joseph armstrong augusta Georgia | APRA’s new mandatory Prudential Standard, CPS-234, commenced on 1 July 2019


It specifies new cybersecurity requirements to ensure APRA-regulated entities tighten their cybersecurity against information security incidents (including cyberattacks). But does it go far enough?
The regulation seeks to minimise the likelihood of and impact of information security incidents concerning confidentiality, integrity and information systems, by ensuring information security capability is commensurate with information security vulnerabilities and threats.

patrick armstrong augusta

Cyber Security Consulting reviewed this requirement against requirements set by industry bodies, including ISO 27001, NIST Cyber Security Framework, SOC2 Trust Services Criteria, The Australian Government Information Security Manual (ISM) and PCI DSS. They found the APRA CPS-234 regulation lacked aspects of information security control likely required to protect your organisation.

Comparison of APRA 234 information security requirements to other industry frameworks and standards.


Security policies based solely on CPS-234 may omit critical aspects of an information security management plan necessary to keep your organisation safe.
Cyber Security Consulting, has developed a list of 24 questions to uncover if your organisation is APRA CPS 234 compliant.

joseph armstrong augusta

 This partial list includes questions on supply chain related areas in APRA CPS 234. This is a new focus for APRA, but one which Cyber Security Consulting believes will impact all industry sectors in the future.
Six Questions to ask your Supply Chain
Most likely tool to support an organisation in achieving this

Are security controls that protect your information assets, including those managed by third parties, implemented in a timely manner and are they commensurate with: (a) vulnerabilities and threats to the information assets; (b) the criticality and sensitivity of the information assets; (c) the stage at which the information assets are within their life-cycle; and (d) the potential consequences of an information security incident?
Information Security Policies and/or Framework
And
Risk Assessment Method
Does the organisation classify its information assets, including those managed by related parties and third parties, by criticality and sensitivity?
Information classification and handling policy and standard

Does your organisation assess the design of information security controls put in place by all third parties that manage information assets on your behalf?
Supply chain governance framework
Does your organisation assess whether third parties who manage your information assets have an appropriate systematic testing program? 
Supply chain governance framework
And
Information Security Testing Framework
Does your organisation have a formal governance process that assesses the information security capability of third parties and related third parties that manage information assets commensurate with the potential consequences of an information security incident affecting those assets? 
Supply chain governance framework
Does your organisations internal audit activities include a review of the design and operating effectiveness of information security controls, including those maintained by related parties and third parties (information security control assurance)?
Information Security Control Assurance guideline for audit team

Contact Cyber Security Consulting today for access to our full, detailed guidelines for implementing APRA 234, including templates. Or for general advice on how to deliver APRA CPS-234 as part of your overall information security program.



Comments

Post a Comment

Popular posts from this blog

joseph armstrong augusta georgia | Relevance of Cyber Basics and also Actions for Qualification

Do you think your organization wants a protection from cybercriminals? To maintain your certification and also client details from cyberpunks and also offenders, Cyber Vital Accreditation is necessary. They are federal government executed a system that helps you to protect your ventures saved details versus on-line cyber-attacks. GDPR or General Information Defense Regulation ensure the personal privacy of your individual information, yet they do not give any kind of certain actions to do so. This policy informs that you are accountable for your own individual data and also it's your responsibility to shield them. This part of safety and security can be guaranteed by Cyber Essentials safety and security plans when it involves system as well as kept information. Why Cyber Basics? Cyber-attacks are the most usual criminal task happening in current times. Boost in these criminal activity rates has actually influenced the revenue as well as reputation of those companies ...
Read more

joseph armstrong augusta Georgia | How Can Item Mangers Manage Individuals?

So what do item mangers handle? Usually I would certainly agree with you if you responded to "products"; nonetheless, I have actually been offering this some thought and also I assume that we're fizzling if that's our response. If you think about it, what we really spend our time doing is taking care of individuals and also wishing that they will aid us to make our items effective. That being claimed, did you ever before obtain any training on exactly how to mange people? patrick armstrong athens Item Managers Don't Make Beautiful Songs Among the a lot more popular means to think about the how item mangers do their work is to visualize them as being band conductors. You can almost envision yourself standing in front of everyone that works for your firm, tapping your conductor's stick on the sheet music stand in front of you, and after that with a prosper you start. First up is the demands group, before they are done the item designers ac...
Read more

patrick armstrong Athens | Computer system Software application

Computer system PC software application is so hired contrast to computer, which includes the physical affiliations and devices required to store and also carry out (or run) the software program. Computer software program is kept in the storage space of computers for a really certain function and also does the function of the program it applies, either by directly giving directions to the computer hardware or by functioning as an input to another piece of software. PC software application is called the information refined by the systems. Computer PC software program is a significant kind of copyright, both from the viewpoint of the intellectual imagination called for to generate it as well as the sensible as well as industrial value of good items. Software application is an ordered sequence of directions for transforming the state of the computer in a certain series. Software program might additionally be written in a setting up language, essentially, a mnemonic representation of...
Read more