Comparing legislative and compliance security frameworks, you will see a definite synergy in what they suggest is important to security monitoring. Interestingly, their focus isn’t on collecting every piece of information and security-related event, then trying to figure out what to do with it. What you need to do is understand the value of specific log sources in your ability to detect threats, then tune them to make sure you get the optimum flow of information from them.
Read MoreOn the 1st July 2019, the Australian Prudential Regulatory Authority (APRA) Prudential Standard CPS 234 came into effect. APRA CPS 234 mandates organisations under APRA’s jurisdiction implement an information security management programme to deploy multiple layers of cybersecurity controls such that if one control fails, others limit the impact of a breach – or as we know it in the security industry, defence in depth.
Read MoreThe updated Australian Government Information Security Manual (ISM) was released by the Australian Cyber Security Centre (ACSC) in December 2019. The manual represents the ACSC and ASD’s knowledge of best practice cyber security measures based on their experience in responding to cyber security incidents within Australia.
Read MoreBelieve it or not, a year has passed since the EU’s General Data Protection Regulation (GDPR) became law. Over that year, the impact of the legislation has spurred countries around the world to review their own privacy laws to enforce an equitable tightening up of their own data protection approach; but how effective has this year been in terms of making our personal data less at risk of being stolen and sold on the black market?
Read MoreThe Office of the Australian Information Commissioner’s fourth quarterly report shows an increase in the percentage of attacks attributed to malicious or criminal activity, as well as a continuing trend of growth in the overall number of attacks.
Read MoreThe Office of the Australian Information Commissioner (OAIC) – Australia’s statutory agency for privacy and freedom of information – has released its third quarterly report on Australia’s Notifiable Data Breach scheme. It shows 245 reported data breaches between July and September, a number which correlate closely with the previous quarter.
Read MoreLearn how privacy and security considerations could be ignored in the rush to open banking.
Read MoreThere are always regulatory changes and challenges in the financial sector; rapid changes in technology, social habits and political environments all affect the ways in which we bank, how we manage our money and the way in which banking services are provided. One of these is PSD2.
Read MoreRegulatory demands around how security incidents are handled are increasing in several areas. One of the main, and most pressing (oppressing?) sets of requirements comes from GDPR, but PSD2 also has a set of standards.
Read MorePSD2 – The second EU Payment Services Directive – is set to open up and expand the range of financial services offerings and organisation types way beyond the traditional banks. As a directive the payment services rules are defined by the EU but must be implemented by member states in either local legislation or regulations.
Read More