Information Security Seminar 2013

Size: px
Start display at page:

Download "Information Security Seminar 2013"

Transcription

1 Information Security Seminar 2013 Mr. Victor Lam, JP Deputy Government Chief Information Officer Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region 24 July 2013

2 Agenda 1. Introduction 2. Information Security Posture & Programmes 3. Hong Kong SAR Government Cloud Adoption 4. Cloud Challenges & Risk Mitigation 5. Closing 1

3 Who s Peeking At You? Security & Privacy Data Protection Outsourcing Data Location 2

4 3

5 Local ICT Environment 2.26M broadband accounts 86% household with broadband access public Wi-Fi access points 5 mobile network operators 19 local fixed network operators 193 Internet Service Providers (ISP) 4

6 Local ICT Environment Strong foundation for Cloud Computing Well established legal system with good protection of intellectual property rights and personal data World-class infrastructure and ideal location in Asia for data centres Pro-business culture Proximity to the Mainland of China Talented ICT professionals 5

7 Set up on 1 July 2004 Provides a streamlined government structure and leadership for delivering the ICT functions within Government Enables the Government to take a proactive, leading role in championing ICT development in the community Headed by Government Chief Information Officer (GCIO), deputised by two Deputy Government Chief Information Officers (DGCIOs) 6

8 ICT Facts and Figures in the Government 400+ Government web sites 50+ e-government mobile apps 29 Government data centres 1300 Government IT Professionals 2500 Contract IT Professionals 7

9 8

10 Information Security Major Stakeholders Security Bureau Provide policy steer, advice and support on Government s security requirements and security incidents OGCIO Provide policy steer, advice and support on Government information security requirements and matters Coordinate and facilitate the handling of IT security incidents within Government Protect Government s central IT infrastructure and information Ensure compliance with information security policy and requirements Conduct IT security awareness promotion and training for government staff and the public Information Security Hong Kong Police Force Prevent and detect technology crime Establish the Cyber Security Centre to strengthen resilience against cyber attacks Collaborate with OGCIO & HKCERT to conduct awareness promotion and training for the public Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) Coordinate computer security incident response Disseminate security alerts to the public Collaborate with OGCIO & Police to conduct awareness promotion and training for the public Conduct security drill 9

11 Review of Information Security Requirements To ensure that government information security requirements can keep in pace with the advancement of technology, security trends and latest development of international/industry practices. Cloud Computing Security Social Networking Security Mobile Device Security Security Regulations, Policies and Guidelines Review, Revise and Promulgate Government Bureaux and Departments (B/Ds) 10

12 Security Risk Assessment and Audit To ensure information security risks of government information systems are properly managed and appropriate mitigation measures are effectively implemented. Identify security threats, vulnerabilities and corresponding impacts Information Security Risk Assessment and Third-party Audit Ensure compliance of information security policies Information Systems Adopt effective information security measures 11

13 Security Governance To better monitor the security status of B/Ds and help them achieve compliance with government security requirements. Security Survey Government Bureaux and Departments (B/Ds) Security Risk Assessment Result Visit & Review 12

14 Awareness Promotion to the Public To empower citizens to withstand new and ever-changing security threats. Thematic website Public Seminars Radio clips Leaflets Multimedia materials Posters 13

15 14

16 Government Cloud Computing Strategy Outsourced Private Cloud (at contractor data centres) In-house Private Cloud (at government data centres) Public Cloud E-Government Services with Classified data Government Cloud (GovCloud) E-Government Infrastructure Services Central Computer Centre Virtualised Infrastructure E-Government Public Services without Classified data 15

17 Government Cloud Adoption A step by step approach to take full advantage of this new IT model while at the same time minimise the associated risks Pilot and Testing Portal for Public Sector Information (PSI) Central Computer Centre Virtualization Mar 2011 Government Cloud Computing Strategy 2013 Provision of Shared Services Electronic Information Mgt, Human Resource Mgt, e-procurement, etc and beyond 2012 Funding and Contracting Rollout and Review GovCloud Cloud-enabled Platform (EGIS) Government Public Cloud services 16

