On 19 March 2015 ASIC released Report 429: Cyber resilience: Health check1 (Report 429).
ASIC defines cyber resilience as the ability to prepare for, respond to and recover from a cyber attack. In Report 429, ASIC recommends that businesses manage their cyber security by ensuring they are able to adapt to change, reduce exposure to risks, and learn from incidents when they occur.
Report 429 recommends that businesses consider using the US National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity2 (NIST Cybersecurity Framework) to assess and mitigate their cyber risks as well as a way to stocktake their cyber risk management practices.
Report 429 provides insight into how to:
- identify a business's most critical intellectual property and assets,
- develop and implement procedures to protect those assets,
- put in place technology, procedures and resources to detect a cybersecurity breach, and
- put in place procedures to both respond to and recover from a breach, if and when a breach occurs.
Further information can be found from ASIC here.3