At the end of 2020, the Council of Financial Regulators (CFR) publicly released a pilot framework for testing the level of cyber resilience within the Australian financial services industry. This framework, known as Cyber Operational Resilience Intelligence-led Exercises (or, “CORIE”), is designed to help test and demonstrate a financial institutions’ level of cyber resilience by mimicking the tactics, techniques and procedures (TTPs) of real-life adversaries and evaluating the ability of an organisation to detect, respond and recover from such attacks.
While this particular scheme is new to Australia, similar schemes have been in operation in overseas jurisdictions for over half a decade.
During this PD session, two cyber security specialists join us to discuss:
- The key elements of the CORIE pilot framework.
- Learnings and insights from experience delivering over 25 regulated Threat Intelligence-led Red Teaming exercises - across multiple sectors - under parallel frameworks across the UK, Europe and Asia.
- Considerations for financial and non-financial industry organisations.
Brett Hayes is a Director within PwC’s Cybersecurity and Digital Trust practice where he co-leads the Offensive Security capability. Brett has over 10 years experience helping organisations to test and uplift their cyber resilience through the delivery of technical cyber services including red teaming, penetration testing, and vulnerability management activities.
Jason Smart is a Director within PwC’s Cybersecurity and Digital Trust practice where he leads the threat intelligence services. Prior to working at PwC AU, he ran the threat intelligence function at PwC UK, as well as working on incident response engagements across Europe and the America’s. He previously worked for endpoint detection company Crowdstrike and before that the Australian Signals Directorate.