18 17

19 Cloud Challenges Data Protection Data location Multi-tenancy Outsourcing Data Ownership Service Continuity Off-Premises Security & Privacy Changes to Infrastructure Changes to Processes Changes to User Behaviour 18

20 Cloud Security Trends Source of Information: Cloud end-user survey conducted by the SME Global Alliance and Hong Kong Productivity Council in

21 Security Challenge & Risk Mitigation in Cloud Adoption Challenge Risk Mitigation Lack of corporate directions and relevant policies and guidelines Cloud adoption strategy Review of policies and guidelines Control on user authentication Access control security User education and training Assurance of information security and privacy in cloud Cloud security certifications and standards Conduct of risk assessments and audits Contractual agreement Protection of data out of organisational control boundary Data protection best practices Incident response mechanism 20

22 Promotion of Best Practices in Cloud Adoption 雲 資 訊 網 Practice Guide for Procuring Cloud Services Service Cost Service Level On Boarding & Off Boarding Service Operation Security and Privacy Protections Service Commitments/Warranties Data Ownership & Location and IP Ownership Service Default Contracting (Terms of Service) Expert Group on Cloud Computing Services and Standards OGCIO Security Checklists for Cloud Service Consumers Checklist for SMEs on selecting Cloud Service Provider Checklist for SMEs on using Cloud Services Checklist for Individuals on protecting their data in the Cloud Environment Security & Privacy Checklist for Cloud Service Providers in Handling Personal Identifiable Information in Cloud Platforms Policy Management Data Protection Principles Subcontractors Management Staff Management 21

23 22

24 Summary Hong Kong : Strong Foundation for Cloud Computing Cloud : Adoption through Risk Mitigation Government : Extensive Information Security Programmes 23

25

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Legislative Council Panel on Information Technology and Broadcasting. Information Security For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest

More information

DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Government s Cloud Computing Programme

DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Government s Cloud Computing Programme For discussion Paper No. 10/2012 on 22 November 2012 Purpose DIGITAL 21 STRATEGY ADVISORY COMMITTEE Government s Cloud Computing Programme This paper updates Members on the latest developments and upcoming

More information

The Cloud Journey From Planning to Action. Mr. Victor Lam Deputy Government Chief Information Officer (Consulting and Operations)

The Cloud Journey From Planning to Action. Mr. Victor Lam Deputy Government Chief Information Officer (Consulting and Operations) The Cloud Journey From Planning to Action Mr. Victor Lam Deputy Government Chief Information Officer (Consulting and Operations) 1 Is Cloud Computing New? John McCarthy Computation may someday be organized

More information

立 法 會 Legislative Council

立 法 會 Legislative Council 立 法 會 Legislative Council LC Paper No. CB(4)1212/14-15(04) Ref. : CB4/PL/ITB Panel on Information Technology and Broadcasting Meeting on 17 July 2015 Updated background brief on information security Purpose

More information

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Legislative Council Panel on Information Technology and Broadcasting. Information Security For Information on 12 July 2010 LC Paper No. CB(1)2465/09-10(03) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper informs Members about the progress

More information

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE Cyber Security Purpose This paper briefs Members on the global cyber security outlook facing governments of some

More information

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Legislative Council Panel on Information Technology and Broadcasting. Information Security LC Paper No. CB(1)2407/10-11(05) For Information on 13 June 2011 Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper informs Members about the progress

More information

DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Adoption of Cloud Computing Model in Government

DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Adoption of Cloud Computing Model in Government For discussion Paper No. 2/2011 on 22 March 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE Adoption of Cloud Computing Model in Government Purpose The Government will be adopting the Cloud Computing 1 Model

More information

Head 47 GOVERNMENT SECRETARIAT: OFFICE OF THE GOVERNMENT CHIEF INFORMATION OFFICER

Head 47 GOVERNMENT SECRETARIAT: OFFICE OF THE GOVERNMENT CHIEF INFORMATION OFFICER Controlling officer: the Government Chief Information Officer will account for expenditure under this Head. Estimate 2014 15... $690.2m Establishment ceiling 2014 15 (notional annual mid-point salary value)

