Diagnostic gap analysis review, Organisations need to work towards understanding their requirements by identifying key potential gaps and weaknesses in their current processes and identifying key capabilities that are at risk and also may expose critical data assets to malicious parties.
•. Risk treatment. Once gaps are identified, a pragmatic and risk-based plan must be developed to address them in the required timeframes of APRA Data breach notification
•. Ongoing monitoring and assurance. Continuous cyber risk monitoring of the organization is required. This allows for assurance to be provided to management, board, and all other key stakeholders.