Navigating cybersecurity standards for financial institutions

Share this post:

Learn how to prepare for APRA Security Standard CPS 234

Authors: Chris Hockings, CTO IBM Security A/NZ IBM Global Markets – Cognitive Solutions Unit Industry Platforms & Ruby Li, Associate Partner, IBM Security

From 01 July, 2019 APRA Security Standard CPS 234 will impose new cybersecurity requirements on financial institutions. The standard aims to improve the resiliency of APRA-regulated entities against information security incidents and cyber-attacks by enhancing their ability to counter vulnerabilities and threats.

A major objective of the standard is minimising the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including those managed by related parties or third parties.

Key requirements of the new security standard

APRA-regulated entities are required to demonstrate compliance in:

1. Roles and Responsibilities – Clearly defining the information security-related roles and responsibilities of the Board, senior management, governing bodies and individuals.

2. Information Security – Maintaining an information security capability commensurate with the size and extent of threats to its information assets, and which enables the continued sound operation of the entity.

3. Policy Framework – Maintaining an information security policy framework commensurate with its exposure to vulnerabilities and threats.

4. Information Asset Identification & Classification – identifying & classifying information assets, including those managed by related parties and third parties, by criticality and sensitivity.

5. Controls – Implementing information security controls to protect information assets, including those that are managed by related parties and third parties.

6. Incident management – having robust mechanisms in place to detect and respond to information security incidents in a timely manner.

7. Testing Control Effectiveness – Implementing a systematic testing program to test the effectiveness of information security controls.

8. Internal Audit – Constantly reviewing the design and operating effectiveness of security controls, including those maintained by related parties and third parties.

9. APRA Notification – Notifying APRA as soon as possible of a material security incident within 3 days or within 10 days of detecting a material information security control weakness.

More information about the key requirements of the new security standard can be found here.

How IBM can assist in enhancing your cyber resiliency

IBM can help your financial institution comply with the new standard and benefit from strengthened cybersecurity. Our highly qualified consultants have extensive experience in security delivery with proven methodologies. We focus on delivering security services tailored to your organisation, following IBM Security Framework methodologies and the Cyber Resilience Lifecycle approach.

The ways IBM’s Cyber Resilience Lifecycle can help ensure compliance

Identify – Assess your readiness, process and posture, and then define an action plan.

Protect – Discover your vulnerabilities before they are exploited and put the right protection solutions in place.

Detect – Use advanced analytics to detect attacks coming from outside your enterprise and investigate active threats hiding inside.

Respond – Remediate attack damage by responding effectively with the smartest cyber incident responders and threat intelligence.

IBM can help your enterprise assess its current capabilities against the requirements of the new security standard. We can then provide a gap analysis assessment report. Develop a roadmap to attain compliance, and provide continued assessment and regular testing to help maintain compliance.

APRA Security Standard CPS 234 imposes significant new requirements on financial institutions.  Meeting those standards means your institution will both maintain regulatory compliance and strengthen its cybersecurity. To learn more about how IBM can help, talk to the IBM Cyber Elite today.

Book your consultation.

More Security stories

The AI sommelier making you the wine expert

Standing in front of a wall of wine bottles trying to find something that you’ll like can feel futile. One online wine retailer is using artificial intelligence to help find what you’re looking for.  Author: Alex Braae, Staff Writer of The Spinoff. Originally published on The Spinoff. It can take a lifetime to truly become […]

Continue reading

Harnessing tech to save Australia’s beaches

Author: Dr Adam Makarucha, Data Scientist, IBM Systems Australia is blessed with some of the world’s most beautiful coastline. Our island nation is home to more than 10,000 beaches, ranging from a few dozen metres to hundreds of kilometres long. But increasingly, these iconic locales are slowly disappearing before our eyes. As a Data Scientist […]

Continue reading

Notes from the G20: Healthy Nations, Sustainable Economies

Using innovation and technology to drive health equity and better outcomes for all Author: Dr Terry Sweeney, Managing Director, IBM Watson Health I was delighted to be invited by the Right Honourable Lord Cunningham (UK House of Lords) to speak at the G20 Health and Development Partnership in Japan last week. I want to congratulate […]

Continue reading