2019-01-10
Added · Updated
The Hong Kong Monetary Authority issued this guide to establish the Enhanced Competency Framework on Cybersecurity (ECF-C), a non-statutory framework designed to develop a sustainable talent pool and raise professional competence among cybersecurity practitioners in the banking sector. The framework defines 'Relevant Practitioners' across three lines of defense—IT Security Operations and Delivery, IT Risk Management and Control, and IT Audit—and structures qualifications into Core and Professional levels based on work experience. Authorized institutions are encouraged to adopt the ECF-C to benchmark employee competence, support training, and ensure staff maintain continuing professional development requirements of at least 20 hours annually.