Cybersecurity Training

  • Professional Development Programme (PDP)

    The Hong Kong Monetary Authority (HKMA) works with the Hong Kong Institute of Bankers (HKIB) and Hong Kong Applied Science and Technology Research Institute (ASTRI) to develop a localised certification scheme – Certified Cyber Attack Simulation Professional (CCASP) and training programmes for cybersecurity professionals.

    CCASP is supported by the Council of Registered Ethical Security Testers (CREST) International.

     

    Certified Cyber Attack Simulation Professional (CCASP) Certification

    CCASP/CREST examinations are recognised by the professional services industry and buyers as being the best indication of knowledge, skill and competence. They are a high-level aspiration for those taking them and increasingly a mandated requirement for those hiring or buying services. CCASP/CREST examinations are broken down into three levels.

    CCASP/CREST provides a recognised career path right from your entry into the industry through to experienced senior tester level. We work with the largest number of technical information security providers who support and guide the development of our examination and career paths.

     

    Different Levels of CCASP

    The CCASP Practitioner examinations are the entry level examinations and are aimed at individuals with around 2,500 hours relevant and frequent experience.

    The CCASP Registered Tester examinations are the next step and by passing this you are demonstrating your commitment as an information security tester. Typically, candidates wishing to sit a Registered Tester examination should have at least 6,000 hours (three years or more) relevant and frequent experience.

    The CCASP Certified Tester examinations are designed to set the benchmark for senior testers: These are the certifications to which all testers aspire. By gaining the CCASP Certified Tester certification you are recognisably at the top of your game as an information security specialist.

     

    Route to CREST/HKIB’s CCASP Certification – Penetration Tester

     

    Route to CREST/HKIB’s CCASP Certification  – Simulation Target Attack and Response

     

    ASTRI Cyber Range Laboratory

    Established in July 2016, ASTRI Cyber Range is Hong Kong’s first laboratory equipped to monitor and simulate cyber attacks. The Cyber Range is a collaboration between ASTRI and Hong Kong Police Force with an aim to provide state-of-the-art training programmes to cybersecurity practitioners in law enforcement agencies and financial institutions.

     

    Enquiries

    To enroll and find out more details on the upcoming training or examinations, please visit the HKIB website at https://www.hkib.org/.

    If you have any other questions, please contact us

    ASTRI’ s Smart Investment Platform

  • The Intelligent Investment Platform, developed jointly by ASTRI and t.Axiom, is capable of analysing large-scale financial data, calculating quantitative models and processing a big chunk of historical and real-time data. It provides in-depth analysis of empirical data, ensuring efficiency and accuracy. Using artificial intelligence to analyse customer needs and attributes, it suggests practical and meaningful investment strategies to help customers with the allocation of assets and selection of investment products. The tool is used by securities companies and fund managers to quantify investments, marking a significant progress in applying financial technology in this field. Bank of China (Hong Kong) has adopted this platform –  its ‘Smart Investment’ contest was organised using this platform, in partnership with ASTRI.

    ASTRI’s Smart Investment Platform supports the users in the following ways:

    1. Intelligent stock selection and trading strategy system: To pick the stocks and automatically generate trading strategies based on big data analysis, artificial intelligence, genetic algorithm and machine learning algorithms.
    2. Graphical and intelligent trading strategy generation platform: Visual presentation of trading trends and display of back-test results to help ordinary traders to generate trading strategies in an automated manner

     

    Intelligent market analysis system can gauge a particular event’s impact on different assets in the market. It explains the complex cause-effect market matrix relating the customer’s performance in simple words or graphics. As the trading volumes and complexities grow, the need to deal in large chunks of data is putting an enormous amount of stress of the customers who are burdened with the task of handling an unprecedented amount of information. In addition to the complexity in information, new and evolving regulatory requirements also affect the processes and practices in the financial markets. Under such a transmuting scenario, establishing correlations between different market factors using traditional theories and models has become very difficult. Not only has the current macro-economic environment become more complex, the need for risk management and controls have become greater too. The market itself has been the result of these complex information chemical reaction presented in front of us, the information provided to us enough for him to be more in-depth, combined with mathematics, statistics and other scientific and objective analysis. Such analysis can be real-time, accurate, and even self-correcting. Major events that impact the financial standing also make the market volatile to a certain extent – depending on the time involved, the extent of the impact depends on the nature of the event itself. Therefore, the analysis of the recent major events is very important.

