CPS 234 NSW Morning Briefing
Thank you to Jason Anderson and Wayne Bozza for their insightfull perspectives. And thanks to Paul Schofield for his fantastic facilitation and direction.
CPS 234 NSW Morning Briefing
With the passing of the July 1st deadline, ARPA regulated entities must meet the mandatory Prudential Standard CPS 234. The Standards have been created to improve resilience against information security threats, and those entities need to put the correct implementation strategy in place to safeguard themselves in the information age.
A key objective is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.
Super Risk Symposium - Melbourne 14/08
It was a great session, on the impact of the new CPS 234 regulation, thanks to Rob Pickering who facilitated the debate and to Joss Howard and Matt O'Keefe for their great insights.
Super Risk Symposium - Melbourne 14/08
Information security is all about risk management. With APRA’s CPS 234 framework now live, how do funds need to be secured and why? What is an acceptable risk? And what is the lasting impact if valuable data is compromised, exposed or unavailable?
This session will explore how funds are demonstrating compliance with the new prudential standard and the strategies being used in safeguarding systems against information security threats.
[Update] Info and tickets at https://bit.ly/2GGHp8v
š” Conference Transcript: Building an Information Security Policy Framework
Following my presentation on Building an Information Security Policy Framework at the "Implementing CPS 234" conference held in Sydney in May 2019, I received many requests to publish a transcript. Thank you all for your interest and for the large amount of feedback you shared with me. As promised, here is an augmented transcript of my presentation.
It covers an overview of what a Policy Framework is, and why it is an essential part of any Information Security program; the various existing frameworks used across the industry, their strengths and limitations; a methodology to create a flexible framework, supported by a risk assessment and a strong understanding of the assets owned by the institution and the threats they are exposed to; and an approach to define an adequate control set and how to prioritise its implementation.
"Implementing CPS 234" conference
I will be talking on how to build an information security policy framework that is agile to changing threats.
š” Public Cloud āļø - Australia and New Zealand Regulatory Landscapes
More than ever, financial institutions in Australia and New Zealand are moving toward public cloud computing as a way to benefit from easy to use, flexible, cost effective and reliable infrastructures and services. Despite its substantial benefits, cloud computing also creates a complex new environment for financial institutions to navigate. Regulators in Australia and New Zealand are evolving their requirements and guidelines. It results in a growing expectation that financial institutions have a robust governance over their outsourcing process and ensure a high level of oversight of their cloud service providers. This article discusses the regulatory requirements around usage of Cloud Services in Australia and New Zealand and how to satisfy them.
Read Moreā¦š” APRA CPS 234: Are you ready?
The Australian Prudential Regulation Authority (APRA) just published the final version of the Prudential Standard CPS 234 (Information Security), that will be enforceable by 1 July 2019. Have you assessed your readiness? This article reviews the main expectations from the regulator and provides some guidance on how to ensure timely compliance.