Dimensioning security capability under APRA CPS 234 planning
Speaker: Denny Wan, Cyber Security Risk Expert & FAIR Sydney Chapter Chair
In November 2018, the Australian Prudential Regulation Authority (APRA) released Prudential Standard CPS 234 making the board of regulated entities accountable for ensuring the adequacy and sustainability of their information security program.
Denny will provide an overview on applying the FAIR framework as part of the CPS 234 readiness program.
Denny Wan is the principal consultant of Security Express and a postgraduate researcher at the Optus Macquarie University Cyber Security Hub. He has deep expertise in cyber risk quantification. His research focuses on applying cyber insurance concepts to supply chain risk management. He is the chair of the Sydney Chapter for the Open Group FAIR cyber risk framework.
Panel Session: Information Security compliance for APRA regulated organisations - “Uncovering the true dollar value on Risk”
Over the years, risk professionals have been at odds to determine the true, real dollar value of Risk, or to even settle on a common framework or definition of Risk. Risk professionals largely follow a qualitative approach to identifying, measuring and communicating Risk, the time is now for organisations, risk and cyber professionals to shift from “gut feel / amber red” qualitative assessment to a quantitative risk framework.
Our expert panel will use the upcoming APRA CPS 234 standard as an approach on how APRA governed entities can uncover the true dollar value on Risk. Our panel will also take the opportunity to provide their industry insights on dimensioning security capability under APRA CPS 234 planning.
APRA CPS 234 instructs regulated entities to maintain an information security capability commensurate with the size and extent of threats to its information assets (clause 15) and potential consequences (clause 16).
The dimensioning of the cyber threat is highly subjective and can be hard to explain to others.
The Open Group FAIR Cyber Risk quantification framework provides a structured way to decompose the risk factors and calibrate the measurement methods.
An expert panel will discuss their approach to preparing for CPS 234.
Panel Members:
Leslie Bell Lecturer Macquarie University (FAIR)
Wilson Chiu Head of Security at Police Bank Ltd
Dan Barron EY Cyber Security
Branko Ninkovic AISA Sydney Chair / Dragonfly Technologies
Shamane Tan (Moderator) Cyber Security Advisor - APAC at Privasec
Participants will have the opportunity to ask questions of the panel members at the end of the presentation.
Light refreshments will be served after the presentation.
Register:
AISA members: Please sign in to register for this event
Non AISA Members: If you would like to become an AISA member you can join here
For more information about other AISA events, please visit our website here
Many thanks to our sponsors: