In this episode, Michael Fraser, Senior Governance, Risk and Compliance Consultant discusses everything APRA regulated entities need to know about CPS 234.
APRA has issued mandatory information security regulations under prudential standard CPS 234. The main objective of the standard is to minimise both the likelihood and the impact of information security incidents on information assets. Importantly, this includes assets managed by related parties or third parties.
- What is CPS 234: 0:32
- Step 1: Aligning CPS 234 with your overall Information Security Strategy - 4:22
- Step 2: Ensuring you have good governance and communicating roles and responsibilities – 8:04
- Step 3: Information asset identification and classification – 9:00
- CPG 235 – 12:06
- Step 4: IS Capability; Implementation, testing and monitoring of controls - 13:16
- Step 5: Incident management – 15:55
- Summary – 18:31