Cyber Security for APRA CPS 234
Cyber security guidance and support for APRA CPS 234
We help APRA-regulated (banking, insurance and superannuation) organisations mature their cyber security in accordance with APRA CPS 234 guidelines
Talk to a Cyber Security Specialist
Let us help mature your cyber security while ensuring you meet your APRA obligations.
We have cyber security consultants on our team who are experts on APRA CPS 234 and the responsibilities of APRA-regulated organisations.
Improve your organisation's risk posture
We help organisations improve their risk posture from the top down. We provide everything from cyber security strategy and roadmaps to support with implementation and maintenance. And we provide it all while staying within APRA’s guidelines.
Protect data managed by your business and third parties
Your cyber security team on standby
We have the capacity and expertise to handle all your cyber security needs, whether it be for a short run or ongoing. We can also communicate what’s being done with your managed IT services provider to ensure everything works seamlessly and aligns with APRA CPS 234.
"The biggest benefit to working with MyEmpire Group is having access to cyber expertise on an as-needed basis. We're able to access skills and knowledge across a broad range of [cyber security] areas, and without having to hire in-house."
Jenelle Schultz
Chief Operating Officer, Business Fitness
Talk to a cyber security expert today
What is APRA CPS 234?
APRA CPS 234 provides APRA-regulated entities with guidance on defence against information security incidents, including cyber attacks.
The material, produced by APRA, provides guidance to boards/senior management, risk management, and information security specialists from APRA-regulated businesses about best practices for maturing their information systems and cyber security.
APRA’s prudential framework explained
APRA regulates Australia’s banking, insurance and superannuation industry. While each industry has specific standards and guidelines, all APRA-regulated organisations have a prudential framework made up of three pillars:
Prudential Standards: These outline APRA’s requirements related to capital, governance and risk management that are legally binding.
Prudential Guidelines: These provide directions and steps APRA-regulated businesses can take in order to comply with the prudential standards.
Reporting Standards: These dictate what data regulated organisations need to report to APRA and when to provide it.
Objectives and key requirements of APRA CPS 234
APRA’s CPS 234 Information Security Prudential Standard aims to ensure APRA-regulated entities take measures to be resilient against information security incidents, including cyber-attacks.
The key requirements are that an APRA-regulated entity must:
- Clearly define the information security-related roles and responsibilities of the Board, senior management, governing bodies and individuals
- Maintain an information security capability commensurate with the size and extent of threats to its information assets, and which enables the continued sound operation of the entity
- Implement controls to protect its information assets commensurate with the criticality and sensitivity of those information assets, and undertake systematic testing and assurance regarding the effectiveness of those controls; and
- Notify APRA of material information security incidents.