0

APRA's CPS 234 regulation section 56 states:

An APRA-regulated entity would typically deploy appropriate information security technology solutions which maintain the security of information assets. Examples include firewalls, network access control, intrusion detection/prevention devices, anti-malware, encryption and monitoring/log analysis tools. The degree of reliance placed on technology solutions for information security could necessitate a heightened set of lifecycle controls, including but not limited to:

...

"detection techniques deployed which provide an alert if information security-specific technology solutions are not working as designed."

Is this possible? If so, can I get a couple of examples?

Improve this question
2
  • 1
    Send some traffic which should be detected and check that it gets detected. This can be a specific but harmless network packet, like the EICAR test signature, which is commonly used to check basic functionality of an antivirus.
    – Steffen Ullrich
    Commented Mar 23, 2021 at 17:23
  • 1
    The full text provides some much-required context. Yes, tools can send an alert when they are having an operational problem ... almost every device can send an alert when certain things go wrong.
    – schroeder
    Commented Mar 23, 2021 at 19:19

1 Answer 1

Reset to default
-1

None of these security devices you have listed have subsystems that can report on the integrity or availability of themselves. You will need to use an external piece of software to monitor your security devices.

Improve this answer
2
  • ... and a monitor to monitor the monitor...
    – ThoriumBR
    Commented Mar 23, 2021 at 19:50
  • 1
    You are assuming that the regs are asking the devices to report on their own integrity and quality of function. As I said in my comment, every system will have some alert on whether or not they are functioning. Disk space, loss of network, dropped packets, etc.
    – schroeder
    Commented Mar 23, 2021 at 20:31

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .