• No results found

Information Security Seminar 2013

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Information Security Seminar 2013"

Copied!
25
0
0

Loading.... (view fulltext now)

Download now ( 25 Page )

Full text

(1)

Mr. Victor Lam, JP

Deputy Government Chief Information Officer

(2)

Agenda

1.

Introduction

2.

Information Security Posture & Programmes

3.

Hong Kong SAR Government Cloud Adoption

4.

Cloud Challenges & Risk Mitigation

(3)

Who’s Peeking At You?

Security & Privacy

Data Protection

Data Location

Outsourcing

(4)
(5)

Local ICT Environment

2.26M

broadband accounts

86%

household with broadband access

19 004

public Wi-Fi access points

(6)

Local ICT Environment

Strong foundation for Cloud Computing

• Well established legal system with good protection

of intellectual property rights and personal data

• World-class infrastructure and ideal location in

Asia for data centres

• Pro-business culture

• Proximity to the Mainland of China

• Talented ICT professionals

(7)

Office of the Government Chief Information Officer (OGCIO)

Set up on 1 July 2004

Provides a streamlined government structure and

leadership for delivering the ICT functions within

Government

Enables the Government to take a proactive,

leading role in championing ICT development in

the community

Headed by Government Chief Information Officer

(8)

ICT Facts and Figures in the Government

1300

Government IT Professionals

2500

Contract IT Professionals

400+

Government web sites

50+

e-Government mobile apps

(9)
(10)

Information Security – Major Stakeholders

OGCIO

Provide policy steer, advice and

support on Government

information security

requirements and matters

Coordinate and facilitate the

handling of IT security incidents

within Government

Protect Government’s central IT

infrastructure and information

Ensure compliance with

information security policy and

requirements

Conduct IT security awareness

promotion and training for

government staff and the public

Hong Kong Police Force

Prevent and detect technology

crime

Establish the Cyber Security Centre

to strengthen resilience against

cyber attacks

Collaborate with OGCIO & HKCERT

to conduct awareness promotion

and training for the public

Hong Kong Computer

Emergency Response

Team Coordination Centre

(HKCERT)

Coordinate computer security

incident response

Disseminate security alerts to the

public

Collaborate with OGCIO & Police to

conduct awareness promotion and

training for the public

Conduct security drill

Security Bureau

Provide policy steer, advice and

support on Government’s security

requirements and security

incidents

Information

Security

(11)

Review of Information Security Requirements

Security

Regulations,

Policies and

Guidelines

Government

Bureaux and

Departments

(B/Ds)

Review, Revise and Promulgate

Cloud Computing

Security

Social Networking

Security

Mobile Device

Security

To ensure that government information security requirements can keep in

pace with the advancement of technology, security trends and latest

(12)

Security Risk Assessment and Audit

To ensure information security risks of government information systems are

properly managed and appropriate mitigation measures are effectively

implemented.

Information Security

Risk Assessment and

Third-party Audit

Information Systems

Identify security

threats, vulnerabilities

and corresponding

impacts

Ensure compliance of

information security

policies

Adopt effective

information security

measures

(13)

Security Governance

To better monitor the security status of B/Ds and help them achieve

compliance with government security requirements.

Government

Bureaux and

Departments

(B/Ds)

Security

Survey

Security

Risk

Assessment

Result

(14)

Awareness Promotion to the Public

To empower citizens to withstand new and ever-changing security threats.

Public

Seminars

Thematic website

www.infosec.gov.hk

Multimedia

materials

Leaflets

Posters

Radio clips

(15)
(16)

Government Cloud Computing Strategy

Public Cloud

Outsourced

Private Cloud

Private Cloud

In-house

Government Cloud

(GovCloud)

E-Government Public

Services without

Classified data

(at contractor data centres)

(at government data centres)

E-Government

Infrastructure

Services

Central

Computer

Centre

Virtualised

Infrastructure

(17)

A step by step approach to take full

advantage of this new IT model while at the

same time minimise the associated risks.

