The importance of accurately identifying and communicating a business’s risk exposure has never been more critical. This is particularly true for audit and security managers who undertake cyber security audits.
Read MoreCyber security compliance is a growing obligation for businesses across every industry. In some cases, this is a mandatory requirement. Whilst this is a challenge for all organisations, for many it’s overwhelming since they don’t have the expertise to decipher the standard and apply it to their own IT infrastructure.
This blog post takes a look a how to get started with security compliance.
Read MoreAn increasing number of regulations and standards across many different industries are stipulating the cyber security controls that should be implemented by businesses and governments to protect their information. A recent collaboration between the Monetary Authority of Singapore (MAS) and the Bank of England (BofE) has seen them develop best practices for supervising cyber risk in banks and financial organisations. Standards are a great way to consistently explain the security target organisations should strive for, where they have a requirement to protect sensitive information like credit card numbers and personally identifying information. However, the issues relating to achieving cyber security compliance almost put the targets out of reach.
Read MoreThe latest Protective Security Policy Framework (PSPF) compliance report for the period 2017-18 was released by Australia’s Attorney General’s Department last week. The PSPF defines the Australian Government’s security classifications and associated handling protections of official information.
Read MoreAPRA CPS 234, the new Australian Prudential Regulatory Authority (APRA) Prudential Standard came into effect on 1st July 2019. The prudential regulator has warned businesses not to be complacent; 36 breach notifications have been received in the first four months of the new regime.
Read MoreThe latest buzzword to emerge from FinTech is RegTech, which brings with it the promise of technical solutions that ensure organisations remain compliant in raising financial risk management to an effective business process.
Read MoreAny organisation, no matter the size, that is required to comply with the Payment Card Industry Data Security Standard (PCI DSS) needs to implement a comprehensive ICT security capability to ensure they pass their annual review. The PCI standard contains auditing and monitoring requirements that ask entities to collects logs and raise alerts when they are under attack from cyber adversaries. Let’s explore this requirement and look at how your managed security service can help your customers achieve PCI DSS compliance without the need to redesign their network architecture or systems infrastructure.
Read MoreComparing legislative and compliance security frameworks, you will see a definite synergy in what they suggest is important to security monitoring. Interestingly, their focus isn’t on collecting every piece of information and security-related event, then trying to figure out what to do with it. What you need to do is understand the value of specific log sources in your ability to detect threats, then tune them to make sure you get the optimum flow of information from them.
Read MoreOn the 1st July 2019, the Australian Prudential Regulatory Authority (APRA) Prudential Standard CPS 234 came into effect. APRA CPS 234 mandates organisations under APRA’s jurisdiction implement an information security management programme to deploy multiple layers of cybersecurity controls such that if one control fails, others limit the impact of a breach – or as we know it in the security industry, defence in depth.
Read MoreThe updated Australian Government Information Security Manual (ISM) was released by the Australian Cyber Security Centre (ACSC) in December 2019. The manual represents the ACSC and ASD’s knowledge of best practice cyber security measures based on their experience in responding to cyber security incidents within Australia.
Read More