SearchLanguageMobile menu

Opening Remarks by Mr. Jason Pun, Assistant Government Chief Information Officer (Cyber Security & Digital Identity) , at the “11th Annual InfoSecurity Summit 2019”

Distinguished guests, ladies and gentlemen,

Good morning! It is my great pleasure to join you all at the 11th Annual InfoSecurity Summit 2019. I would like to take this opportunity to welcome all participants, in particular those who are from overseas. This Summit has been an excellent platform for information security leaders and professionals in the region to meet and share latest information security trends and exchange insights and knowledge to strengthen our defence capability against emerging cyber threats.

The cyber security landscape today is changing rapidly with complex, emerging and unconventional attacks. With the rapid and dramatic digital transformation in recent years, there is a big increase in the variety of cyber attacks such as malware, phishing and DDoS attacks. Moreover, weak points such as system vulnerabilities or improper system configuration can lead to system compromise easily in face of the ever-increasing malicious network activities such as advanced persistent threats. The great variety of advanced attack methods have further increased the difficulties for conventional measures to protect our information systems and data assets.

With the rapid adoption of emerging technologies such as mobile, cloud and connected technology, cyber attacks and threats can bring forth far more extensive impacts than ever before. This makes information security management more important than ever before. Implementing proper risk management as well as protecting the information systems and digital assets have become priorities for all stakeholders, especially when personal data are involved. Here, I would like to share with you the PPT. The PPT is not Power Point presentation, but the three important aspects of information security, namely Process, People and Technology.

First, Process. Information security is a process that focuses on CIA, i.e. confidentiality, integrity and availability. It is not only about operational matters now; it also needs to be addressed at management level. A well-established management framework together with cyber security policies, procedures and controls are essential to enhance the protection and resilience of IT environments. The Government has developed a comprehensive set of information technology security policies and guidelines, covering considerable details on the governance, management, technical and procedural aspects to ensure that appropriate security controls and measures are in place. Organisations and the general public are welcome to make reference to our security policies and practices which are published through OGCIO’s website.

Second, People. As it is often referred to, humans are the weakest link in cyber security. To promote security awareness within the community, the Government collaborates with industry associations to organise relevant conferences, thematic seminars and workshops from time to time. This year, OGCIO continues to cooperate with the Hong Kong Computer Emergency Response Team Coordination Centre and the Hong Kong Police Force to organise campaigns and seminars to promote the awareness of Internet scams and educate the public to prevent personal information leakage from happening. You are cordially invited to participate in our events to share your knowledge of how to better protect personal privacy and data assets.

Third, Technology. To encourage local enterprises in adopting technological services and solutions including cyber security solutions, the Government has been running the Technology Voucher Programme since 2016. This programme provides financial support to enhance enterprises’ capability to guard against cyber threats. In addition, Hong Kong Internet Registration Company will also provide free technical support services to all SMEs using the ".hk" domain names, including website vulnerability scanning, identification of system deficiencies, and advisory for security improvement. Moreover, the Government spearheads a community-driven partnership programme, underpinned by a technology platform “”, to facilitate the sharing of cyber security information across various sectors to improve Hong Kong’s overall defence capability and cultivate a sharing culture. All participants of today’s summit are encouraged to represent your companies or organisations to join the partnership programme, if not yet done so, to contribute to and benefit from this platform.

To get prepared for tomorrow’s new forms of attack, it is of vital importance to implement security measures from the perspective of PPT: process, people, and technology. Under proper risk management and control, organisations are better equipped to secure against emerging threats and maintain appropriate information security level while continuing digital transformation. I would like to take this opportunity to appeal to you to adopt continuous improvement process to monitor, review and enhance the effectiveness of information security management for your organisations. And I wish you all a fruitful and insightful summit.

Thank you.

 - END -