fbpx

ASIC Health Check

Cyber security is fundamentally important for all organisations and cyber attacks are a major risk for its regulated population.

ASIC States the Importance of Cyber Security

ASIC (Australian Securities and Investments Commission) is Australia’s corporate, markets and financial services regulator and ensures that Australia has a sound financial market.

ASIC has stated that cyber security is fundamentally important for all organisations and cyber-attacks are a major risk for its regulated population. This is demonstrated by research that shows that over 60% of customers would stop using a company’s products or services if a cyber-attack resulted in a known security breach.

Requirements for Regulated Entities

ASIC has produced Report 429 to assist organisations with improving their cyber resilience. The report draws on the lessons learned in the Australian market and from other information security standards such as the NIST Cybersecurity Framework.

Report 429 contains 26 “Health Check Prompts” that every organisation should ask itself to assess its level of cyber resilience. Some examples of health check prompts are:

  • Have you considered assessing your organisation against the NIST Cybersecurity Framework?
  • What information or business assets are essential to your organisation?
  • Have you considered if you have monitoring processes and procedures to detect a cyber attack?

Organisations also need to consider implementing the 14 action points to ensure they are prepared for cyber threats and can respond appropriately if an incident occurs. Example action points are:

  • Actively monitor trends in cyber risks and adapt to new cyber risks as they arise.
  • Use a CREST Australia approved member organisation to help you test your existing IT systems, processes and procedures to ensure that they respond will to cyber risks.
  • Mitigate cyber risks by, at a minimum, implementing ASD’s four highest-ranking mitigation strategies.

How Security Centric Can Help

Security Centric has consultants that help your organisation address the issues described in Report 429 and assist with gaining compliance with other information security frameworks including ISO27k, PCI DSS, ASD’s Information Security Manual and the Privacy Act.