February 5, 2010
APRA has released what they dub as a “prudential practice guide” – “on the management of security risk in information and information technology (IT) by institutions supervised by APRA”. Press release and document here.
It will be interesting to see how the “guideline” adoption will go. Similar to the Monetary Authority of Singapore’s “Internet Banking and Technology Risk Management Guidelines“, but a decade behind, and packing what seems to be no real regulatory push nor enforcement like that in Singapore.
———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.
It will be piled on top of all the other guidelines ADIs should look at
‘a decade behind’ says it perfectly. If there is no muscle behind this, it’s simply a nothing document in the scheme of there being hundreds of such guides out there. APRA is a weak regulator around infosec and always has been.
Totally true. If this does anything, I will be surprised! I would love to be proven wrong but APRA won’t do that. They are a decade behind as mentioned, from their peers.
Love to know their credentials…..does it matter….