Search Menu
Language Menu
Mobile Menu
Search
OGCIO
Home
Our Work
Strategies & Government IT InitiativesLegal Framework & Domain Name AdministrationCommunity Initiatives & IT ServicesBusiness & Industry DevelopmentIT Infrastructure & StandardsInformation & Cyber Security
Information & Cyber Security
Information & Cyber Security within the GovernmentInformation & Cyber Security in the Wider CommunityCyber Security Situational AwarenessCollaboration with StakeholdersDocuments & Papers
Information & Cyber Security within the Government
< Back

Information and Cyber Security Within the Government

Information security is about the protection of information regardless of whether it is in digital form, being stored on computers, or in transit over a network. With the rapid advancement of information and communications technologies (ICT), Hong Kong is increasingly reliant on the Internet, telecommunications infrastructure, and smart devices for economic development, entrepreneurship, business operations and daily life. Information security issues and the risks in the cyber environment could have various impacts on businesses and individuals.

The OGCIO attaches great importance to improving information and cyber security in the Government as well as to promoting awareness and preparedness in the wider community.

Information Security Management Framework

The Government places great emphasis on information security and the protection of its information and computer assets. Information systems and communication networks have become essential, if not critical, components in the course of electronic service delivery. The security of these components has profound impact on their reliability, availability and serviceability. Since year 2000, a central organisation, the Information Security Management Committee and IT Security Working Group were established to oversee information security within the whole government.

At the departmental level, a senior officer would be appointed to be the Departmental IT Security Officer who would lead the overall information security management of that department. The Information Security Incident Response Teams (ISIRTs) comprising management and technical staff would be established to deal with all matters on a day-to-day basis to prepare for, detect and respond to information security events and incidents.

Government IT Security Policy and Guidelines

The OGCIO has developed and maintained a comprehensive set of information technology (IT) security policies, standards, guidelines, procedures and relevant practice guides for use by government bureaux, departments, and agencies (B/Ds). These include a Baseline IT Security Policy, IT Security Guidelines, Practice Guide for Security Risk Assessment & Audit, and Practice Guide for Information Security Incident Handling. These procedures and guidelines were developed with reference to international standards, industry best practices, and professional resources. They would be reviewed from time to time to meet the challenges of evolving security threats posed by emerging technologies. These documents cover in considerable details the organisational, management, technical and procedural aspects to enable B/Ds to build up their information security framework and practice. Through various training and promotion activities and via different channels, B/Ds are furnished with best practices and information about changes in information security.

Incident Management

We adopt the principle of “prevent, detect, respond and recover” and implement appropriate security controls and measures in ensuring the integrity of business transactions and information by guarding against various types of cyber attacks such as computer worms and viruses, malware, spamming, phishing, distributed denial-of-service (DDoS), hacking and computer crimes. We conduct regular security risk assessment and audit of the technical and procedural controls to ensure that such preventive measures can keep up with technology advancements and industry best practices, and changes in the system, network, or organisational environment.

The OGCIO has taken proactive steps in combating threats related to IT security and cyber attacks by continuously monitoring IT security related vulnerabilities and threats, providing alerts and technical assistance to B/Ds in handling information security events and incidents. With the advent of the Internet and increasing trend of cyber attacks, closer collaboration locally with relevant stakeholders and globally with computer emergency response teams (CERTs) and international information security organisations become necessary and frequent.

In 2015, we established the Government Computer Emergency Response Team Hong Kong (GovCERT.HK, www.govcert.gov.hk) to centrally coordinate information and cyber security incidents as well as to collaborate with other CERT organisations. The GovCERT.HK is the coordination centre for government IT administrators and users on computer emergency response and incident handling. Locally, it would work closely with the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT, www.hkcert.org) on threats and incidents that would affect the private sectors and the community. Globally, GovCERT.HK would collaborate with other governmental and regional CERTs and international organisations with a view to facilitating exchange of information and knowledge needed to reduce vulnerabilities, mitigate risks, and react upon threats and attacks.

GovCERT.HK Annual Report:
www.govcert.gov.hk/en/annualreport.html

 

The Best is Yet to Come - Innovation and Technology
The 2024-25 Budget
The Chief Executive’s 2023 Policy Address
Facilitating of the Cross-boundary Data Flow within the Greater Bay Area
Exhibition of the 3rd Anniversary of Hong Kong National Security Law
You can stop corruption. Report Now!
ICT Outreach Programme for the Elderly
MSW Charging
Let Social Enterprises Bloom!
Legislative Control of Cannabidiol (CBD)
National Security Education Day
“Maker in China” SME Innovation and Entrepreneurship Global Contest - Hong Kong Chapter)
Electronic Health Record Sharing System (eHealth)
Improve Electoral System Ensure Patriots Administering Hong Kong
Support Clean Elections
iAM Smart Safe and Swift
CSDI website
Safeguarding National Security
Multi-functional Smart Lampposts
Fact Sheet : Office of the Government Chief Information Officer
ICT Event Calendar
Smart Government Innovation Lab
talent.gov.hk
New Patent System
Prohibition on Face Covering Regulation
Elderly IT Learning Portal
Hong Kong Legal Hub
Guangdong-Hong Kong-Macao Greater Bay Area
Cybersec Infohub
Corruption Prevention Advisory Service
Approved Fund-raising Activities
Cyber Security Information Portal
Hong Kong's Legal Services
IT Career Role Models Platform
Hong Kong Smart City Blueprint Portal
Web Accessibility Campaign - Making Web Content Available for All
Mutual Recognition of Electronic Signature Certificates issued by Hong Kong and Guangdong
The InfoCloud portal
Marketing Consultancy Office (Rehabilitation)
Developing Datacentre in Hong Kong
Wi-Fi․HK
GovHK Website
Government Computer Emergency Response Team Hong Kong (GovCERT․HK)
DATA․GOV․HK
CCLI Webste
CEPA
Hong Kong/Guangdong Expert Group on Co-operation in Informatisation
Hong Kong ICT Awards
INFO SEC
Student IT Corner
PreviousNext