SOC 2® reporting solves the issue of how a business leader can trust that a service provider is taking its obligations seriously by conducting a SOC 2® Type 1 and Type 2 report to evaluate data protection systems and procedures.
Australian Cyber Security Centre’s (ACSC) Strategy to Mitigate Cyber Security Incidents provides a prioritised list of mitigation strategies to assist organisations in protecting their systems and their crown jewels against a range of adversaries. The mitigation strategies advised by ACSC vary and can be customised based on the risk profile, the industry sector and the adversaries the organisation is most concerned with.
The Council of Financial Regulators (CFR) released a framework in December 2020 that
is used to build red team scenarios to test the level of Australian financial services industry’s cyber resilience.
The Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework is a pilot programme of exercises that will mimic the Tactics, Techniques and Procedures (TTPs) of real-life adversaries, creating and utilising tools, and using techniques that may not have been anticipated and planned for. Read more to understand how the CORIE framework could help Financial Institutions (FI) stay competitive and secure by leveraging an unbiased view, and by third-party providers mimicking real-world Advanced Persistent Threats (APTs).
A new framework by the Council of Financial Regulators requires APRA-regulated financial institutions to attack themselves in a bid to uplift their cyber preparedness, as APRA orders urgent audits against CPS 234.
The #CORIE framework that has been launched will require banks, super funds and other financial institutions to organize independent red team attack simulations.
The Payment Card Industry Data Security Standard (PCI DSS) is mandated by the major payment brands (MasterCard, Visa, Amex, JCB and Discover) for organisations that handle payment card data. The PCI DSS defines the minimum security controls needed to protect cardholder data. If you process, store, or transmit payment card data, you are required to comply with PCI DSS. Merchants that accept payment via debit or credit cards and service providers that process payment card data are required to comply with the standard.
Achieving ISO 27001 certification does not guarantee your organisation will never experience security incidents ever again. Nor can anyone realistically claim that the standard is perfect and it can absolutely be trusted. Despite the negativity, obtaining certification does offer several significant benefits that cannot be denied. Often touted benefits of an Information Security Management System (ISMS) that is implemented correctly and follows the spirit of the standard are:
Early last March at the ‘Data Privacy Matters’ meetup, I had the privilege of moderating a panel segment addressing the NDB Amendment & GDPR’s Impact on Australian Businesses. The panellists were Patrick Gunning, (Law Partner from King & Wood Mallesons), Fergus Brooks, (Cyber Risk National Practice Leader, at Aon Australia) and Romain Rallu, (CEO at Privasec, an independent Security firm). We spent the night discussing the applicability of the Privacy Act, being prepared for this new privacy legislation, the ramifications of ignoring the them, and exploring what is covered by insurance when it comes to Data Breaches.