SFC100: Hong Kong Securities and Futures Commission (SFC) Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading

  • Certification Level: Foundation | Hong Kong Cybersecurity | Green Cyberwolf

  • Certificate Title: Certificate of Completion - SFC Reducing and Mitigating Hacking Risks Intensive

  • Delivery Method: Live Classroom

  • Duration: Four Hours

  • 4 Continuing Education / Professional Development Units

  • Laptop Required​

 

Overview

On October 27, 2017, the Hong Kong Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) issued Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading requiring all licensed or registered persons engaged in internet trading to implement 20 baseline requirements to enhance their cybersecurity resilience and to reduce and mitigate hacking risks.

 

Also today, the HKMA issued a circular requiring registered institutions to enhance the security of their internet trading services having regard to the requirements in the SFC’s guidelines.

 

This course is designed to provide an intensive review of the 20 baseline requirements outlined within the Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading.

The course includes:

  • An introduction to the Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading

  • Review requirements for the protection of clients’ internet trading accounts

    • Two-factor authentication

    • Implement monitoring and surveillance mechanisms

    • Prompt notification to clients

    • Data encryption

    • Protection of client login passwords

    • Stringent password policies and session timeout controls

  • Review the requirements for infrastructure security management

    • ​Deploy a secure network infrastructure

    • User access management

    • Security controls over remote connection

    • Patch management

    • End-point protection

    • Unauthorised installation of hardware and software

    • Physical security

    • System and data backup

    • Contingency planning for cybersecurity scenarios

    • Third-party service providers

  • Review the requirements for cybersecurity management and supervision

    • ​Roles and responsibilities of cybersecurity management

    • Cybersecurity incident reporting

    • Cybersecurity awareness training for internal system users

    • Cybersecurity alert and reminder to clients

Exercises

  • None

Prerequisites

  • SFC100 assumes basic knowledge of computers and technology.

Why Choose Our Course?

When it comes to the financial services industry in Hong Kong, we pride ourselves on being the only company to offer courses specifically aligned to regulatory cybersecurity requirements from the Hong Kong Monetary Authority (HKMA) Cyber Fortification Initiative (CFI) Cyber-Resilience Assessment Framework (C-RAF) and the Hong Kong Securities and Futures Commission (SFC).

What You Will Receive

In this course, you will receive the following:

  • Digitally-protected electronic copy of the course material

 

You Will Be Able To

  • Communicate a deeper understanding of the 20 baseline requirements outlined within the Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading.

 

What To Take Next?

The Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading detail the requirement for cybersecurity awareness training for internal system users. It states that "a licensed or registered person should provide adequate cybersecurity awareness training to all internal system users at least on a yearly basis. When designing the content of the training programme, the licensed or registered person should take into account the type and level of cybersecurity risks it faces."

As a result, we recommend clients register for one or more of the following courses from our Executive Series. These classroom courses are approximately 1 hour in duration each.

  • Introduction to Cybersecurity – Foundational Information Security Concepts

  • Introduction to Cybersecurity – Security Awareness

  • Introduction to Cybersecurity – Social Engineering

  • Introduction to Cybersecurity – Spear-Phishing & Ransomware

  • Introduction to Cybersecurity – Cybercriminal Psychology

  • Introduction to Cybersecurity – Insider Threats

  • Introduction to Cybersecurity – External Threat Actors

  • Introduction to Cybersecurity – Digital Forensics & Incident Response

THIS COURSE IS NO LONGER OFFERED.

USA:

Cyber Security Training and Consulting LLC 

Hong Kong:

Cyber Security Training Co. Ltd.

Info@CyberSecurityTrainingCo.com

Proudly Providing Classroom Security Awareness Training and Cyber Security Training to Clients Globally

Africa | Asia | North America | South America | Central America | Eastern Europe | European Union | Middle East | Caribbean | Oceania

© Cyber Security Training and Consulting LLC | Privacy Policy