    ASTRI has been a pioneer in developing complex event processing system (Complex Event Process), large data processing capabilities, cloud parallel computing technology and other advanced platform and technology that have been adopted by customers for many years – from macro to micro level to carry out timely and accurate analysis, modeling, implementation of a set of processes.

    ASTRI’s tools don’t limit their stock selection capability to only the traditional stock selection strategy. Through financial indicators or technical indicators, potential actions are identified for the next time the stock value goes up or down. In the selected stock pool, by applying the corresponding trading strategies, a comprehensive entry and exit conditions and wind control mechanisms are formed. That way, we can not only target the good stocks, but also have a good trading strategy that leads to a ‘one plus one is greater than two’ outcome. Our stock trading and portfolio screening tools are best-in-class in the market – maximising the potential benefits of the transactions. We use artificial intelligence, genetic algorithms, and depth learning models to automatically search and optimise the trading strategy through self-learning and evolution, and ultimately find the most suitable approach to trading.

    Our tools look for the correlation between specific factors and trading signals through supervised learning and unsupervised learning. It will synthesize information from fundamentals, technical aspects, trading behavior, capital surface, terminal behaviour, online financial data, and third party platform information. That leads to the analysis and rigorous selection of factors that have an important impact, and the ongoing formation of an optimised pool of factors.

    In summary, ASTRI has a strong AI capability to devise technological solutions for the financial sector with a large pool of competent experts working for the institute. All of that, is meant to ensure Hong Kong’s continued leadership in the financial industry and a shining future for smart investment.

    Whitepaper on Distributed Ledger Technology

  • 7ASTRI was commissioned by the Fintech Facilitation Office (FFO) of the Hong Kong Monetary Authority (HKMA) to conduct a research project on Distributed Ledger Technology (DLT). The project led to the “Whitepaper on Distributed Ledger Technology” which documented the R&D findings. DLT, commonly known as Blockchain, is an innovative technology that has significant application benefits. The project’s key objectives have been to carry out an open-minded, in-depth examination of the technology and to identify possible applications of DLT in financial services by engaging in proof-of-concept work. Published in November 2016, the whitepaper aimed to provide the FinTech industry of Hong Kong with a comprehensive introduction to the technology. It also helps the sector in understanding how the technology could be deployed as an innovative solution to enhance and secure business operations while fulfilling regulatory compliance.

    DLT is an innovative technology that offers several benefits such as transparency, resiliency, auditability, and cryptography-enabled security. It is a vibrant technology that has seen prolific R&D work and a widening scope of applications.

    The paper presents a comprehensive study of DLT, especially on its key benefits, risks, and potential applications. It addresses security enforcement and regulatory compliance issues. It also demonstrates how DLT can bring in viable, valuable FinTech applications, with initial findings of three proof-of-concept exercises – mortgage loan application, trade finance, and digital identity management.

    The paper was enriched by valuable contributions from experts in academic banking sectors, as well as by a few groups specialising in DLT. The paper may be downloaded from the HKMA website.

     

    As DLT continues to evolve, ASTRI will continue its R&D effort in this area and its applications.

    A property transaction DLT system demonstrating ledger resiliency with transactions automatically replicated in multiple locations. In the diagram above, The transaction recording Alice selling the property to Bob is securely recorded in multiple banks and Land Registry.

    * Alice selling the property to Bob is securely recorded in multiple banks and Land Registry.

    *Demonstration of Hash operation which converts data of any size to fixed size unique values, regardless of how minor the data differ from each other.

    Proof-of-concept: A DLT-enabled property valuation where the DLT system serves as a secure ledger system shared by multiple banks and surveyors.

     

     

     

    Cyber Intelligence Sharing Platform

  • The group developed a Cyber Intelligence Sharing Platform for the banking industry in Hong Kong where data, information, and intelligence related to cyber-threats provided by the contributing authorised users of the Platform can be collected, compiled, and shared among other authorised users. The purpose of the Platform is to enable timely information sharing to allow spontaneous and appropriate precautionary measures to be taken in combating cyber-attacks.

