Cyber Security Staff Awareness Recognition Scheme 2024 | Hong Kong Internet Registration Corporation Limited
CSSA Recognition Scheme

Cyber Security Staff Awareness Recognition Scheme 2024

2024-04-03

Introduction

The scheme, co-organised by The Hong Kong Internet Registration Corporation Limited (HKIRC) and ISACA China Hong Kong Chapter (ISACA), aims to recognise organisations that are aware of the importance and have implemented suitable measures to enhance cybersecurity staff awareness within their organisations in the past 12 months. This initiative is fully supported by the government, professional bodies, and business associations. Let us unite to strengthen cyber defense by implementing multiple channels to enhance cybersecurity staff awareness.

Objective

Promote “Human Firewall” concept among the industry by raising cyber security staff awareness on top of technical protection as a second level defense line

Enhance organisations’ protection level by encouraging the organsations to raise staff awareness by multiple channels, e.g. training, policy, communication, drill, etc

Application

 

Eligibility All Hong Kong companies or organisations with local address are welcome to apply the recognition scheme
Application Period 8 Apr 2024 00:00 – 31 Aug 2024 23:59
Application Method Submit E-Application Form via Here
Application Fee Free-of-charge

Benefits To Participants

Tailor-made training content

  • Branding – Let clients/ partners know that the company pay attention to cybersecurity that can rest assured their partnership
  • Understanding – Understand the ways to enhance protection via staff awareness
  • Engagement – Involve all staff to engage in cybersecurity protection
  • Protection – Reduce cyber incidents due to human element

Benefits To Participants

  • The trophy and digital award badge will be presented to the awardees at the award ceremony and the names of the awardees will be featured on the official website of the program.

Details Of Recognition Scheme

Organisers
  • Hong Kong Internet Registration Corporation Limited (HKIRC)
  • ISACA China Hong Kong Chapter (ISACA)
Scheme Partners
  • The Office of the Government Chief Information Officer (OGCIO)​
  • Cyber Security and Technology Crime Bureau (CSTCB)
  • Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD)
Schedule
  • Application & submit evidence/document to Project Team (8 Apr 2024 – 31 Aug 2024)​
  • Assessment and confirmation of recognition tier (Sep 2024)​
  • Recognition Ceremony (Q4 2024, TBC)​
Assessment Criteria
# Criteria Fulfilment
1. Cyber Security Training ·  Provide cybersecurity training to 50% or above of staff at least once in past 12 months

·  E.g. Online training/ physical training
2. Phishing Drill Participation ·  Ensure that all staff have participated in a phishing drill at least once in the past 12 months, which can be conducted through self-developed drills or ethical drill programs organized by third parties.

·  E.g. Self developed drill/ ethical drill programme by third parties
3. Comprehensive Cyber Security Policy ·  Establish and maintain a comprehensive cyber security policy accessible to all staff, covering areas such as work-from-home policies, password policies, and incident response policies etc.

·  E.g. Work-from-Home Policy/ Password Policy/ Incident Response Policy
4. Reporting Channels for Cyber Security Issues ·  Implement effective channels for staff to report any cyber security issues, including a designated channel to report suspicious or malicious emails.

·  E.g. Channel for staff to report malicious email
5. Dissemination of Cyber Security Information ·  Promote the dissemination of cybersecurity information among staff, such as by actively participating in cyber security information sharing platforms or through regular updates and announcements.

·  E.g. Joined Cybersecurity Information Sharing Platform/ News Sharing/ etc
Recognition Tier
Tier Requirement
Platinum Complete all 5 assessment criteria
Gold Complete any 4 assessment criteria​
Silver Complete any 3 assessment criteria​
Bronze Complete any 2 assessment criteria​

 

Submission Of Evidence After Application

Please submit the below evidence/documents to the Project Team via this e-form after application

Assessment Criteria Evidence/ Supporting Documents
Cybersecurity Staff Training
  • E-certificate record of Cybersec Training Hub in the required period; or
  • Attendance record of other cybersecurity training via physical/ webinar or online platform in the required period
Phishing Drill
  • Participation record of HKIRC’s ethical phishing drill 2024; or
  • Record of self-arranged phishing drill programme in the required period
Cyber Security Policy
  • Email record of sharing Cyber Security Policy to their staff in the required period; or
  • Screen capture record of sharing Cyber Security Policy to their staff via intranet portal in the required period
Report Channels
  • Evidence of dedicated email address for staff to report malicious email; or
  • Evidence of other channels for staff to report malicious email
Cybersecurity Information
  • Participation record of the cybersecurity information sharing platform “Cybersec Infohub”; or
  • Email record of sharing cybersecurity information to their staff in the required period; or
  • Other evidence of sharing cybersecurity information to their staff in the required period

Free Resources

Cybersecurity Staff Training

Cybersec Training Hub
(https://cyberhub.hk/)

Phishing Drill

Ethical Phishing Drill
(https://www.hkirc.hk/zh-hant/news-insights/press-release/ethical_phishing/)

Cyber Security Policy

Report Channels

N/A

Cybersecurity Information

Cybersec Infohub
(https://www.cybersechub.hk/en/home/highlights)

 

Scheme Leaflet

CSSA Recognition Scheme_Leaflet_1