More information

Digital Economy Facilitation Division, OGCIO Industry Forum 2012 24 July 2012

Digital Economy Facilitation Division, OGCIO Industry Forum 2012 24 July 2012 Get ready for IPv6 Digital Economy Facilitation Division, OGCIO Industry Forum 2012 24 July 2012 1 Agenda IPv4 address exhaustion Worldwide IPv6 deployment Major deployment milestones Hong Kong IPv6 deployment

More information

ITEM FOR FINANCE COMMITTEE

ITEM FOR FINANCE COMMITTEE For discussion on 8 June 2012 FCR(2012-13)39 ITEM FOR FINANCE COMMITTEE CAPITAL WORKS RESERVE FUND HEAD 710 COMPUTERISATION Office of the Government Chief Information Officer New Subhead Implementation

More information

Major IT projects currently undertaken by Bureaux/Departments (B/Ds) with project details and staff deployment

Major IT projects currently undertaken by Bureaux/Departments (B/Ds) with project details and staff deployment Annex 3 Major IT projects currently undertaken by Bureaux/s (B/Ds) with project details and staff deployment B/D Projects Project details Staff Deployment 1. Census and Statistics Computer equipment and

More information

Working Group on Cloud Security and Privacy. Brief Update on EGCCSS and WGPIUCS 24 June 2015

Working Group on Cloud Security and Privacy. Brief Update on EGCCSS and WGPIUCS 24 June 2015 Working Group on Cloud Security and Privacy Brief Update on EGCCSS and WGPIUCS 24 June 2015 1 Expert Group on Cloud Computing Services and Standards 8th EGCCSS Meeting held on 6 May 2015 Sharing of Experience

More information

Head 47 GOVERNMENT SECRETARIAT: OFFICE OF THE GOVERNMENT CHIEF INFORMATION OFFICER

Head 47 GOVERNMENT SECRETARIAT: OFFICE OF THE GOVERNMENT CHIEF INFORMATION OFFICER Controlling officer: the Government Chief Information Officer will account for expenditure under this Head. Estimate 2015 16... $714.7m Establishment ceiling 2015 16 (notional annual mid-point salary value)

More information

Legislative Council Panel. on Information Technology and Broadcasting. Implementation of a Government Cloud Platform

Legislative Council Panel. on Information Technology and Broadcasting. Implementation of a Government Cloud Platform LC Paper No. CB(1)1783/11-12(06) For discussion on 14 May 2012 Legislative Council Panel on Information Technology and Broadcasting Implementation of a Government Cloud Platform Purpose This paper seeks

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

Legislative Council Panel on Information Technology and Broadcasting. 2016 Policy Address Policy Initiatives of Innovation and Technology Bureau

Legislative Council Panel on Information Technology and Broadcasting. 2016 Policy Address Policy Initiatives of Innovation and Technology Bureau LC Paper No. CB(4)487/15-16(02) Legislative Council Panel on Information Technology and Broadcasting 2016 Policy Address Policy Initiatives of Innovation and Technology Bureau Background The Chief Executive

More information

立 法 會 Legislative Council

立 法 會 Legislative Council 立 法 會 Legislative Council LC Paper No. CB(4)1481/14-15 (These minutes have been seen by the Administration) Ref : CB4/PL/ITB/1 Panel on Information Technology and Broadcasting Minutes of meeting on Friday,

More information

Legislative Council Panel on Information Technology and Broadcasting Progress Update on E-Government Development Purpose

Legislative Council Panel on Information Technology and Broadcasting Progress Update on E-Government Development Purpose LC Paper No. CB(4)1083/14-15(03) For discussion on 8 June 2015 Legislative Council Panel on Information Technology and Broadcasting Progress Update on E-Government Development Purpose This paper updates

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

For Discussion Paper No. 11/2012 on 22 November 2012. DIGITAL 21 STRATEGY ADVISORY COMMITTEE International IT Fest 2013

For Discussion Paper No. 11/2012 on 22 November 2012. DIGITAL 21 STRATEGY ADVISORY COMMITTEE International IT Fest 2013 For Discussion Paper No. 11/2012 on 22 November 2012 Purpose DIGITAL 21 STRATEGY ADVISORY COMMITTEE International IT Fest 2013 This paper briefs Members on the International IT Fest 2013, a new Government

More information

Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region

Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative Region 1 1) Government Cloud Journey 2) Government Clouds 3) Way Forward 2 1. Government Cloud

More information

Adopting Cloud Computing with a RISK Mitigation Strategy

Adopting Cloud Computing with a RISK Mitigation Strategy Adopting Cloud Computing with a RISK Mitigation Strategy TS Yu, OGCIO 21 March 2013 1. Introduction 2. Security Challenges Agenda 3. Risk Mitigation Strategy Before start using When using 4. Policy & Guidelines

More information

(a) CWRF Head 710 Computerisation

(a) CWRF Head 710 Computerisation LC Paper No. CB(4)125/15-16(03) For discussion on 9 November 2015 Introduction Legislative Council Panel on Information Technology and Broadcasting Capital Works Reserve Fund Head 710 Computerisation Subhead

More information

CYSPA - EC projects supporting NIS

CYSPA - EC projects supporting NIS CYSPA - EC projects supporting NIS Nina Olesen, EOS March 2014 Athens, Greece www.cyspa.eu CYSPA the European project The European Cyber Security Protection Alliance, or CYSPA, is an initiative by 17 organisationsfrom

More information

Cybersecurity in the States 2012: Priorities, Issues and Trends

Cybersecurity in the States 2012: Priorities, Issues and Trends Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State

More information

Overview TECHIS60441. Carry out security testing activities

Overview TECHIS60441. Carry out security testing activities Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being

More information

Build a Secure Cyberspace 2015 Cyber Security is Everywhere Graphic Design Contest

Build a Secure Cyberspace 2015 Cyber Security is Everywhere Graphic Design Contest Build a Secure Cyberspace 2015 Cyber Security is Everywhere Graphic Design Contest Build a Secure Cyberspace is an annual promotion campaign on information security jointly organised by the Office of the

More information

Cloud Security for SME

Cloud Security for SME Cloud Security for SME Hong Kong Computer & Communications Festival 2015 21 Aug 2015 Agenda About HKCERT What is cloud? Cloud security challenges to SME Tips for using cloud service securely About HKCERT

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

CIP 2016 Project Outline

CIP 2016 Project Outline Outline TR_SAND_1 1. Internship 2. Internship 3. Preferred Sandwich June 2016 to June 2017 First Priority: Computer Science/ Technology related Second Priority: Information Systems 4. Name: 2016 Group

More information

Seminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues. Palace Hotel Saigon, HCMC, November 19 th 2014

Seminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues. Palace Hotel Saigon, HCMC, November 19 th 2014 Seminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues Palace Hotel Saigon, HCMC, November 19 th 2014 Cyber Security and Supply Chain Integrity as Risk Factors

More information

Australian Government Cyber Security Review

Australian Government Cyber Security Review Australian Government Cyber Security Review The Cisco Response Today, governments are almost universally pursuing a development and modernisation agenda to nurture their society into the digital age, and

More information

The IT Strategic Plan

The IT Strategic Plan The IT Strategic Plan for the University of Oxford, 2013-2018 REVISED AND REISSUED, OCTOBER 2015 Contents IT Strategic Plan: Vision... 2 The IT Strategic Plan... 2 IT Strategic Plan: Principles and Assumptions...

More information

PROCUREMENT AND INVENTORY MANAGEMENT OF ICT PRODUCTS AND SERVICES. Executive Summary

PROCUREMENT AND INVENTORY MANAGEMENT OF ICT PRODUCTS AND SERVICES. Executive Summary PROCUREMENT AND INVENTORY MANAGEMENT OF ICT PRODUCTS AND SERVICES Executive Summary 1. The Government leverages on information and communications technology (ICT) to improve the operational efficiency

More information

ESKISP6056.01 Direct security testing

ESKISP6056.01 Direct security testing Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being

More information

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing

More information

National Initiative for Cyber Security Education

National Initiative for Cyber Security Education 2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women

More information

By Alex Lee, AGCIO(IS) Industry Forum 29 July 2011

By Alex Lee, AGCIO(IS) Industry Forum 29 July 2011 By Alex Lee, AGCIO(IS) Industry Forum 29 July 2011 Under the D21 Strategy, we have formulated the Pan Government IT Strategy for delivery of next-generation e-government services. Business Transformation

More information

GovHK: One-stop Portal to Deliver Citizen-centric Services. Linda So Deputy Government Chief Information Officer HKSAR Government

GovHK: One-stop Portal to Deliver Citizen-centric Services. Linda So Deputy Government Chief Information Officer HKSAR Government GovHK: One-stop Portal to Deliver Citizen-centric Services Linda So Deputy Government Chief Information Officer HKSAR Government 1 Vision for the e-government programme Use information technology to provide

More information

The Future Development of egovernment in Hong Kong

The Future Development of egovernment in Hong Kong The Future Development of egovernment in Hong Kong Howard C. Dickson Government Chief Information Officer HKSAR Government 5 September My Discussion Agenda Why e-government is vital to Hong Kong Where

More information

APRICOT-APAN 2011, Hong Kong IPv6 Transition Conference 22 February 2011. C. K. Ng

APRICOT-APAN 2011, Hong Kong IPv6 Transition Conference 22 February 2011. C. K. Ng APRICOT-APAN 2011, Hong Kong IPv6 Transition Conference 22 February 2011 The Government of the Hong Kong Special Administrative Region C. K. Ng Programme Manager, Government Office of the Government Chief

More information

WORKING GROUP ON CLOUD SECURITY AND PRIVACY

WORKING GROUP ON CLOUD SECURITY AND PRIVACY WORKING GROUP ON CLOUD SECURITY AND PRIVACY Notes of the Seventh Meeting held at 2:30 p.m. on 19 September 2013 in Communal Meeting Room 3, G/F, Central Government Offices, Tamar Present Mr Vincent CHAN

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

An Information Security and Privacy Perspective for Procurement Services Projects

An Information Security and Privacy Perspective for Procurement Services Projects MANAGEMENT OF DATA: An Information Security and Privacy Perspective for Procurement Services Projects Presentation for: Procurement Services Senior Leadership Meeting Presented by: Ann Nagel, Associate

More information

Guidance on the Use of Portable Storage Devices 1

Guidance on the Use of Portable Storage Devices 1 Guidance on the Use of Portable Storage Devices Introduction Portable storage devices ( PSDs ) such as USB flash memories or drives, notebook computers or backup tapes provide a convenient means to store

More information

The Office of the Government Chief Information Officer IT SECURITY GUIDELINES [G3]

The Office of the Government Chief Information Officer IT SECURITY GUIDELINES [G3] The Office of the Government Chief Information Officer IT SECURITY GUIDELINES [G3] Version : 7.0 September 2012 The Government of the Hong Kong Special Administrative Region COPYRIGHT NOTICE 2012 by the

More information

Information Security Summit 2005

Information Security Summit 2005 Information Security Summit 2005 Forensically Sound Information Security Management in a Risk Compliance Era Keynote Opening Address by Mr. Howard C Dickson Government Chief Information Officer Government

More information

2015 Information Security Awareness Catalogue

2015 Information Security Awareness Catalogue Contents 2015 Catalogue Wolfpack Engagement Model 4 Campaign Drivers 6 Offerings 8 Approach 9 Engaging Content 10 Stakeholder Change Management 12 Bundles 13 Content 14 Grey Wolf -Track compliance with

More information

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination

More information

Legislative Council Panel on Information Technology and Broadcasting. Hacking and Virus Activities and Preventive Measures

Legislative Council Panel on Information Technology and Broadcasting. Hacking and Virus Activities and Preventive Measures For discussion on 12 June 2000 Legislative Council Panel on Information Technology and Broadcasting Hacking and Virus Activities and Preventive Measures Purpose This paper briefs Members on the common

More information

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Report on Hong Kong SME Cloud Adoption and Security Readiness Survey Collaborated by Internet Society Hong Kong and Cloud Security Alliance (HK & Macau Chapter) Sponsored by Microsoft Hong Kong Jointly

