Page 20 - Demo
P. 20

Talent at the core of robust cybersecurity defence strategies
According to LEE, the unceasing nature and increasing sophistication of cybersecurity risks and attacks require expansion of the cybersecurity talent pool from entry level to expert. He explained how the PDP is an integrated and well- structured certification scheme and training programme that provides a clear career path
for professional development.
The goal, LEE said, is to train and nurture cybersecurity practitioners in the banking and information technology industries, and to enhance their cybersecurity awareness
and technical capabilities of conducting cyber resilience assessments and simulation testing. Under the PDP, in collaboration with the HKMA and the Hong Kong Applied Science and Technology Research Institute (ASTRI), the HKIB has developed a localised certification scheme – Certified Cyber Attack Simulation Professional (CCASP) and training programme for cybersecurity professionals. LEE explained by increasing the number of qualified cybersecurity professionals capable of carrying out effective cyber risk assessment and cyber-related security testing, Hong Kong would significantly strengthen its cybersecurity capabilities. At the same time,
by updating and expanding the list of acceptable equivalent cyber professional qualifications, Hong Kong's cybersecurity talent pool would be further developed and expanded.
Emerging cybersecurity trends
Consistent with observations throughout event, the panel discussion focusing on “Cybersecurity in Financial Services: Top Trends for 2021”, highlighted how the move to working from home (WFH) precipitated by the COVID-19 pandemic, had increased the scope and vulnerability to different types of cybersecurity threats. For example, phishing scams, weak passwords, unencrypted file sharing, insecure home Wi-Fi connections and working from personal devices. To reduce the risk of cyberattacks the panellists recommended more emphasis should be focused on accessing the threat
18 landscape and creating employee awareness.
Because cybersecurity threats are an ongoing challenge that every financial institution has to constantly address, it is important to invest in developing corporate skills and
色,就用戶的監管、角色和責任制定大綱,藉此 提高平台的易用性。此外,亦有計劃將平台的會 員資格擴大至存款公司公會(DTC)和其他金融 領域的董事會成員。
  “「網絡防衛計劃2.0」由 2021 年年中至2023年有系統地分階 段推行,以確保運作系統和專 屬資料同時受到保護。計劃不 但反映最新的技術趨勢,並結 合全球網絡安全的最新發展和 措施。
 強大網絡安全防衛策略 人才至為重要
李達志表示,網絡安全風險和攻擊持續不斷, 而且變得日益複雜,因此,有必要增加由基礎 至專家級別的網絡安全人才。他指出,「專業培 訓計劃」是一個綜合和有系統的證書和培訓計 劃,旨在提升銀行和資訊科技網絡安全從業員 的網絡安全意識,以及加強他們進行網絡防衛 評估和模擬測試的能力;並為他們訂下清晰的 發展路向。培訓計劃還包括由香港銀行學會聯 同金管局和香港應用科技研究院(應科院)制 定的本地化認證計劃 Certified Cyber Attack Simulation Profession(CCASP)。李達志相 信,為網絡風險評估和網絡安全測試兩大範疇 增加合資格的專業人員,可大大加強香港的網 絡安全能力。此外,通過更新和擴闊可接受的同 等網絡專業資格,可進一步發展和擴大香港的 網絡安全人才庫。
 ISSUE 119 • 2021

   18   19   20   21   22