The Hong Kong Monetary Authority (HKMA) has issued a circular to provide general guidance on proper cyber security risk management for authorised institutions in Hong Kong. A copy of the HKMA’s circular is available here.
The circular says that the Board and senior management of an authorised institution are expected to play a proactive role in ensuring effective cyber security risk management in their institution, including the following areas:
- Risk ownership and management accountability
- Periodic evaluations and monitoring of cyber security controls: Board and Senior Management must lead
- Industry collaboration, contingency planning, and incident response
- Regular independent assessment and tests