Cyber security guidance and support for APRA CPS 234
From one of the first organisations in Australia to achieve ISO 27001:2022
We help APRA-regulated (banking, insurance and superannuation) organisations mature their cyber security in accordance with APRA CPS 234 guidelines
The MyEmpire Group difference
"We’re big enough to support all manner of businesses, from ma and pa’s to enterprise, but small enough to still obsess over detail."
We don’t obsess over detail to the point of paralysis, but we do take great pride in delivering exceptional work. And it’s not just because we get a thrill receiving elated client feedback, although that’s something we all share in common. Primarily it’s because we genuinely care about building cyber security systems that protect businesses. That means really learning your business and your people so we can develop a cyber security strategy suited to you, not a close-enough template pulled from a file. That’s what makes us different; we only feel satisfied when we know a job’s been done right.
Our People
Our cyber security specialists are a mixture of seasoned veterans, many with 30+ years’ experience in IT, management and security. We also have young faces on the team, our rising stars–those whose talents we recognised early and chose to invest in.
Beyond being experts in their fields, our people share a few things in common, a result of how we hire. Prior to any skills being tested in an interview, we look for personable people. Authentic, honest people who are passionate about their field and good communicators. In other words, we look for people who light up when they talk about their line of work. People whose passion is contagious. Only candidates who meet this criteria are taken through the typical interview steps where we probe skills and work history.
Leadership Team
Alex Woerndle
HEAD OF OPERATIONS
(CO-FOUNDER & DIRECTOR)
Alex is an experienced director, IT consultant and infosec professional. He provides security management and leadership to a range of organisations from start-ups through to governments and ASX50 listed enterprises. He has also served over 10 years in voluntary roles as a Non-Executive Director of the Australian Information Security Association,.au Domain Administration Ltd and the Australian Conservation Foundation’s Finance, Audit and Risk Committee.
Carl Woerndle
HEAD OF SALES AND MARKETING
(CO-FOUNDER & DIRECTOR)
Carl has more than three decades’ experience in IT, security and business leadership. Prior to MyEmpire Group, he and Alex built DistributeIT which held approx. 10% market share of .com.au domains. As well as a business owner and manager, Carl has worked as a Cyber Security Advisor consultant for Deloitte. He is a regular keynote speaker on cyber security.
Chris Self
HEAD OF SERVICE DELIVERY
Chris is a highly experienced information security principal. He has worked as a senior cyber security consultant for KPMG, CQR Consulting (now part of CyberCX) and Deloitte. Prior to starting with MyEmpire Group, he was the Information Security Manager at Adelaide Airport where he led a full rebuild of the airport’s cyber security processes and infrastructure. Chris holds a master’s in information systems security and a number of information security certifications, including CISSP and CRISC.
Talk to a Cyber Security Specialist
Let us help mature your cyber security while ensuring you meet your APRA obligations.
We have cyber security consultants on our team who are experts on APRA CPS 234 and the responsibilities of APRA-regulated organisations.
Improve your organisation's risk posture
We help organisations improve their risk posture from the top down. We provide everything from cyber security strategy and roadmaps to support with implementation and maintenance. And we provide it all while staying within APRA’s guidelines.
Protect data managed by your business and third parties
We help businesses mature their end-to-end information security capability so they can better protect data and systems managed by their organisation and the third parties they work with.
Your cyber security team on standby
We have the capacity and expertise to handle all your cyber security needs, whether it be for a short run or ongoing. We can also communicate what’s being done with your managed IT services provider to ensure everything works seamlessly and aligns with APRA CPS 234.
Talk to a cyber expert today
What is APRA CPS 234?
APRA CPS 234 provides APRA-regulated entities with guidance on defence against information security incidents, including cyber attacks.
The material, produced by APRA, provides guidance to boards/senior management, risk management, and information security specialists from APRA-regulated businesses about best practices for maturing their information systems and cyber security.
APRA’s prudential framework explained
APRA regulates Australia’s banking, insurance and superannuation industry. While each industry has specific standards and guidelines, all APRA-regulated organisations have a prudential framework made up of three pillars:
Prudential Standards: These outline APRA’s requirements related to capital, governance and risk management that are legally binding.
Prudential Guidelines: These provide directions and steps APRA-regulated businesses can take in order to comply with the prudential standards.
Reporting Standards: These dictate what data regulated organisations need to report to APRA and when to provide it.
Objectives and key requirements of APRA CPS 234
APRA’s CPS 234 Information Security Prudential Standard aims to ensure APRA-regulated entities take measures to be resilient against information security incidents, including cyber-attacks.
The key requirements are that an APRA-regulated entity must:
- Clearly define the information security-related roles and responsibilities of the Board, senior management, governing bodies and individuals
- Maintain an information security capability commensurate with the size and extent of threats to its information assets, and which enables the continued sound operation of the entity
- Implement controls to protect its information assets commensurate with the criticality and sensitivity of those information assets, and undertake systematic testing and assurance regarding the effectiveness of those controls; and
- Notify APRA of material information security incidents.