Overview

Certified Cyber Attack Simulation Professional (CCASP)
 

Framework and structure

With the aim to further enhance the cyber resilience of the banking sector in Hong Kong, the Hong Kong Monetary Authority (HKMA) has announced the Cybersecurity Fortification Initiative (CFI) in May 2016.

The CFI features the common core competences required of cybersecurity practitioners in the Hong Kong banking industry. The objectives of the CFI are twofold:
(a) To train and nurture cybersecurity practitioners in the AIs and the information technology industry; and
(b) To enhance their cybersecurity awareness and technical capabilities of conducting cyber resilience assessments and simulation testing

The CFI consists of three pillars: Cyber Resilience Assessment Framework (C-RAF), Professional Development Programme (PDP), and Cyber Intelligence Sharing Platform (CISP).

Under the PDP, the HKMA is working with Hong Kong Institute of Bankers (HKIB) and Hong Kong Applied Science and Technology Research Institute (ASTRI) to develop a localized certification scheme – Certified Cyber Attack Simulation Professional (CCASP) and training programme for cybersecurity professionals.

CCASP is also supported by the Council of Registered Ethical Security Testers (CREST) International.

Please refer to HKMA circular on “Cybersecurity Fortification Initiative” for details.
 

Scope of Application

The CFI is targeted at “Relevant Practitioners”, including new entrants and existing practitioners, engaged by an authorized institution to perform cybersecurity roles in Hong Kong.

Qualification Structure and Syllabus

The qualification structure of CCASP comprises three levels:

(a) The Practitioner Level
The entry level that aims at individuals with around 2,500 hours relevant and frequent experience in IT or security area. 

(b) The Registered Level
By passing the examination in this level, an individual is demonstrating his/her commitment as an information security tester. Typically, candidates wishing to sit a Registered Tester examination should have at least 6,000 hours (three years or more) relevant and frequent experience.

(c) The Certified Level
This level is designed to set the benchmark for senior testers: These are the certifications to which all testers aspire. By gaining the CCASP Certified Tester certification, one is recognized as an information security specialist.

Certification

Upon successful completion of the examination, candidates would receive certificates from both CREST and HKIB.
 

Programme and Examination Enrollment

Applicant should complete and sign the Application Form, together with the appropriate programme and/or examination fee, and return by fax or email, or by hand to HKIB Office on or before the corresponding enrollment deadline.
 

Entry Requirement

The Programme is open to members and non-members of the HKIB. Participants should possess a minimum of at least three (3) years of experience in IT, security area. The course is ideally suited to anyone looking to improve their career prospects or transitioning into a cybersecurity role, including:
(a) Networking engineers;
(b) Systems administrations;
(c) System architects or developers;
(d) IT security officers;
(e) Information security professionals; And/or
(f) Budding penetration testers
 

Training/Examination Format

Candidates are suggested to take the training by CCASP accredited training providers before taking the exam. However, the training lessons are not compulsory for the exam.

The classroom based training includes group discussion, lecture with handouts and group exercise.

 

Route to HKIB's CCASP Qualification - Penetration Tester




Route to HKIB's CCASP Qualification - Simulation Target Attack and Response (STAR)



Enquiry