In my work with NTT, I've recently been dealing with several FSI-based (Financial Services Industry) organisations who have to comply with the Australian Prudential Regulation Authority (APRA) Standard CPS 234 July 2019. Here's a brief overview of what that compliance with CPS 234 entails:
- APRA CPS 234 is Cybersecurity 101 for Banks, Insurers and related institutions.
- As with standards like ISO27001:2013, it is a risk-based approach about ensuring that adequate CIA (Confidentiality, Integrity and Availability) is maintained for information assets.
- The Board is ultimately responsible for ensuring appropriately robust policies and controls are in place for both the organisation and 3rd party contractors.
- Per basic concepts in CISSP (Certified Information Systems Security Professional), controls should really only be implemented if the cost of control implementation is less than the costs of the data being lost/breached.
- To this effect - the information security capability basically has to pass the "reasonableness" test
- The security capability should match the size and extent of threats
- The controls should match criticality and sensitivity of the assets
- CPS 234 aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyberattacks) by maintaining an information security capability commensurate with information security vulnerabilities and threats:
- Know your responsibilities (The board is ultimately responsible).
- Know what you have and protect it appropriately. An APRA-regulated entity must classify its information assets, including those managed by related parties and third parties, by criticality and sensitivity.
- Ideally - should be using Azure Info protection or similar to provide security labels (e.g. classification, sensitivity or dissemination limiting markers) to drive preventative and detective controls.
- Detect and React appropriately:
- Have Incident Plans and RACIs (Responsible, Accountable, Consult, Inform) in terms of response
- Appropriately skilled people to detect incidents. This requires user awareness and security practices.
- Notification of breach within 72 hours.
- Implies that proper threat detection (pro-active) and monitoring systems should be in place. If you don't know it's happening then you can't comply.
- Test and Audit Regularly. Must test effectiveness of controls with a systematic testing program - that is run at least annually.
- This lends itself to regular, automated (static/dynamic) testing.
It is always critical to keep in mind that threats come from both threat actors inside (insider threat) and outside the organisation (organised or individual actors) - which lends itself to zero trust approaches to cybersecurity.
11 comments:
Nice blog and articles. I am realy glad to visit your blog. Presently I am discovered which I really need.
360DigiTMG
This was certainly one of my preferred web journals. Each post distributed impressed me.
hrdf claimable courses
This is a great motivational article. In fact, I am happy with your good work. They publish very supportive data, really. Continue. Continue blogging. Hope you explore your next post
what is hrdf
Happy to visit your blog, I am by all accounts forward to more solid articles and I figure we as a whole wish to thank such huge numbers of good articles, blog to impart to us.
data science course in delhi
Wow, amazing post! Really engaging, thank you.
Data Science Training in pune
360DigiTMG, the top-rated organisation among the most prestigious industries around the world, is an educational destination for those looking to pursue their dreams around the globe. The company is changing careers of many people through constant improvement, 360DigiTMG provides an outstanding learning experience and distinguishes itself from the pack. 360DigiTMG is a prominent global presence by offering world-class training. Its main office is in India and subsidiaries across Malaysia, USA, East Asia, Australia, Uk, Netherlands, and the Middle East.
Thanks for sharing. I really appreciate your blog. Read my blog Latest Hair Styles For 2022.
Fantastic post from you guys, which astonished me since I learned a lot from your blog. It is truly extremely useful and original stuff for everyone who want to get knowledge from the post. Thank you for providing this information.
Here is sharing Talend ETL Testing related stuff may be its helpful to you.
Talend ETL Testing Training
Biology doesn't have to be difficult. You can learn and do better under guidance. The Tutors Help is here to ease your study life. Our experienced biology tutors are prepared to guide you throughout the way.
Chat with The Tutors Help today and obtain the biology assignment help you need. Let's study together in a fun and convenient manner!
https://www.thetutorshelp.com/biology-assignment-help.php
Biology Assignment Help
English homework is hard, but you don't have to battle it. With The Tutors Help, you receive expert aid that makes you grasp the subject better and achieve more marks. From essays and literature to grammar, we are here to assist you through every step.
Ditch your English homework—employ expert assistance today from The Tutors Help and make learning and enjoyment simple!
https://www.thetutorshelp.com/english-assignment-help.php
English Assignment Help
Infuse your lifestyle with sacred strength and fashion elegance through Apna Showroom’s combo. The blessed Brass Gangajal Kalash from Har Ki Pauri and a holy Shivling promote positivity in your space. Accentuate your beauty with Hari Rose pin brooches, maintain hygiene with a lice comb, and turn heads with fishnet stockings, net socks, and tic tac hair pins. Perfect for modern devotees who honor tradition and style. Apna Showroom Women's net Fishnet Lingerie Stockings - Fishnet Stockings for women - (Black Free Size) Pack of 2
Apna Showroom Baby Boy's and Girl's Night Suit for 0-6 Months Combo Set Pair of 2 (4 Pieces) Newborn Baby Night Suits cotton with desent Look
Apna Showroom Women's Nylon Underskirt Pantyhose Stockings for women - (Black Free Size) Pack of 1
Novasox Ankle High Fishnet Mesh Women Socks, Women Fishnet Mesh Ankle Socks
Apna Showroom Men's and Women's Metal Hair Bands (Black) Combo set of 5
This powerful combination also makes a thoughtful gift. Find your spiritual rhythm and aesthetic confidence with this all-in-one collection from Apna Showroom.
Post a Comment