Make use of APRA CPS 234
Conclusion: Australian financial organisations have been bombarding their suppliers and partners with requests to complete security assessments. If servicing or dealing with financial organisations is part of the operational model for the organisation, this has probably already happened or is about to happen.
Those financial bodies are being driven by an Australian Prudential Regulation Authority (APRA) issued prudential standard CPS 234 (Cross-industry Prudential Standard). This document lays out how a financial body should manage its cyber security with particular emphasis on extending that management to parties that support or supply the financial body.
These assessments can be tedious and raise concerns about cyber security maturity within the organisation. On the other hand, they bring a clear high-level focus on areas that all organisations should either be covering or working towards covering. This makes CPS 234 a valuable reference for senior executives building a cyber security program.
About The Advisor
Peter Sandilands is an IBRS advisor who specialises in cyber security, risk and compliance. Peter has over 40 years’ experience in the IT industry with the last 20 years focused on security. He has spoken at conferences and industry briefings across Asia Pacific. Peter was instrumental in the introduction of Check Point Software to Australia, leading the operation for five years. Prior to that Peter was a key strategist in the broadening of Novell’s market across Asia Pacific. Since then he has spent nearly 10 years working for large Australian companies in banking, mining and transport delivering security strategy, security architecture and compliance assessments. Peter has also assisted overseas security vendors enter the Australian market with a focus on the strategic use of the products. As a casual academic at UTS for over 20 years, Peter lectured in network security, Cloud security and networking technologies. With his experience across vendors, channel and business, Peter brings a pragmatic approach to implementing and assessing cyber security. Peter has a Master's of Cyber Security from Charles Sturt University.