The CFI was implemented in December 2016 with a view to raising the cyber resilience of Hong Kong’s banking system. The initiative is underpinned by three pillars:
The C-RAF is a risk-based framework for Authorized Institutions to assess their own risk profiles and benchmark the level of defence and resilience that would be required to accord appropriate protection against cyber attacks.
The PDP is a localised certification scheme and training programme for cybersecurity professionals developed by the HKMA in collaboration with the Hong Kong Institute of Bankers and the Hong Kong Applied Science and Technology Research Institute. It is an integrated and well-structured programme to train and nurture cybersecurity practitioners in the banking and information technology industries, and to enhance their cybersecurity awareness and technical capabilities of conducting cyber resilience assessments and simulation testing.
The CISP provides an effective infrastructure for sharing intelligence on cyber attacks. The timeliness of receiving alerts or warnings from a commonly shared intelligence platform can help the banking sector as a whole to prepare for possible cyber attacks. The platform was launched by the HKMA in collaboration with the Applied Science and Technology Research Institute and the Hong Kong Association of Banks.