More information

2012 Resource Allocation Exercise - Block Vote Project Proposals

2012 Resource Allocation Exercise - Block Vote Project Proposals Item Organisation Title 1 Architectural Services Migration of the Automated Communication, Technical Information and Operations Network from Mainframe to Midrange Platform 9.9 2013-14 1st Quarter 2014-15

More information

The Office of the Government Chief Information Officer INFORMATION SECURITY INCIDENT HANDLING GUIDELINES [G54]

The Office of the Government Chief Information Officer INFORMATION SECURITY INCIDENT HANDLING GUIDELINES [G54] The Office of the Government Chief Information Officer INFORMATION SECURITY INCIDENT HANDLING GUIDELINES [G54] Version: 5.0 September 2012 The Government of the Hong Kong Special Administrative Region

More information

Working Group on. First Working Group Meeting 29.5.2012

Working Group on. First Working Group Meeting 29.5.2012 Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of

More information

Cyber security Indian perspective & Collaboration With EU

Cyber security Indian perspective & Collaboration With EU Cyber security Indian perspective & Collaboration With EU Abhishek Sharma, BIC IAG member, On behalf of Dr. A.S.A Krishnan, Sr. Director, Department of Electronics & Information Technology Government of

More information

Legislative Council Panel on Security Creation of a permanent Chief Superintendent of Police post of the Cyber Security and Technology Crime Bureau

Legislative Council Panel on Security Creation of a permanent Chief Superintendent of Police post of the Cyber Security and Technology Crime Bureau LC Paper No. CB(2)1621/13-14(05) For discussion on 3 June 2014 Legislative Council Panel on Security Creation of a permanent Chief Superintendent post of the Cyber Security and Technology Crime Bureau

More information

State Governments at Risk: The Data Breach Reality

State Governments at Risk: The Data Breach Reality State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

Statement of James Sheaffer, President North American Public Sector, CSC

Statement of James Sheaffer, President North American Public Sector, CSC Statement of James Sheaffer, President North American Public Sector, CSC United States House of Representatives Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection,

More information

REPUBLIC OF MAURITIUS NATIONAL CYBER SECURITY STRATEGY

REPUBLIC OF MAURITIUS NATIONAL CYBER SECURITY STRATEGY REPUBLIC OF MAURITIUS 5555555555555555555555555555555555555555555555555555555555 5555555555555555555555555555555555555555555555555555555555 NATIONAL CYBER SECURITY STRATEGY 2014-2019 The time has come

More information

The Office of the Government Chief Information Officer BASELINE IT SECURITY POLICY [S17]

The Office of the Government Chief Information Officer BASELINE IT SECURITY POLICY [S17] The Office of the Government Chief Information Officer BASELINE IT SECURITY POLICY [S17] Version : 5.0 September 2012 The Government of the Hong Kong Special Administrative Region The contents of this

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

YOUR PASSPORT TO ASIA S WORLD CITY

YOUR PASSPORT TO ASIA S WORLD CITY YOUR PASSPORT TO ASIA S WORLD CITY WHY HONG KONG IS AT THE CENTER OF CLOUD POTENTIAL A MATURE MARKET Hong Kong is the third most important international financial center, after London and New York. Home

More information

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012 Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

The Office of the Government Chief Information Officer BASELINE IT SECURITY POLICY [S17]

The Office of the Government Chief Information Officer BASELINE IT SECURITY POLICY [S17] The Office of the Government Chief Information Officer BASELINE IT SECURITY POLICY [S17] Version : 3.0 May 2006 The Government of the Hong Kong Special Administrative Region COPYRIGHT NOTICE 2006 by the

More information

ICT Usage & Cyber Security Issues in Myanmar

ICT Usage & Cyber Security Issues in Myanmar ICT Usage & Cyber Security Issues in Myanmar AESEN-Japan International Symposium on Cyber Security Khin Swe Htay Deputy Chief Engineer Myanma Posts and Telecommunications Tokyo, Japan October 25, 2013

More information

For discussion on 17 January 2011 LC Paper No. CB(1) 1001/10-11(04) LEGISLATIVE COUNCIL PANEL ON PUBLIC SERVICE

