APRA (Australian Prudential Regulation Authority) expects all regulated entities to meets its requirements in CPS 234 by 1st July 2019.
Cyber Security has become so important that APRA knows it is not if, but when, regulated entities will have cyber incidents. APRA now requires the regulated entities to meet their cyber security standard CPS 234 to help them protect themselves from Cyber Security attacks.
Considering the 1st July is just around the corner and all these requirements will take many months to implement, time is quickly running out.
This is what APRA are expecting:
- Defined Cyber Security roles and responsibilities
- Defined and appropriate information security capability
- Internal Cyber Security policies
- Identify and classify information assets
- Implement strong Cyber Security controls
- Ability to detect and respond to Cyber Security incidents
- Test (including Penetration Testing) of Cyber Security controls
- Auditing design and effectiveness of Cyber Security controls
- Must now notify APRA in less than 72hours of a Cyber Security incident
We have helped many businesses meet the mandatory CPS 234.
If you need help, feel free to reach out and have a chat.
The APRA announcement is available at: https://www.apra.gov.au/media-centre/media-releases/apra-finalises-prudential-standard-aimed-combating-threat-cyber-attacks