Financial industry security APRAisals


July 2020 looms, and like impending doom, the pressure keeps mounting while no solution seems viable. As an organisation in the financial sector, you have been advised that you need to demonstrate awareness of and alignment to the Australian Prudential Regulation Authority’s (APRA) CPS 234 Standard. You struggled to manage GS007 financial regulation, and now you need to also comply with CPS 234, not to mention all this new Privacy legislation. What are you to do?

This article follows on from last one when I looked at how to select the best framework to use as your primary control set, and how to baseline and manage your security environment (using both NIST and ISO 27001). Baselining the security environment against a single standard is the easiest way to start and quickly make some real progress, developing an Information Security Management System (ISMS) as the documentation set that can be evidenced by an auditor.

Getting started with CPS 234

Back to the story. With a reasonable grasp of information security and working with other standards such as ISO 27001, you ask yourself the most fundamental question: which of these financial standards should you start with and which should be drawn upon as additional requirements you need to meet at some point later…Click here to read full article.