Skip to main content

      On 25 November 2022, The Hong Kong Monetary Authority (HKMA) issued an additional guidance to authorised institutions (AIs) on protection against distributed denial-of-service (DDoS) attacks. In consideration of the growing incidence and sophistication of DDoS attacks, the HKMA provides more detailed guidance to complement the relevant requirements stated in “TM-E-1 Risk Management of E-banking” and “TM-G-1 General Principles for Technology Risk Management” Supervisory Policy Manual (SPM).

      The HKMA developed the additional guidance based on the findings from the thematic reviews completed to assess the effectiveness of the anti-DDoS protective measures maintained by AIs. The additional guidance is grouped and summarised into four key principles:

      • Regular Risk Assessment and Vulnerability Management
      • Anti-DDoS Controls Architecture
      • Service Providers Governance
      • Incident Response and Regular Drills

      This flyer provides a comprehensive summary of the current HKMA guidance on Anti-DDoS Protection, outlines areas AIs should consider with regards to Anti-DDoS protection, and details KPMG’s approaches to fulfil HKMA guidance requirements.

      HKMA Guidance on Anti-DDoS Protection

      HKMA Guidance on Anti-DDoS Protection

      A summary of the HKMA's guidance on Anti-DDoS Protection
      Download

      Contact Us

      Henry-Shek

      Partner, Management Consulting

      KPMG China

      Brian Cheung
      Brian Cheung

      Partner, Technology Consulting

      KPMG China

      Lanis Lam
      Lanis Lam

      Partner, Technology Consulting

      KPMG China

      Submit RFP

      Find out how KPMG's expertise can help you and your company.

      Click to begin