IPB University continues to strengthen the implementation of governance, risk, and compliance (GRC) in information technology management to safeguard digital systems and protect the personal data of the academic community.
Through the Institute for Information Management and Digital Transformation (LMITD), IPB University conducts identification of critical assets, risk assessments, and mitigation strategies to ensure the continuity of digital based academic services.
The Chairman of LMITD IPB University, Ir Julio Adisantoso, MKom, explained that the implementation of GRC in the management of information and communication technology (ICT) has been carried out by the IT team as part of the requirements of external audits.
He emphasized that the management of ICT systems at IPB is conducted independently by the internal team. “This has become a requirement from the audit conducted by PricewaterhouseCoopers (PwC),” he stated.
The LMITD team has also carried out risk assessments and mitigation measures for information and communication technology systems. He explained that the first step involves identifying the critical information assets owned by IPB University and analyzing potential threats to networks and information systems, which continue to increase over time.
The next stage involves conducting an assessment or scoring of the risk level for each asset. This evaluation refers to the standards of the National Institute of Standards and Technology (NIST) using a qualitative approach that calculates risk values based on the likelihood of threats occurring and the potential impact.
“If the score is between 15–25 it is classified as high, 8–14 as medium, and 1–7 as low. If it is high, we must carry out mitigation immediately,” he explained.
According to Julio, the data center becomes the central node of the entire campus network and therefore has the potential to become a single point of failure. If disruptions occur at this facility, all IPB University information systems could be affected.
In addition to physical infrastructure risks, the LMITD team has also identified vulnerabilities in applications, databases, and user behavior, considering that the number of user accounts has exceeded 50.000.
He noted that digital security awareness among users remains a challenge, particularly regarding weak password usage and the potential for phishing attacks.
As part of mitigation efforts, IPB University has implemented several short- and medium-term strategies, including strengthening access security through multi-factor authentication, network segmentation, and data backup policies based on the 3-2-1 backup rule.
Furthermore, LMITD regularly conducts application audits, penetration testing, and strengthens encryption for sensitive data such as identity numbers, phone numbers, and financial information. (dr) (IAAS/KAL)
