💼 56 An APRA-regulated entity would typically deploy appropriate information security technology solutions which maintain the security of information assets. Examples include firewalls, network access control, intrusion detection/prevention devices, anti-malware, encryption and monitoring/log analysis tools. The degree of reliance placed on technology solutions for information security could necessitate a heightened set of lifecycle controls, including but not limited to:

Contextual name: 💼 56 An APRA-regulated entity would typically deploy appropriate information security technology solutions which maintain the security of information assets. Examples include firewalls, network access control, intrusion detection/prevention devices, anti-malware, encryption and monitoring/log analysis tools. The degree of reliance placed on technology solutions for information security could necessitate a heightened set of lifecycle controls, including but not limited to:
ID: /frameworks/apra-cpg-234/22/56
Located in: 💼 22 Implementation of controls - Information security technology solutions

Description

Empty...

Section	Sub Sections	Internal Rules	Policies	Flags
💼 56a guidelines outlining when information security-specific technology solutions should be used;
💼 56b standards documenting the detailed objectives and requirements of individual information security-specific technology solutions;
💼 56c authorisation of individuals who can make changes to information security-specific technology solutions. This would typically take into account segregation of duties issues;
💼 56d regular assessment of the information security-specific technology solutions configuration, assessing both continued effectiveness as well as identification of any unauthorised access or modification;
💼 56e periodic review of industry practice and benchmarking against peers;
💼 56f detection techniques deployed which provide an alert if information security-specific technology solutions are not working as designed.