Part 1  - Presentation: APRA CPS 234 - Where are we now?

In November 2018, the Australian Prudential Regulation Authority (APRA) released Prudential Standard CPS 234 which comes into force on 1st July 2019. This presentation reviews the state of compliance and lessons learnt thus far – where are we now?

The presentation begins with an overview of the CPS 234, highlights the 2019 updates to CPG 234, which is the Prudential Practice Guide supporting the implementation of CPS 234. The presentation also provides insights into what organisations have achieved to-date with their compliance journey with a special focus on measuring the business value of these security controls, giving substance to the statement that “cyber risk is a business problem” and not a cliché.

Speaker: Denny Wan, Security Express

Denny believes security cultural change is the only sustainable way to improve resilience in cyber security. He explains the value of security controls in terms of business impact measured in financial terms using the Open Group FAIR cyber risk quantification framework. He is the founder and the chair of the FAIR Institute Sydney Chapter. 

This approach enables users to understand and embrace the business benefits of these controls to them. CPS 234 demands the business, from the board level, to ensure security capabilities commensurate with the threats. FAIR is the perfect business language to express these understandings. Moreover, He is a researcher at the Optus Macquarie University Cyber Security Hub. His research is to develop a new risk language for information-dense supply chains such as financial services. This language can be used to explain the business value of security controls anywhere along the chain to any stakeholders. This level of understanding incentivises and cultivates the right security culture to deliver sustainable cyber security protections.

Denny has published over 30 articles in LinkedIn and the Australian Cyber Security Magazine and a frequent speaker and presenters on these subjects.

Part 2  - Panel Discussion: CPS 234 Compliance - lessons learnt

APRA CPS 234 has come into force on 1st July, making company boards responsible for ensuring the their information security capabilities commensurate with the threat. This signals a paradigm shift in managing cyber risk as a business problem. Materiality consideration and 3rd party supplier management have been identified as key challenges in the compliance process. The panel will reflect on lessons learnt in their CPS 234 journey session, its impact on organisational security culture and 3rd party suppliers management process. There will not be discussion on specific CPS 234 implementations in their organisations.

Panel Members: 

• Denny Wan – Principal Consultant, Security Express (moderator)
• Jessica Meldrum -  Executive Manager, Cyber Risk
• Joseph Dalessandro - Group Audit, Australian Unity
• Kerry McGoldrick - Partner Risk and Assurance, ShineWing Australia
• Wilson Chiu - Head of Security at Police Bank Ltd

At the end of the presentation, there will be an opportunity for participants to ask questions via the chat box to the panel members.

Register:

This webinar is free and only available to AISA Members, please click here to register online
Non AISA Members: If you would like to become an AISA member you can join here

For any queries regarding this event, please email [email protected] or visit our website www.aisa.org.au

 Time Zones:

•  1:00pm - 2:00pm Australia Eastern Time (Brisbane, Canberra, Melbourne & Sydney, GMT+10:00)
• 12:30pm - 1:30pm Australia Central Time (Adelaide & Darwin, GMT+9:30)
• 11:00am - 12:00pm Australia Western Time (Perth, GMT+08:00)

Participate in the webinar:

• Once you have registered you will receive a confirmation email with the webinar registration link. Use this link and ensure you logon to the webinar at least 10 minutes prior to the start time
• You will require a strong and stable internet connection
• It is recommended you use a headset or headphones so you can hear the presentation
• A recording of the live session will be available for registrants after the event