💼 2 An APRA-regulated entity would regularly educate users, including both internal staff and contractors, as to their responsibilities regarding securing information assets. Common areas covered would typically include:

• Contextual name: 💼 2 An APRA-regulated entity would regularly educate users, including both internal staff and contractors, as to their responsibilities regarding securing information assets. Common areas covered would typically include:
• ID: /frameworks/apra-cpg-234/b/2
• Located in: 💼 Attachment B - Training and awareness

Description

Empty...

Similar

• Internal
  • ID: dec-c-9ce8bc7d

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 a. personal versus corporate use of information assets;
💼 b. email usage, internet usage (including social networking) and malwareprotection;
💼 c. physical protection, remote computing and usage of mobile devices;
💼 d. awareness of common attack techniques targeted at personnel and facilities (e.g. social engineering, tailgating);
💼 e. access controls, including standards relating to passwords and other authentication requirements;
💼 f. responsibilities with respect to any end-user developed/configured software (including spreadsheets, databases and office automation);
💼 g. expectations of staff where bring-your-own-device is an option;
💼 h. handling of sensitive data;
💼 i. reporting of information security incidents and concerns.