Sunday, February 18, 2024

Hong Kong Monetary Authority (HKMA) - Secure Tertiary Data Backup (STDB)

In 2021,  in light of recent international developments such as the US Sheltered Harbor initiative to
address this type of cyber threats, the Hong Kong Monetary Authority (HKMA) has invited the Hong Kong
Association of Banks (HKAB) to develop guidelines on Secure Tertiary Data Backup (STDB) that are
appropriate for the banking landscape in Hong Kong. HKAB issued the STDB Guideline to banks in an effort to counter the growing risks of potentially catastrophic cyberattacks.

In 2023, HKMA Made significant inroad in implementing Secure Tertiary Data Backup (STDB) to
enhance recovery capabilities from ransomware attacks.

8 Principles:
  1. STDB Governance Model
  2. Identification of Critical Data
  3. Data Quality
  4. Critical Data Lifecycle Management 
  5. Data Extraction and Ingestion
  6. Secure Repository
  7. Restoration Planning
  8. Restoration Validation Process and Drills

9 Characteristics:

  1. Immutable
  2. Survivable
  3. Air-gapped
  4. Secure
  5. Controlled
  6. Verifiable
  7. Assurance
  8. Heterogeneous
  9. High-performance

Reference:
https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2021/20210518e1.pdf
https://www.hkma.gov.hk/media/eng/doc/key-information/speeches/s20240131e1.pdf
8 Principle-based Guidelines of STDB
https://www2.deloitte.com/content/dam/Deloitte/cn/Documents/ined/deloitte-cn-ined-cyberupdates-20210721.pdf
9 Characterises of STDB
https://hktw-resources.awscloud.com/whitepapers-2/technical-whitepaper-building-a-secure-tertiary-data-backup-stdb-on-aws-2
https://cpl.thalesgroup.com/sites/default/files/content/compliance_brief/field_document/2023-06/complying-to-secure-tertiary-data-backup-guideline-in-hong-kong.pdf
US Sheltered Harbor
https://shelteredharbor.org/


Print Friendly and PDF
Share/Bookmark
Posted by Billy Fung at 5:16 PM
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)