💼 39 An APRA-regulated entity would typically ensure that existing and emerging information security vulnerabilities and threats pertaining to critical and sensitive information assets are identified, assessed and remediated in a timely manner. This includes information assets which are not critical or sensitive but could expose those information assets that are critical or sensitive.

• Contextual name: 💼 39 An APRA-regulated entity would typically ensure that existing and emerging information security vulnerabilities and threats pertaining to critical and sensitive information assets are identified, assessed and remediated in a timely manner. This includes information assets which are not critical or sensitive but could expose those information assets that are critical or sensitive.
• ID: /frameworks/apra-cpg-234/14/39
• Located in: 💼 14 Implementation of controls - Vulnerabilities and threats are identified, assessed and remediated

Description

Empty...

Similar

• Internal
  • ID: dec-c-f470d8d6

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 39a implement mechanisms that access and analyse timely threat intelligence regarding vulnerabilities, threats, methods of attack and countermeasures;		11	11
💼 39b engage with stakeholders (including Government, industry participants and customers) regarding threats and countermeasures, as appropriate
💼 39c develop tactical and strategic remediation activities for the control environment (prevention, detection and response) commensurate with the threat;
💼 39d implement mechanisms to disrupt the various phases of an attack. Example phases include reconnaissance, vulnerability exploitation, malware installation, privilege escalation, and unauthorised access		11	11