The Aviation Transport Security Regulations 2005 require issuers of ASICs (“Issuing Bodies” or “IBs”) to establish and implement a program of procedures to ensure they perform functions and exercise powers in an appropriately secure manner. Recent regulatory oversight has highlighted the need to ensure these procedures adequately address how electronic information about ASICs and ASIC applications is handled and stored.
Alcorn Group suggest that IBs ensure that their systems that contain or host ASIC information meet the ACSC Essential Eight and OWASP Top 10 requirements. Alcorn Group also suggest that IBs audit their procedures annually to ensure ongoing compliance. As a CREST certified organisation, Alcorn Group can assist IBs by independently assessing their systems’ compliance through:
- conducting assessments against the ACSC “Essential Eight” mitigation strategies
- performing OWASP “Top 10” assessments and penetration tests of web applications
- assessing and testing other procedures in the IB’s ASIC program.
Alcorn Group can work with IBs to develop an annual independent assessment and testing program that meets the IB’s regulatory obligations, with engagements scheduled throughout the year, and as part of a multi-year program if desired.