On 25 November 2022, The Hong Kong Monetary Authority (HKMA) issued an additional guidance to authorised institutions (AIs) on protection against distributed denial-of-service (DDoS) attacks. In consideration of the growing incidence and sophistication of DDoS attacks, the HKMA provides more detailed guidance to complement the relevant requirements stated in “TM-E-1 Risk Management of E-banking” and “TM-G-1 General Principles for Technology Risk Management” Supervisory Policy Manual (SPM).
The HKMA developed the additional guidance based on the findings from the thematic reviews completed to assess the effectiveness of the anti-DDoS protective measures maintained by AIs. The additional guidance is grouped and summarised into four key principles:
- Regular Risk Assessment and Vulnerability Management
- Anti-DDoS Controls Architecture
- Service Providers Governance
- Incident Response and Regular Drills
This flyer provides a comprehensive summary of the current HKMA guidance on Anti-DDoS Protection, outlines areas AIs should consider with regards to Anti-DDoS protection, and details KPMG’s approaches to fulfil HKMA guidance requirements.
Henry Shek
Partner, Management Consulting
KPMG China
Brian Cheung
Partner, Management Consulting
KPMG China
Lanis Lam
Partner, Management Consulting
KPMG China
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia