Notes (alphabetical)
Search to quickly find notes, articles, guides, and resources across the site.
Search to quickly find notes, articles, guides, and resources across the site.
Context For technology and risk professionals working within Hong Kong’s banking sector, the C-RAF is the inevitable baseline for cyber compliance. Understanding its structure is not just a regulatory requirement for the institution, but a core competency for those managing governance or operational risk. This note outlines the framework’s architecture and the regulator’s expectations. The Cyber Resilience Assessment Framework (C-RAF) is the mechanism by which the Hong Kong Monetary Authority (HKMA) measures the cyber maturity of Authorised Institutions (AIs). ...
Context For the technical specialist transitioning into management, the governance landscape can appear broad and fragmented. However, distinguishing between mere security controls and broader resilience is a fundamental competency for the modern leader. This article outlines the primary frameworks available to the Cyber practitioner, helping you select the appropriate structure to support both operational stability and regulatory compliance. It is no longer sufficient to focus solely on securing the organisation. The current operating environment requires a shift towards Cyber Resilience. ...
Cyberark is a cybersecurity vendor that specialises in privileged access management (PAM) solutions, helping organizations secure, manage, and monitor privileged accounts and credentials. Related pages Privileged access management Keyvault
Cybersecurity risk has surged as organisations move online and embrace digital processes, transforming what was once a niche topic into a central focus for senior leadership and boards in ensuring their organisations maintain operational resilience. This highlights the essential role of the three lines of defence in managing and assuring digital risk.
AuditBoard — Audit, risk, and controls management platform. BeyondTrust — Privileged access and endpoint security solutions. BitSight — Security ratings platform for vendor and third-party risk. Check Point — Network security appliances and threat prevention. Cloudflare CrowdStrike — Cloud-native endpoint detection and response (EDR). CyberArk — Privileged access management and secrets vaulting. Darktrace — AI-based cyber defence for networks and cloud. ForgeRock — Identity and access management for complex enterprises. MetricStream — GRC and compliance management software for large enterprises. Microsoft Defender — Microsoft’s endpoint and cloud threat protection suite. Microsoft Entra — Microsoft’s suite for identity and access, including Azure AD. Okta — Leading identity and access management (IAM) service. OneTrust — Privacy, risk, and trust platform widely used for GDPR and compliance. Palo Alto Prisma — Cloud security platform for apps, data, and networks. Ping Identity — Enterprise IAM with single sign-on, MFA, and API security. Qualys — Vulnerability management and compliance scanning. RSA Archer — Integrated risk management platform for enterprise GRC programs. SailPoint — Identity governance and lifecycle management. SentinelOne — AI-driven EDR and XDR for endpoints and workloads. ServiceNow GRC — Governance, risk, and compliance workflows built into the ServiceNow platform. Sophos — Unified threat management and endpoint protection. Tenable — Cyber exposure platform, best known for Nessus scanning. Trend Micro — Endpoint, cloud, and hybrid security software. UpGuard — Third-party risk and attack surface monitoring. Vanta — Automated security and compliance monitoring, especially for SOC2. Wiz — Cloud security posture management for AWS, Azure, GCP. Zscaler — Cloud-based secure web gateway and zero-trust access.