Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. InfoSec should achieve Confidentiality, Integrity and Availability. Confidentiality is the property of preventing disclosure of information to unauthorized individuals or systems. Integrity means that data cannot be modified without authorization. For Availability, the information must be available when it is needed.
With the fast growth in the use of information technology and Internet, not only it has brought us great convenience, but also it creates a risk for abuse by criminals. To protect the organisation stake- holders, HKIRC have set up an Information Security Management Systems (ISMS) according to the national standard ISO-27001.
With this information security framework, the organisation will be able to design, implement and maintain a coherent suite of processes and systems for effectively managing information security and minimizing information security risks. HKIRC are also aware and alert to InfoSec related news, and will review and respond to any new risks identified. For details about our recent responses, please see this document.
For references and guidance to setup a baseline IT security policy and guidelines, the Government of HKSAR has established the InfoSec website (http://www.infosec.gov.hk) to serve as a one-stop portal for the general public to effectively access information and resources on information security as well as measures and best practices for prevention of cyber crimes. Please visit the website for more resources regarding InfoSec.