For discussion on 17 January 2011 LC Paper No. CB(1) 1001/10-11(04) LEGISLATIVE COUNCIL PANEL ON PUBLIC SERVICE For discussion on 17 January 2011 LC Paper No. CB(1) 1001/10-11(04) LEGISLATIVE COUNCIL PANEL ON PUBLIC SERVICE Leadership and Management Training for the Civil Service Purpose This paper presents an updated

More information

E-Government Strategy 2013-2017 Implementation

E-Government Strategy 2013-2017 Implementation 2013-2017 Implementation Mr Hawabhay Rajnish Ag. Director Central Informatics Bureau Ministry of Information and Communication Technology 19 th February 2014 2013-2017 2013-2017 aims at increasing: the

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

National Contact Management Strategy

National Contact Management Strategy National Contact Management Strategy 2012 NCMS 2012 NOT PROTECTIVELY MARKED 4 National Contact Management Strategy (NCMS) This document has been produced by the Association of Chief Police Officers (ACPO)

More information

Seamus Reilly Director EY Information Security sreilly@uk.ey.com 0207 951 3179 Cyber Security

Seamus Reilly Director EY Information Security sreilly@uk.ey.com 0207 951 3179 Cyber Security Seamus Reilly Director EY Information Security sreilly@uk.ey.com 0207 951 3179 Cyber Security An Internal Audit perspective on the threats and responses within the Retail Sector 15 th May 2014 Agenda Introductions

More information

A Best Practice Guide

A Best Practice Guide A Best Practice Guide Contents Introduction [2] The Benefits of Implementing a Privacy Management Programme [3] Developing a Comprehensive Privacy Management Programme [3] Part A Baseline Fundamentals

More information

Legislative Council Panel on Public Service T-contract Services

Legislative Council Panel on Public Service T-contract Services For discussion on 20 May 2013 LC Paper No. CB(4)625/12-13(04) Legislative Council Panel on Public Service T-contract Services Purpose This paper provides information on the use of services provided by

More information

Governance and Management of Information Security

Governance and Management of Information Security Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information

More information

ENISA and Cloud Security

ENISA and Cloud Security ENISA and Cloud Security Rossen Naydenov Network Information Security Officer Critical Information Infrastructure Protection Department - ENISA European Union Agency for Network and Information Security

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

CITY UNIVERSITY OF HONG KONG

CITY UNIVERSITY OF HONG KONG CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information Officer in September 2015) INTERNAL Date of Issue:

More information

Stellenbosch University. Information Security Regulations

Stellenbosch University. Information Security Regulations Stellenbosch University Information Security Regulations 1. Preamble 1.1. Information Security is a component of the Risk structure and procedures of the University. 1.2. Stellenbosch University has an

More information

Cyber security in an organization-transcending way

Cyber security in an organization-transcending way Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security

More information

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident

More information

2013 Policy Address Policy Initiatives of Communications and Technology Branch, Commerce and Economic Development Bureau

2013 Policy Address Policy Initiatives of Communications and Technology Branch, Commerce and Economic Development Bureau LC Paper No. CB(4)310/12-13(01) 2013 Policy Address Policy Initiatives of Communications and Technology Branch, Commerce and Economic Development Bureau Our Vision The Government s vision is to develop

More information

Pennsylvania s Alignment & Implementation of the Call to Action

Pennsylvania s Alignment & Implementation of the Call to Action Pennsylvania s Alignment & Implementation of the Call to Action Erik Avakian, CISSP, CISA, CISM Chief Information Security Officer Commonwealth of Pennsylvania eavakian@pa.gov 1. Establish a Governance

More information

Cyber security guide for boardroom members

Cyber security guide for boardroom members Cyber security guide for boardroom members 2 Cyber security guide for boardroom members Cyber security at strategic level Our society is rapidly digitising, and we are all reaping the benefits. Our country

More information

Crime Statistics Data Security Standards. Office of the Commissioner for Privacy and Data Protection

Crime Statistics Data Security Standards. Office of the Commissioner for Privacy and Data Protection Crime Statistics Data Security Standards Office of the Commissioner for Privacy and Data Protection 2015 Document details Security Classification Dissemination Limiting Marker Dissemination Instructions

