|
For Immediate Release
IT Professionals plea for more proactive
Government involvement in building
Hong Kong's information security capabilities
Hong Kong (4 July 2005) - Over 63%
of IT professionals believe that general
development of information security
(IS) in Hong Kong is unsatisfactory,
according to the latest survey jointly
conducted by the five leading IS-related
professional bodies together with
Sin Chung-kai, the Legislator representing
IT sector.
The Hong Kong Information Security
Annual Survey, which is the first
survey of its kind in Hong Kong to
understand IT professionals' views
on the local IS development, was conducted
from mid-April to June 2005. Over
170 members of IT industry with IS
professional qualifications participated
in this survey. The scope of survey
covers Government's IS policy and
initiatives, IT governance and IS
standards, level of IS awareness in
public and private sectors, as well
as the development in computer forensics
and law enforcement.
During the opening remarks of today's
press conference, Mr. Frank Yam, Chairperson
of the Information Security Specialist
Group of the Hong Kong Computer Society
(HKCS-ISSG), emphasized the importance
of communication between the Hong
Kong Government and the IS industry.
"The Information Security Survey
provided valuable information in understanding
the needs and desires of the IS professionals
in Hong Kong, and can be used by Government
as a basis to formulate corresponding
IS strategies and policies. By working
with the IS professionals, Government
can position Hong Kong as the regional
leader in all aspects of information
security," Mr. Yam added.
Mr Andy Ho, Chairperson of Professional
Information Security Association (PISA),
who was presenting the findings of
the survey said, "The security
issue that concerned most of the IS
professionals (91%) is the limited
actions in promoting the adoption
of IT governance and IS standards.
Most companies and public organizations
in Hong Kong, in particular, are not
keen to deploy security standards.
Over 90% of IT professionals believe
that internationally-recognized IT
governance and IS standards, such
as COBIT and ISO17799, are not well-adopted
in both the public and private sectors."
Mr. Ho said that given the role of
Hong Kong as an international financial
centre, and the heavy reliance on
information by corporations, it is
alarming that the need for security
standards has been overlooked. "An
information security incident in one
organization could very likely have
a ripple effect across other critical
infrastructures and systems. Any cyber
attack can seriously damage our economy
if current IS capabilities are not
kept up-to-date with international
practices".
In addition, IS professionals are
also greatly aware of the community's
low level of IS awareness although
IS training and education opportunities
are widely available in Hong Kong.
"Some 59% and 69% of the respondents
viewed that security awareness remains
at low level in business sector and
in the community respectively. Over
85% of IT professionals think that
there is much room for improvement
in raising security awareness."
Mr. Ho added.
The survey, on the other hand, also
finds that over 60% of the respondents
do not think that Hong Kong has sufficient
computer forensics facilities and
law to cope with the current growth
of computer-related crime.
While security challenges linger,
Mr. Ho commented that preventive measures
on information security were substantially
inadequate. "Nearly 80% of IS
professionals consider that current
resources allocated by the Government
are insufficient. Some 66% of respondents
even think that there is no comprehensive
and long-term IS policy in Hong Kong,"
said Mr. Ho. The survey shows that
69% of IS professionals even expressed
that the public could not see a clear
division of labour and collaboration
among Government departments in addressing
IS issues.
To improve the situation, Ms. Susanna
Chiu, the President of Information
Systems Audit and Control Association
(ISACA) Hong Kong Chapter, urged Government
to take an active role in building
a safe and secure IT environment for
both the local community and overseas
investors. "Hong Kong's future
success, as a leader in the information
security, requires a focused and dedicated
approach. We believe Government should
be an architect of IS infrastructure
so that local critical infrastructure
would be better coordinated and managed.
Given the increasing number of phishing
scams and security threats brought
by emerging technologies, efforts
must also be stepped up to increase
security awareness," Ms. Chiu
added.
"We think that it is of paramount
importance for Government to promote
actively the value of information
security as the key in achieving Hong
Kong's prosperity in the long run.
In particular, Government should be
competitive in international involvement
to enhance Hong Kong's branding as
a leader in the area of information
security," Ms. Chiu said.
For the long-term IS development
in Hong Kong, Ms. Chiu called for
the unification of IS professionals
to achieve synergy to combat cyber
threats. "As professionals in
the IS industry, we have an important
role to play in lending our expertise
and be the opinion leader to the Government,
business sector and local community
to look at security issues and challenges,"
Ms Chiu said.
Having recognized the importance
of IS to Hong Kong's economy, the
five leading IS-related organizations
with the support of Sin Chung Kai,
Legislator representing IT sector
have submitted a joint discussion
paper to the Government in addressing
IS issues in Hong Kong in January
2005.
"In responding to the industry's
views, Government will set up a task
force, comprising representatives
of Government, public bodies, business
sector and IS professional organizations,
under the Office of the Government
Chief Information Officer (OGCIO),
to review the issues raised in the
discussion paper. With the concerted
efforts of Government and the industry,
I believe we will create a better
IS environment in Hong Kong."
Sin Chung Kai said.
The Hong Kong Information Security
Annual Survey, was conducted by:
Hong Kong Computer Society - Information
Security Specialist Group
Information Systems Audit and Control
Association - Hong Kong Chapter
Information Security and Forensics
Society
Information Systems Security Association
- Hong Kong Chapter
Professional Information Security
Association
Office of Sin Chung Kai, Legislative
Councillor (IT).
For a copy of the survey, please
visit www.sinchungkai.org.hk.
For media enquiries, please contact:
Mr. Frank Yam, Chairperson of HKCS-ISSG
at 2890 7155
Ms. Susanna Chiu, President of ISACA
HK at 7301 2343
Mr. Andy Ho, Chairperson of PISA at
8104 6800
|
