The Hong Kong Monetary Authority (HKMA) announced on 3 November 2020 the launch of an upgraded Cybersecurity Fortification Initiative (CFI) 2.0, following industry consultation. The initiative is underpinned by three pillars: the Cyber Resilience Assessment Framework (C-RAF), the Professional Development Programme (PDP), and the Cyber Intelligence Sharing Platform (CISP).
As a long term follower of the initiative, I spent some time to study on what are actually changed on the CFI 2.0, or mainly the C-RAF 2.0. I have studied the official document and all referenced materials to prepare this follower’s handbook as quick reference for my friends in financial industry. I have also created an Excel spreadsheet (C-RAF 2.0 Technical Implantation Tool) which contains the 7-Domains dive into the respective 26 Control Components of the Maturity Assessment with my implementation guides for my own easy reference.
In this webinar, I shall share out and discuss on how to use my C-RAF 2.0 Technical Implantation Tool (Fig. 1) together with my recommended implementation guidelines on the Maturity Assessment Domain 4, 5 and 6. Attendants are welcome to join me as panel to ask questions and discuss your comments on the compliance requirements by sending your email to email@example.com after registration.
On Jan 18, Monetory Authority of Singapore (MAS) has issued a revised Technology Risk Management Guidelines (TRM) to keep pace with emerging technologies and shifts in the cyber threat landscape. I have further updated the C-RAF 2.0 Technical Implantation Tool by mapping the relevance sections to the security frameworks such as TRM, FFIEC and CIS.
"An English version for public is setup on Feb 5, 3:30pm. Please register at: https://zoom.us/webinar/register/WN_gmMzI5k8SKO6PmYgdTUUAw"