Cyber Resilience Assessment Framework (C-RAF) 2.0

The Hong Kong Monetary Authority (the "HKMA") released the Cyber Resilience Assessment Framework (C-RAF) 2.0 in November 2020. The C-RAF is a risk-based framework for Authorized Institutions ("AIs") to assess their own risk profiles and benchmark the level of defence and resilience that would be required to accord appropriate protection against cyberattacks.

Inherent Risk Assessment

The inherent risk assessment comprise five categories. The result of the inherent risk assessment will reflect AIs' cybersecurity threat level, determine its cyber risk exposure, and required cybersecurity controls.

Maturity Assessment

The maturity assessment covers seven key domains which are designed to provide a comprehensive review of the entire operating environment, and places emphasis on a sound governance framework.

Intelligence-led Cyber Attack Simulation Testing ("iCAST")

The HKMA has made reference to overseas practices and regulations in enhancing the iCAST approaches. AIs which aim to attain "intermediate" or "advanced" maturity level are required to conduct the iCAST exercise.

Download the flyer for details.
 

Contact Us

Yat Man CHAN
Partner, Risk Advisory
Tel: 852 2238 7268
Email: ymchan@deloitte.com.hk

Eileen CHENG
Partner, Risk Advisory
Tel: 852 2238 7119
Email: eicheng@deloitte.com.hk

Philip MOK
Director, Risk Advisory
Tel: 852 2740 8829
Email: phmok@deloitte.com.hk