Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CPG 234 Report

by Stephanie Dunn
November 28, 2016

CPG 234 Report Screenshot

Regulated institutions can be subject to a variety of statutory requirements that can vary in size, complexity, and risk. Not having an effective IT security risk management programme in place can result in the compromise of critical network assets and/or data, and can severely impact an organisation’s long-term growth and survival. The Australian Prudential Regulation Authority (APRA) and the associated Prudential Practice Guides (PPG) aim to assist regulated institutions by outlining prudent practices that can aid in managing security risks within specific elements of their business. This report has been developed to assist organisations with managing security risks and safeguard network assets, while achieving business objectives.

The APRA developed a series of PPGs specifically designed to address specific compliance requirements for regulated institutions. The CPG 234 - Management of Security Risk in Information and Information Technology PPG guide was developed to provide guidance for management and IT security specialists in identifying, targeting, and managing IT security risks.

This report provides valuable information for regulated institutions in the management of existing security risks, and can assist management and security teams on ways to safeguard network assets and data. Monitoring inbound and outbound network traffic may reveal malicious activity, suspicious connections, and compromised hosts. Analysts will be able to track and prevent unmanaged mobile devices from connecting to the network. Group membership changes can highlight rogue accounts, along with existing accounts that may have unnecessary privileges. 

Vulnerabilities and compliance concerns can assist in detecting misconfigurations on security devices such as firewalls, intrusion detection/prevention devices, and anti-virus clients. The elements within this report can be modified to provide additional focus on potential areas of concern to identify suspicious activity across the enterprise. Using the information provided within this report, organisations will be able to institute a continuous process that will help to improve their overall security posture. 

This report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessment. The report requirements are:

  • Tenable.sc 5.3.1
  • Nessus 8.5.1
  • NNM 5.9.0
  • LCE 6.0.0

Tenable Network Security transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect the organisation. Tenable.sc is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audit files. Active scanning examines running systems and services, detects vulnerable software applications, and analyses configuration settings. Passive listening collects data to continuously monitor traffic, collect information about user privilege changes, and administrative activity, along with the discovery of additional vulnerabilities. Monitoring the network to ensure that all systems are secured against vulnerabilities is essential to ongoing security efforts. Tenable enables powerful, yet non-disruptive, continuous monitoring that will enable organisations with the information needed to proactively respond to threats within the enterprise.

The following chapters are included in this report:

  • Executive Summary: The Executive Summary chapter includes a comprehensive summary of data presented within the report. The information summarized in this chapter aligns with the CPG 234 - Management of Security Risk in Information and Information Technology PPG guide. Elements in this chapter provide valuable information that organisations can use to better defend against attacks, and continuously protect critical assets, data, and infrastructure.
  • Overarching Framework: Information presented within this chapter aligns with the “An overarching framework” chapter in the CPG 234 guide. This data will highlight both inbound and outbound threatlist trend activity, potentially unknown assets and devices, and risk remediation opportunities. Using this information, organisations will be able to reduce risks associated with unauthorised devices and malicious activity on the network.
  • Access Control: Information presented within this chapter aligns with the “Access control” chapter in the CPG 234 - Management of Security Risk in Information and Information Technology PPG guide, which highlights the importance of defence-in-depth controls, detection of unknown assets, monitoring group membership changes, and prevention of data leakage. Elements in this chapter can help organisations monitor for unauthorised account changes, group membership updates, and possible data leakage activity within the network.
  • IT Asset Life-Cycle Management Controls: This chapter aligns with the “IT asset life-cycle management controls” chapter inside the PPG CPG 234 guide. Information presented inside this chapter summarizes the need to implement patch management controls and remediating vulnerabilities in a timely manner. Security solutions such as firewalls, detection/prevention devices, and anti-malware solutions are also addressed, which can assist security teams with assessing the effectiveness of these devices and services. Additionally, systems using outdated operating systems or software applications that need to be upgraded are also included in this chapter.
  • Monitoring and Incident Management: The Monitoring and Incident Management chapter will present a summary of detected events and the status of logs collected from LCE clients or systems where syslogs are collected. These elements can be modified to detect unusual patterns of behaviour, monitor unauthorised activity, and help to ensure consistent and reliable logging of critical data. Analysts can use this information to obtain a real-time look at existing network events, which can help to ensure an accurate and complete audit trail.
  • Change Management: This chapter presents valuable information that can be used by analysts to identify suspicious login events that have occurred on the network. These elements can help to identify activity such as login attempts using invalid or unknown user accounts, brute force attacks, and login attempts using an invalid password.
  • Cryptographic Techniques: This chapter presents an overview of both encryption and cryptographic-based compliance concerns that have been discovered on the network. Analysts can use the information within this table to focus on systems using weak hashing algorithms, keys, or insecure encryption ciphers. Security teams should review the data to determine the risks are applicable to the organisation.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training