💼 78 In order to systematically test information security controls, an APRA-regulated entity would normally outline the population of information security controls across the regulated entity, including any group of which it is a part, and maintain a program of testing which validates the design and operating effectiveness of controls over time. Additional testing could be triggered by changes to vulnerabilities/threats, information assets or the threat landscape
- Contextual name: 💼 78 In order to systematically test information security controls, an APRA-regulated entity would normally outline the population of information security controls across the regulated entity, including any group of which it is a part, and maintain a program of testing which validates the design and operating effectiveness of controls over time. Additional testing could be triggered by changes to vulnerabilities/threats, information assets or the threat landscape
- ID:
/frameworks/apra-cpg-234/31/78 - Located in: 💼 31 Testing control effectiveness - Systematic testing program
Description​
Empty...
Similar​
- Internal
- ID:
dec-c-100abc49
- ID:
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|