Government Cloud Adoption

2013

Provision of Shared Services

Electronic Information Mgt,

Human Resource Mgt,

e-Procurement, etc.

2011

Pilot and Testing

Portal for Public Sector

Information (PSI)

Central Computer Centre

Virtualization

Mar 2011

Government

Cloud

Computing

Strategy

2012

Funding and Contracting

2014 and beyond

(18)
(19)

Cloud Challenges

Data location

Data Ownership

Security & Privacy

Service Continuity

Data Protection

Multi-tenancy

Outsourcing

Off-Premises

(20)

Cloud Security Trends

Source of Information:

(21)

Security Challenge & Risk Mitigation in Cloud Adoption

Challenge

Risk Mitigation

Lack of corporate directions and

relevant policies and guidelines

Cloud adoption strategy

Review of policies and guidelines

Control on user authentication

Assurance of information

security and privacy in cloud

Access control security

User education and training

Cloud security certifications and standards

Conduct of risk assessments and audits

(22)

Promotion of Best Practices in Cloud Adoption

雲資訊網

www.infocloud.gov.hk

OGCIO

Expert Group on Cloud

Computing Services and

Standards

Checklist for SMEs on selecting

Cloud Service Provider

Checklist for SMEs on using Cloud

Services

Checklist for Individuals on

protecting their data in the Cloud

Environment

Policy Management

Data Protection Principles

Subcontractors’ Management

Staff Management

Service Cost

Service Level

On Boarding & Off Boarding

Service Operation

Security and Privacy Protections

Service Commitments/Warranties

Data Ownership & Location and

IP Ownership

Service Default

Contracting (Terms of Service)

Practice Guide for

Procuring Cloud Services

Security Checklists for

Cloud Service Consumers

Security & Privacy Checklist for

Cloud Service Providers in

Handling Personal Identifiable

Information in Cloud Platforms

(23)
(24)

Summary

Government :

Extensive Information

Security Programmes

Cloud :

Adoption through Risk

Mitigation

Hong Kong :

Strong Foundation for

Cloud Computing

(25)

References

Download now ( PDF - 25 Page - 2.84 MB )

Related documents

Political Accountability in the Republic of Kosovo

It means that according to the accountability system installed in the Republic of Kosovo, the executive authority (Prime Minister and President) is elected by the

Cybersecurity Awareness

Information Security Program: Refocused Cybersecurity Information Security Program Governance Structure and Policies Threat Intelligence Audit Program Third-Party Management Risk

Cybersecurity Awareness. Part 2

Information Security Program Cybersecurity Awareness Information Security Program Governance Structure and Policies Threat Intelligence Audit Program Third-Party Management

Cybersecurity Awareness

Information Security Program Cybersecurity 16 Information Security Program Governance Structure and Policies Threat Intelligence Audit Program Third-Party Management Risk

EFFECT OF SILVER NANOPARTICLES, SPERMINE, SALICYLIC ACID AND ESSENTIAL OILS ON VASE LIFE OF Alstroemeria

This study examines the effects of different concentration of nanosilver, salicylic acid, spermine and some essential oils preharvest and postharvest on improving the

CITY OF PAWTUCKET REQUEST FOR PROPOSALS

CITY OF PAWTUCKET’S PURCHASING OFFICE GENERAL CONDITIONS OF PURCHASE All City of Pawtucket purchase orders, contracts, solicitations, delivery orders and service requests shall

An Endogenous Attitude to Firms’ Risk Aversion: A Model

Result 7: If the probability of bankruptcy is lower than the probability of the firm’s survival, then the increase in the price uncertainty increases the costs of financing

Do women prefer pink? The effect of a gender stereotypical stock portfolio on investing decisions

The purpose of this paper is to contribute to the understanding of the gender gap in investor behavior by taking a behavioral perspective and, specifically, resting on the concept of