54.png

Cyber Security

Strengthening BUMN Cybersecurity through SK-275

June 18, 2025

To address growing cybersecurity challenges, the Minister of State-Owned Enterprises (BUMN), Erick Thohir, has issued new regulations on digital governance, including SK-275.

WhatsApp