Regulators have been using threat intelligence-led security testing (eg. The Bank of England CBEST programme), recognizing the systemic risk cyber presents to industry and their responsibilities to oversee its security and resilience.
iCAST is a framework introduced by the Hong Kong Monetary Authority (HKMA) in response to the changing cyber security landscape.
Under the HKMA Cyber Resilience Assessment Framework, banks which aim to attain the intermediate or advanced maturity level as required to conduct iCAST. It is not only a regulatory requirement, intelligence-led simulating testing uses real-world scenarios tailored to the target organization which can demonstrate an organisation’s cyber defence capability to the board, help to measure their maturity and stay ahead of the evolving threat landscape.