Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Understand the legislative framework in which the business exists (eg does the Mandatory Data Breach legislation apply to you, are you a financial organisation and need to follow APRA regulations).

    • Keep up to date with the legislative frameworks, eg a new policy from APRA released in June 2024 around Backups).

  • Understand the risk appetite of your business (this will probably evolve over the course of doing the assurance process).

  • Conduct a risk assessment (either formally or just as you are going through the assurance process).

  • Understand or create a cybersecurity strategy - it could be as simple as “we need to be better at cybersecurity” or a full document that states goals, objectives, steps, and priorities).

  • Understand the controls required - you may need some help with this. Like what exactly is Application Control?

  • Understand the scope of the controls within the business - eg is it just the Administrative side of the business to tackle first, or is there Manufacturing, or other areas of the business that needs to be addressed later.

  • Implement the controls as outlined in the Assurance level you are wanting to achieve.

  • Document the controls put in place.

  • Monitor, measure, and audit the controls regularly.

  • Rinse and Repeat.

Contents

Child pages (Children Display)
depth2
allChildrentrue
style
sortAndReverse
excerptTyperich content
first0