CRAF110: HKMA Cyber Resilience Assessment Framework (C-RAF) Lead Assessor Training Course

• Certification Level: Intermediate | Hong Kong Cybersecurity | Grey Cyberwolf

• Certificate Title: Certificate of Completion | HKMA Cyber Resilience Assessment Framework (C-RAF) Lead Assessor Training Course

• Delivery Method: Live Classroom

• Duration: One Day | 0900 – 1800

• 8 Hours CPE/CPT/CPD Credit

• Laptop Required

Overview

This course is designed to help HKMA CFI C-RAF Lead Assessors and HKMA CFI C-RAF project team members understand and prepare for the unique technical, analytical and project management challenges of an HKMA CFI C-RAF assessment.

On May 18, 2016, “to further enhance the cyber resilience of the banking sector in Hong Kong” the Hong Kong Monetary Authority (HKMA) announced the launch of a Cybersecurity Fortification Initiative (CFI).

A central element of the CFI is a Cyber Resilience Assessment Framework (C-RAF), which seeks to establish a common risk-based framework for banks to assess their own risk profiles and determine the level of defence and resilience required.

In order to lead a C-RAF assessment, you must hold one of the following credentials:

• ISACA’s Certified Information Systems Auditor (CISA);

• (ISC)2’s Certified Information Systems Security Professional (CISSP);

• ISACA’s Certified Information Security Manager (CISM);

• ISACA’s Certified in Risk and Information Systems Control (CRISC);

• ISACA’s Cybersecurity Fundamentals Certificate (CSX-F) and

• Cybersecurity Nexus Practitioner certification (CSX-P); or

• China Information Technology Security Evaluation Centre’s Certified Information Security Professional - Hong Kong (CISP - HK).

Due to concerns from industry concerning the availability of qualified assessors to undertake the assessment, we have developed this course to better prepare AI’s, lead assessors and assessment project team members for the work that lies ahead.

The course includes:

• HKMA CFI C-RAF Introduction

• HKMA CFI C-RAF Project Management Planning

• HKMA CFI C-RAF Assessment Framework - Inherent Risk

• Three (3) risk levels

• Five (5) key categories of business activities and operational aspects

• Data Collection

• Evidence Analysis & Validation

• HKMA CFI C-RAF Assessment Framework - Cyber Maturity

• Three (3) levels

• Seven (7) domains

• Twenty-five (25) components

• Data Collection

• Evidence Analysis & Validation

• HKMA CFI C-RAF Assessment Framework - Recommendations Development & Improvement Planning/Roadmap

• HKMA CFI C-RAF Assessment Framework - iCAST Planning & Execution

Exercises

• Lab 1 – During this lab the students will develop a tool to conduct an Inherent Risk Assessment.

• Lab 2 – During this lab the students will develop a tool to conduct a Maturity Assessment.

NOTE: Due to the large amount of information required for an assessment as well as the calculations of fields, students will end up with a template that must be completed after they return to their workplace.

Prerequisites

• CRAF110 assumes intermediate knowledge of information technology terms and concepts.

• CRAF110 assumes intermediate knowledge of information security terms and concepts.

• CRAF110 assumes intermediate knowledge of project management terms and concepts.

Why Choose Our Course?

There is no other cyber security firm in Hong Kong that offers the HKMA CFI C-RAF courses that we do. We are also the only firm that offers a free, online Inherent Risk Assessment. We are the only firm that openly shares details about the services and tools developed specifically for the HKMA CFI-CRAF. So, if you want to learn from the leaders in HKMA CFI C-RAF training and education then you have come to the right place.

What You Will Receive

In this course, you will receive the following:

• Starter template for an HKMA C-RAF Inherent Risk Assessment

• Starter template for an HKMA C-RAF Maturity Assessment

You Will Be Able To

• Communicate a deeper understanding of the Cybersecurity Fortification Initiative and its elements.

• Communicate in detail the components of the Cyber Resilience Assessment Framework (C-RAF).

• Be able to develop/further develop an HKMA CFI C-RAF assessment tool.

• Lead* or be a project team member on an HKMA CFI C-RAF assessment.

* In order to lead an assessment you need the knowledge gained in our course PLUS you must hold an industry credential approved by the HKMA (as shown in our list above).

Author Statement

I developed this course to help Hong Kong financial institutions prepare for their upcoming HKMA CFI C-RAF assessment. Over the course of my career I have led a great many information technology and cyber security assessments so I know just how challenging they can be and what the requirements are in terms of people, process and technology. On the surface many people think an assessment is a simple matter of asking questions, checking boxes and generating reports. However, it is far more difficult than that. (The right) data must be collected and analyzed. Is the evidence collected sufficient to meet the assessment requirement? If it’s not, then do you have adequate knowledge to recommend the best method to close a gap? Add to these challenges the operational nuances of a financial institution whose personnel are already time-constrained and/or don’t have any idea what is being asked of from them. This course is designed to help students understand the unique technical, analytical and project management challenges of an HKMA CFI C-RAF assessment.