ASIC issues cyber resilience report

On 19 March 2015 ASIC released Report 429: Cyber resilience: Health check¹ (Report 429). 

ASIC defines cyber resilience as the ability to prepare for, respond to and recover from a cyber attack. In Report 429, ASIC recommends that businesses manage their cyber security by ensuring they are able to adapt to change, reduce exposure to risks, and learn from incidents when they occur.

Report 429 recommends that businesses consider using the US National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity² (NIST Cybersecurity Framework) to assess and mitigate their cyber risks as well as a way to stocktake their cyber risk management practices.

Report 429 provides insight into how to:

1. identify a business's most critical intellectual property and assets,
2. develop and implement procedures to protect those assets,
3. put in place technology, procedures and resources to detect a cybersecurity breach, and
4. put in place procedures to both respond to and recover from a breach, if and when a breach occurs.

Further information can be found from ASIC here.³

This article is part of a series on Global Money and Payment Services Privacy and Security Issues.

Endnotes

1. Report 429: Cyber resilience: Health check.
2. US National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity.
3. REP 429 Cyber resilience: Health check.