Entire section Custom print Link Text Only Rich Text Print
  Versions

 

CRA-5.8.13A

Licensees must conduct periodic assessments of cyber threats. For the purpose of analysing and assessing current cyber threats relevant to the licensee, it should take into account the factors detailed below:

(a) Cyber threat entities including cyber criminals, cyber activists, insider threats;
(b) Methodologies and attack vectors across various technologies including cloud, email, websites, third parties, physical access, or others as relevant;
(c) Changes in the frequency, variety, and severity of cyber threats relevant to the region;
(d) Dark web surveillance to identify any plot for cyber attacks;
(e) Examples of cyber threats from past cyber-attacks on the licensee where applicable; and
(f) Examples of cyber threats from recent cyber-attacks on other organisations.
Added: April 2023