APRA's CPS 234 regulation section 56 states:
An APRA-regulated entity would typically deploy appropriate information security technology solutions which maintain the security of information assets. Examples include firewalls, network access control, intrusion detection/prevention devices, anti-malware, encryption and monitoring/log analysis tools. The degree of reliance placed on technology solutions for information security could necessitate a heightened set of lifecycle controls, including but not limited to:
...
"detection techniques deployed which provide an alert if information security-specific technology solutions are not working as designed."
Is this possible? If so, can I get a couple of examples?