<![CDATA[Amid the rapid advancement of technology that enhances operational effectiveness and efficiency, cybersecurity risks have simultaneously increased, threatening data security. PT Kereta Api Indonesia (Persero), a state-owned enterprise, experienced a significant data leak incident in 2024, underscoring the urgent need for robust IT governance. This study evaluates the company’s cyber risk management using the IT Governance Theory framework. A qualitative descriptive approach was employed, incorporating observation, in-depth interviews, and document analysis. Findings show that although PT KAI has implemented an Information Security Management System (ISMS) and provided employee training, key challenges persist, including low employee awareness (IT Principles), limited system integration (IT Architecture), and insufficient adoption of emerging technologies (IT Infrastructure). This study proposes a cyber risk management development model based on the five IT Governance domains: IT Principles, IT Architecture, IT Infrastructure, Business Application Needs, and IT Investment and Prioritization. The proposed model aims to strengthen the organization’s ability to identify, detect, respond to, recover from, and adapt to cyber incidents, thereby enhancing IT governance, particularly in the context of Indonesian state-owned enterprises.]]>
Copyrights © 2025
