Archive - Year 2003

Office of the Government Chief Information Officer, The Government of the Hong Kong Special Administrative Region

	Archive > Year 2003 > ITSD > Press Releases in Year 2003

Secure e-business inspires e-option confidence
17 - 11 - 2003

The Government has implemented a range of measures to establish a secure and reliable e-business environment to inspire public confidence in e-options, the Director of Information Technology Services, Mr Alan Wong Chi-kong, said today (November 17).

Opening the Information Security Summit 2003, Mr Wong shared with experts from all over the world what the Government was doing to ensure information security in Hong Kong.

Beginning with information technology infrastructure, he said the Government had enacted the Electronic Transactions Ordinance to provide a clear legal framework. It had also established the public key infrastructure and the voluntary certification authority recognition scheme as an architectural framework for secure e-commerce.

To enhance Hong Kong's information security incident response capability, the Government had set up the Hong Kong Computer Emergency Response Team Co-ordination Centre.

Another important innovation was the multi-application smart identity card, which enables the business sector, public organisations and Government departments to deliver electronic services in a more secure and cost-effective manner on a common and convenient platform.

Within the Government, a range of technical security measures had been adopted to guard against various types of cyber attacks. These measures include installing firewalls, anti-virus software, intrusion detection systems and other security mechanisms to monitor, detect and block attacks on Government computer networks. Necessary patches and fixes are also applied regularly to keep Government information systems up-to-date.

In order to keep abreast of the trends in computer security attacks and solutions available, the Government closely monitors and disseminates related information published by international and local organisations. This enables bureaus and departments to take effective and prompt action to protect their information assets.

All government computer systems are subject to periodic security reviews and audits to ensure that they keep up with technology advancements, development of international and industry best practices as well as systems and organisational changes.

With the increasing number and complexity of Government computer systems, the Information Technology Services Department had developed comprehensive IT security policies, procedures and relevant guidelines for Government computer users, Mr Wong said.

The Baseline IT Security Policy was first published in January 2000 under which an Information Security Management Committee and IT Security Working Group were established to oversee the information security management and operation within the Government, and help enforce the IT security policy in Government departments. Such policies and guidelines are regularly reviewed.

The baseline policy also requires all departments to appoint a senior officer as the Departmental IT Security Officer responsible for the department's overall information security management and operation.

To co-ordinate and support departments in handling information security incidents, the Government has established the Government Information Security Incident Response Office.

The office monitors computer virus and information security incident outbreaks over the world and issues virus alerts and security reminders to departments.

Administrators of major Government infrastructure systems are required to submit to the office a weekly information report on the security status of their systems and other issues relating to IT security, thus allowing the office to monitor closely the security level of these systems.

Valuing the importance of the people factor, Mr Wong said the Government encouraged its IT professionals to acquire IT security knowledge and seek professional qualifications such as the Certified Information Systems Security Professional and Certified Information Systems Auditor.

"We are also developing a community of practice within our knowledge management framework for knowledge and experience sharing among security professionals, systems developers and managers as well as IT users," he added.

To promote public awareness of IT security, the Government collaborates with various agencies in organising activities, such as exhibitions, seminars and conferences. The Infosec website (www.infosec.gov.hk), leaflets, radio and TV features were produced to get the message across.

- END -

Top

2003

| Important notices | Privacy Policy

Last review date : 31 August 2008