More information

INFRASTRUCTURE ARCHITECTURE BLUEPRINT

INFRASTRUCTURE ARCHITECTURE BLUEPRINT INFRASTRUCTURE ARCHITECTURE BLUEPRINT MESYUARAT PENGURUS-PENGURUS ICT SEKTOR AWAM BIL.3 TAHUN 2010 26 Oktober 2010 BERSAMA MELAKSANA TRANSFORMASI Table of Content Introduction Current Environment Overview

More information

Cyber Security solutions

Cyber Security solutions Cyber Security solutions The scenario IT security has become a highly critical issue for all businesses as a result of the growing pervasiveness and diffusion of ICT technology. Risks can arise both inside

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

Action Plan 2010-2015 for Canada s Cyber Security Strategy

Action Plan 2010-2015 for Canada s Cyber Security Strategy Action Plan -2015 for Canada s Cyber Security Strategy Her Majesty the Queen in Right of Canada, 2013 Cat: PS9-1/2013E-PDF ISBN: 978-1-100-21895-3 ii Introduction Information technology is highly integrated

More information

Legislative Council Panel on Security Youth Drug Abuse. This paper briefs Members on the latest youth drug abuse

Legislative Council Panel on Security Youth Drug Abuse. This paper briefs Members on the latest youth drug abuse Legislative Council Panel on Security Youth Drug Abuse LC Paper No. CB(2)167/07-08(01) PURPOSE situation. This paper briefs Members on the latest youth drug abuse CURRENT ANTI-DRUG POLICY Formulation of

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

> English > Topical Issues (Statutory Minimum Wage) > Statutory Minimum Wage: Notes for Student Employees and Employers

> English > Topical Issues (Statutory Minimum Wage) > Statutory Minimum Wage: Notes for Student Employees and Employers Interested students can send their covering letter and CVs to chr@clp.com.hk with email titled 2016 CIP intern before 30 May 2016. Students need to state their priority of project number in the application

More information

Intelligent Customer Function (ICF)

Intelligent Customer Function (ICF) CAPABILITY AUDIT FOR HEIs Higher Education Institutions (HEIs) should organically develop their own to successfully manage the process of strategic sourcing. The capability audit provides an assessment

More information

TRANSPORT FOR LONDON SAFETY, HEALTH AND ENVIRONMENT ASSURANCE COMMITTEE

TRANSPORT FOR LONDON SAFETY, HEALTH AND ENVIRONMENT ASSURANCE COMMITTEE AGENDA ITEM 9 TRANSPORT FOR LONDON SAFETY, HEALTH AND ENVIRONMENT ASSURANCE COMMITTEE SUBJECT: REVIEW OF TFL RESILIENCE MANAGEMENT POLICY FRAMEWORK DATE: 20 JULY 2010 1 PURPOSE AND DECISION REQUIRED 1.1

More information

MANAGED SERVICES PROVIDER. Dynamic Solutions. Superior Results.

MANAGED SERVICES PROVIDER. Dynamic Solutions. Superior Results. MANAGED SERVICES PROVIDER Dynamic Solutions. Superior Results. REVOLUTIONIZE YOUR INSTITUTION BY FULLY LEVERAGING THE BENEFITS OF TECHNOLOGY MAXIMIZE YOUR TECHNOLOGY INVESTMENTS ENHANCE SECURITY OF YOUR

More information

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014 CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION Architecture Framework Advisory Committee November 4, 2014 1 Agenda TIME TOPICS PRESENTERS 9:00 9:15 Opening Remarks and Introductions Shirley Ivan,

More information

Action Summary of the Fourth Strategy on Information Technology in Education Realising IT Potential Unleashing Learning Power A Holistic Approach

Action Summary of the Fourth Strategy on Information Technology in Education Realising IT Potential Unleashing Learning Power A Holistic Approach Action Summary of the Fourth Strategy on Information Technology in Education Realising IT Potential Unleashing Learning Power A Holistic Approach Goal of ITE4 Student learning is central to the Fourth

More information