Introduction and Objectives

Certified Cyber Attack Simulation Professional (CCASP)
 

Framework and structure


With the aim to further enhance the cyber resilience of the banking sector in Hong Kong, the Hong Kong Monetary Authority (HKMA) has announced the Cybersecurity Fortification Initiative (CFI) in May 2016.

The CFI features the common core competences required of cybersecurity practitioners in the Hong Kong banking industry. The objectives of the CFI are twofold:
(a) To train and nurture cybersecurity practitioners in the AIs and the information technology industry; and
(b) To enhance their cybersecurity awareness and technical capabilities of conducting cyber resilience assessments and simulation testing

The CFI consists of three pillars: Cyber Resilience Assessment Framework (C-RAF), Professional Development Programme (PDP), and Cyber Intelligence Sharing Platform (CISP).

Under the PDP, the HKMA is working with Hong Kong Institute of Bankers (HKIB) and Hong Kong Applied Science and Technology Research Institute (ASTRI) to develop a localized certification scheme – Certified Cyber Attack Simulation Professional (CCASP) and training programme for cybersecurity professionals.

CCASP is also supported by the Council of Registered Ethical Security Testers (CREST) International.

Please refer to HKMA circular on “Cybersecurity Fortification Initiative” for details.
 

Scope of Application


The CFI is targeted at “Relevant Practitioners”, including new entrants and existing practitioners, engaged by an authorized institution to perform cybersecurity roles in Hong Kong.


Qualification Structure and Syllabus


The qualification structure of CCASP comprises three levels:

(a) The Practitioner Level
The entry level that aims at individuals with around 2,500 hours relevant and frequent experience in IT or security area. 

(b) The Registered Level
By passing the examination in this level, an individual is demonstrating his/her commitment as an information security tester. Typically, candidates wishing to sit a Registered Tester examination should have at least 6,000 hours (three years or more) relevant and frequent experience.

(c) The Certified Level
This level is designed to set the benchmark for senior testers: These are the certifications to which all testers aspire. By gaining the CCASP Certified Tester certification, one is recognized as an information security specialist.


 

Certification


Upon successful completion of the examination, candidates would receive certificates from both CREST and HKIB.
 

Passing the Exam of HKIB Certificates
(Certified Cyber Attack Security Professionals – CCASP)
CREST Certificates

CCASP Practitioner Security Analyst

Certificate for CCASP Practitioner Security Analyst Certificate for CREST Practitioner Security Analyst
CCASP Registered Tester Certificate for CCASP Registered Tester Certificate for CREST Registered Tester
Certified Infrastructure Tester  Certificate for CCASP Certified Infrastructure Tester Certificate for CREST Certified Infrastructure Tester
Certified Web Application Tester Certificate for CCASP Certified Web Applications Tester Certificate for CREST Certified Web Applications Tester
Certified Simulated Attack Manager Certificate for CCASP Certified Simulation Attack Manager Certificate for CREST Certified Simulation Attack Manager
Certified Simulated Attack Specialist Certificate for CCASP Certified Simulation Attack Specialist Certificate for CREST Certified Simulation Attack Specialist


Program and Examination Enrollment


Applicant should complete and sign the Application Form, together with the appropriate programme and/or examination fee, and return by fax or email, or by hand to HKIB Office on or before the corresponding enrollment deadline.
 

Entry Requirement


The Programme is open to members and non-members of the HKIB. Participants should possess a minimum of at least three (3) years of experience in IT, security area. The course is ideally suited to anyone looking to improve their career prospects or transitioning into a cybersecurity role, including:
(a) Networking engineers;
(b) Systems administrations;
(c) System architects or developers;
(d) IT security officers;
(e) Information security professionals; And/or
(f) Budding penetration testers
 

Training/Examination Format


Candidates are suggested to take the training by CCASP accredited training providers before taking the exam. However, the training lessons are not compulsory for the exam.

The classroom based training includes group discussion, lecture with handouts and group exercise.


Subject Training Duration (Days) Examination Format Passing Mark
CCASP Practitioner Security Analyst 2
  • Multiple Choice Questions
  • Long Form Questions
  • Scenario Questions
70%
CCASP Registered Tester 2
  • Multiple Choice Questions
  • Long Form Questions
  • Scenario Questions
67%
Certified Infrastructure Tester 3
  • Multiple Choice Questions
  • Long Form Questions
  • Practical Questions
67%
Certified Web Application Tester 3
  • Multiple Choice Questions
  • Long Form Questions
  • Practical Questions
67%
Certified Simulated Attack Manager TBC
  • Prerequisite: CPSA Pass
  • Multiple Choice Questions
  • Practical Questions
60%
Certified Simulated Attack Specialist TBC
  • Multiple Choice Questions
60%


Examination Format Venue Language
Written Examination Peason Vue
Office B, 18/F, China Overseas Building, 139 Hennessy Road, Wanchai

English

Practical Examination  Hong Kong Applied Science and Technology Research Institute Company Limited
5/F, Photonics Centre, 2 Science Park East Avenue, Hong Kong Science Park, Shatin, N.T. Hong Kong
English


Route to HKIB's CCASP Qualification - Penetration Tester




Route to HKIB's CCASP Qualification - Simulation Target Attack and Response (STAR)



Enquiry

Address : 3/F Guangdong Investment Tower,148 Connaught Road Central, Hong Kong
Fax : (852) 2544 9946
Email: programme@hkib.org (Enrollment Enquiries)/ 
pdp-enquiry@astri.org (Technical and Syllabus Enquiries)