APRA CPS 234 Assessment
Answer a short questionnaire to get a quick posture score.
Are there specific individuals or teams (e.g., CISO, SecOps) formally assigned to manage security?
Is there a budget and headcount allocated for security tools, personnel, and training?
Is security a regular topic at board meetings, with clear metrics and risk reporting?
Do you have technical and procedural controls like MFA, firewalls, encryption, and access reviews in place?
Is there a scheduled process (e.g., quarterly, annually) to assess and update security controls?
Do you perform vulnerability scans, penetration tests, or red team exercises?
Has a third party (e.g., an external auditor) reviewed your security controls within the last 12-18 months?
Please answer all questions to calculate your score.