    To cope with ever changing cybersecurity threats to critical infrastructure and financial stability of Hong Kong, the development of this Cyber Intelligence Sharing Platform lays the foundation for cybersecurity intelligence exchange among critical infrastructure entities e.g. the financial industry, public utilities, and IT infrastructure organisations. It will be a core enabler of cybersecurity intelligence exchange between banks or even the entire critical IT infrastructure of Hong Kong. The system is crucial in supporting trusted cybersecurity intelligence exchange among banks and, in future, can be extended to support other sectors and stakeholders.

     

    Blockchain

  • Blockchain (a.k.a. Distributed Ledger Technology) is a software platform which uses advanced cryptographic techniques and peer-to-peer networks to enable the creation of secure, collaborative and trustworthy applications in a cost-effective and reliable fashion. This technology has strong significance to various applications such as crypto-currency and payment systems, digital rights management, and health records management. It is considered a disruptive Financial Technology (FinTech) that can potentially disintermediate some expensive overheads in legacy financial computer systems and also promote automation and digitasation. Our Blockchain Core Competence Group consists of world-class cryptographers, software, network and system engineers, seasoned front-end engineers as well as UI/UX designers. We develop cutting-edge Blockchain systems and applications, and have rich experience in developing (permissioned and permissionless) applications on major distributed ledger platforms such as Bitcoin, Monax, Corda, Ethereum and Hyperledger, etc.

    Focus areas

    Blockchain protocol stack

    Besides pursuing active R&D in our own Blockchain protocol stack, we also have testbeds covering major Blockchain protocols to conduct rigorous security assessment, performance analytics, prototyping, and rapid deployment for financial institutions.

    Consensus algorithms enhancement

    Continuous R&D efforts are being put in to analyse and enhance Blockchain consensus mechanisms that operate specific permissioned and permissionless Blockchain application logics.

    Blockchain technology security

    Our R&D activities also focus on enhancing the security of Blockchain peer-to-peer networks and consensus mechanisms. With joint efforts from ASTRI Security Lab, we provide security assessment and consultancy services to financial institutions on their Blockchain application architecture and security.

    Projects

    Property Valuation Blockchain Application

    Within the scope of the mortgage loan application process, ASTRI was chosen by Bank of China (Hong Kong) to develop a Property Valuation Blockchain System, which provides a more secure and efficient way to digitises the process of property valuation in the lengthy mortgage loan application process.

    The System significantly simplified the entire property valuation process, and thereby led to a sizeable reduction in the process’s operating cost. Besides supporting multiple appraisers, the system has the potential of to be rolled out across many other banks, and more importantly, can subsequently be extended to cover other aspects of the mortgage loan application system. It can enhance productivity, reduce operating cost, improve security and, at the same time, improve user experience.

     

    Project Obsidian – a DLT-based Trade Finance System

    Project Obsidian is a Distributed Ledger Technology (DLT) based trade finance system. It is developed by ASTRI in collaboration with Hong Kong Monetary Authority, HSBC, the Bank of China (Hong Kong), Standard Chartered Bank, the Hang Seng Bank, Bank of East Asia and Tradelink.

    Building upon the Distributed Ledger Technology (DLT), Project Obsidian has a great potential to effectively simplify the existing cumbersome paper-based trade finance operations. The system can also provide a real-time visibility that prevents double financing fault among the participating financial institutes.

     

    ASTRI-HKMA Distributed Ledger Technology White Paper

    Commissioned by the Hong Kong Monetary Authority, ASTRI published a white paper in November 2016 to provide guidance and directions to the banking industry and other sectors on the application of the distributed ledger technology. Along with the white paper, ASTRI developed a series of Proof-of-Concepts (PoCs) and experimented with the PoCs for acquiring the first-hand hands-on experience of the particular blockchain applications developed in the PoCs. The detailed treatment of the PoCs, findings as well as our experience learnt has been shared in the paper for benefiting all the stakeholders.