By David Jacobson APRA has released a package of measures, titled Information Security Management: A new cross-industry prudential standard, for industry consultation. The package is aimed at improving the ability of APRA-regulated entities to repel cyber adversaries, or respond swiftly and effectively in the event of a breach. It enforces the guidance in CPG 234 and complements the requirements laid out in CPS 220, APRA’s cross-industry prudential standard on risk management..
The proposed new standard, CPS 234, would require regulated entities to:
clearly define the information security-related roles and responsibilities of the board, senior management, governing bodies and individuals;
maintain information security capability commensurate with the …read more
Source:: Bright Law