• No results found

Information Security Summit 2005

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Information Security Summit 2005"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Information Security Summit 2005

Forensically Sound

Information Security Management

in a Risk Compliance Era

Keynote Opening Address by

Mr. Howard C Dickson

Government Chief Information Officer

Government of the Hong Kong Special Administrative Region 8 November 2005

1

Distinguished Guests, Ladies and Gentlemen,

Good morning. I have great pleasure to be invited to address you at the Information Security Summit 2005 this morning.

(2)

2 2

Cyber Security Threats

Beware of :

140,000 Viruses since 1986

¾

Botnet

¾

Ransom

¾

Fake Website

¾

Credential Theft

¾

Computer Viruses

¾

Spyware

¾

Phishing

¾

Scam

and new tricks…

Nowadays, people seldom question the benefits of using the Internet for communication and doing business. Business executives are now concerned about the rising trend of cyber security threats such as computer virus attack, spyware, phishing, scam, botnet, ransom, fake website, credential theft and other tricks.

Since the first virus was discovered in 1986, more than 140,000 viruses have been found exploiting software vulnerabilities and disrupting computer networks and systems worldwide.

At the same time, hackers keep finding ways to intrude into networks and computer systems, implant unwanted program codes in victim computers or hijack Internet access to bogus websites. IT executives are angry at spyware that leaks out their company information stealthily, or slows down their systems.

(3)

3

Spam Nuisance

Email, Fax, SMS/MMS,

Telephone Call and etc.

67% of Email Traffic

Unsolicited Mobile Phone Calls

Internet users also face rising intrusive spam nuisance. Spam is disseminated in various forms, such as email, fax, SMS/MMS and telephone call. In September, the global ratio of spam in email traffic was 67%. There is also a rapid rise in unsolicited mobile phone calls where the recipients have to pay for taking such nuisance calls.

(4)

4 4

Cyber Crimes

560 Cases in 2004 in HK

Including —

¾

Hacking

¾

Obscene Articles

¾

Criminal Damage to Data

¾

Internet Shopping Fraud

The increase of cyber crimes is another concern. In Hong Kong, computer related crimes have climbed from 34 cases in 1998 to 560 cases in 2004. These crime cases include hacking, publication of obscene articles, criminal damage in relation to data, and Internet shopping fraud.

Is the cyber space so unfriendly? My answer is ‘Certainly Not’. Instead of viewing these threats as impediments to moving into the information age, we should treat them as reasons for having a good information security posture so that we can continue to reap the benefits of the Internet era.

(5)

5

Cracking down Cyber Crimes

Robust ICT infrastructure

Computer Forensics Facilities

Expertise

Security Policy and Measures

Collaboration

Over the past years, the Government has taken successful steps to establish a robust ICT infrastructure to facilitate the conduct of electronic commerce in Hong Kong. Today, we have a robust Internet infrastructure with many excellent Internet service providers as well as an emergency response support mechanism. To safeguard our information systems, computer users have to implement effective measures to guard against various types of cyber attacks. It is advisable for businesses to formulate a set of security policy, guidelines and good practices.

In our fight against cyber crimes, the Government has established computer forensics facilities, developed expertise and collaborated with the industry, which has enabled the successful crack down of many cyber crime cases in recent years.

(6)

6 6

The “STEPS” Anti-Spam Campaign

¾

S

trengthening Existing Regulatory Measures

¾

T

echnical Solutions

¾

E

ducation

¾

P

artnerships

¾

S

tatutory Measures

Five Key Initiatives of “

STEPS

” :

Realizing the damaging effects of spamming activities, the Government has launched a campaign entitled “STEPS” to fight the spam epidemic. “STEPS” tackles the spam problem by means of five key initiatives. They are Strengthening Existing Regulatory Measures, Technical Solutions, Education, Partnerships and Statutory Measures.

Before the anti-spam law is put in place, the Government is seeking telephone operators’ cooperation in providing their customers with services to filter unwanted promotional telephone calls.

It is important to appreciate that Information Security is about people, process and technology, with the latter contributing about 20%. Incidents such as Web Defacement, Denial of Service, Hacking and Virus Attack will occur on the Internet because this is the nature of doing business in an open environment.

(7)

7

Cyber Security for MC6

High Profile International Event to be held in

Hong Kong between 13-18 December

Cyber Security an Issue

Must ensure high standard

of information security to

– Protect, Detect, React and

Restore

– Respond to Security Incidents

– Execute Contingency Plans

Government has taken serious steps to ensure cyber security for the MC6 to be held between 13th and 18th December. The best practices and

effective mitigation measures to combat against large scale cyber attacks are to get prepared and practise responding to such incidents through tabletop or mock exercises. Loopholes discovered are corrected quickly. We train our folks and have them ready to counter malicious activities.

If necessary, business continuity plans will be activated to provide service through alternate means. Our top priority is to minimize the impact on operations by isolating the incident and blocking the attack so that the MC6 as well as the Government’s operation can continue. To ensure maximum information security in the community, the Government is currently working together with the major Internet Service Providers to develop guidelines and procedures for responding to the various cyber attacks. We will ensure proactive public affairs to update the public and manage their expectations.

(8)

8 8

Public Education and Awareness

Education Programmes

InfoSec Website (www.infosec.gov.hk)

Promotion Campaigns

To facilitate the development of a reliable and secure e-community, we need the concerted efforts from everyone in our community and be a good citizen of the cyber world. Government is committed to raising public awareness and promoting ethics on information security through launching the “InfoSec” website (www.infosec.gov.hk), education programmes and promotion campaigns.

(9)

9

Hong Kong Clean PC Day

Clean your PCs on 25 November 2005

¾Apply Security Patches

¾Scan your PCs with Anti-virus Software

¾Protect your PCs with Personal Firewall

We have set 25 November 2005 as the “Hong Kong Clean PC Day” to arouse the community on the importance of information security and “how” to protect their information from cyber attacks. You are cordially invited to participate in this meaningful campaign. Please visit the OGCIO website to find out more details.

(10)

10 10

For Your Concerted Efforts

to Ensure Cyber Security

I wish the Summit a great success.

References

Download now ( PDF - 10 Page - 885.74 KB )

Related documents

ENTERPRISE CYBER SECURITY & INFORMATION ASSURANCE SUMMIT

Chief Information Officer (CIO) Chief Technology officer (CTO) Senior security leads/Engineers Cyber Security Managers Reliability Managers Director of Compliance Technical Directors

Guide for First-Time Information Security Countermeasures

Furthermore, in order to protect enterprise-handled information, enterprises need to implement not only physical security countermeasures (to protect their

Network & Information Security

15-441 Networks Fall 2002 24 Why do we need security.  Protect vital information while still allowing

Jiexun Li, Ph.D. College of Information Science and Technology, Drexel University, Philadelphia, PA

− Conference on Information and Knowledge Management (CIKM), 2009 (Hong Kong, China) − International Conference on Design Science Research in Information Systems and

Information Security Management System Information Security Policy

Managers are responsible for implementing effective processes consistent with these policies that protect IFDS’ information assets and monitor controls and compliance..

SHS Annual Information Security Training

• The mission of the SHS Information Security Program is to Protect Valuable SHS Resources.. • Information Security is

The Transmission of Pricing Information of Dually-Listed Stocks

This paper investigates the transfer of pricing information using the daily opening and closing prices of eighteen Hong Kong firms that are dually listed in the Stock Exchange of

INFORMATION SECURITY RISK MANAGEMENT PDF

- ITL Bulletin Conducting Information Security Related Risk - CPG 234 – Management of Security Risk in Information and - November 1999 Information Security Risk Assessment - August