APRA Prudential Practice Guide 234: Management of security risk in information and information technology

The Prudential Practice Guide 234: Management of security risk in information and information technology (PPG 234) was written to target areas that APRA in its ongoing supervision activities identified as IT security risk management weaknesses. By APRA’s own words, “while the PPG provides guidance for safeguarding IT assets, it does not seek to be an all-encompassing framework.” The PPG does not cover all aspects of IT security risk management, nor does it go into the depth required to establish an efficient and effective IT security risk management function.