CSOs may benefit as CPS 234 tasks boards with financial-services cybersecurity

Boards can no longer ignore or delegate information security issues – and they’re responsible for partners’ security too

Financial institutions will be expected to exhaustively evaluate the information-security practices of strategic partners and service providers from July 1, as new CPS234 regulations take effect in a process that will light a fire under industry compliance efforts – and threaten banks with fines if they don’t stop cyberattacks.

With just days to go until the deadline, the Australian Prudential Regulatory Agency (APRA) this week responded to submissions around the Prudential Standard CPS 234 Information Security (CPS234).

“APRA expects that a regulated entity will assess the information security capability of all third parties that manage information assets on its behalf,” the regulator advised, “commensurate with the potential consequences of an information security incident affecting those assets.”

Register or Login to continue

This article is only available for subscribers. Sign up now for free and get free access to premium content from ARN, CIO, CSO, CMO, Computerworld, and PC World.

[[ message ]]
[[ message ]]
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags cyberattackscybersecurity

More about ANZAPACAustraliaCSOIllumioPrudentialTenableTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts