The Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework is a pilot programme of exercises that will mimic the Tactics, Techniques and Procedures (TTPs) of real-life adversaries, creating and utilising tools, and using techniques that may not have been anticipated and planned for. Also known as red team exercises, these help Financial Institutions(FI) stay competitive and secure by leveraging an unbiased view, and by third-party providers mimicking real-world Advanced Persistent Threats (APTs).
A new framework by the Council of Financial Regulators requires APRA-regulated financial institutions to attack themselves in a bid to uplift their cyber preparedness, as APRA orders urgent audits against CPS 234.
The #CORIE framework that has been launched will require banks, super funds and other financial institutions to organize independent red team attack simulations.
The Payment Card Industry Data Security Standard (PCI DSS) is mandated by the major payment brands (MasterCard, Visa, Amex, JCB and Discover) for organisations that handle payment card data. The PCI DSS defines the minimum security controls needed to protect cardholder data. If you process, store, or transmit payment card data, you are required to comply with PCI DSS. Merchants that accept payment via debit or credit cards and service providers that process payment card data are required to comply with the standard.
Achieving ISO 27001 certification does not guarantee your organisation will never experience security incidents ever again. Nor can anyone realistically claim that the standard is perfect and it can absolutely be trusted. Despite the negativity, obtaining certification does offer several significant benefits that cannot be denied. Often touted benefits of an Information Security Management System (ISMS) that is implemented correctly and follows the spirit of the standard are:
Early last March at the ‘Data Privacy Matters’ meetup, I had the privilege of moderating a panel segment addressing the NDB Amendment & GDPR’s Impact on Australian Businesses. The panellists were Patrick Gunning, (Law Partner from King & Wood Mallesons), Fergus Brooks, (Cyber Risk National Practice Leader, at Aon Australia) and Romain Rallu, (CEO at Privasec, an independent Security firm). We spent the night discussing the applicability of the Privacy Act, being prepared for this new privacy legislation, the ramifications of ignoring the them, and exploring what is covered by insurance when it comes to Data Breaches.