Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
SmartCity Smart-e-ID ampUniversity Information SecurityPolicies amp Procedures Updates
Presented by Dr Ir Rosiah Ho CEng CPEng RPEng
Associate Director ITSC Academic Computing amp Knowledge Transfer
Part(1) - SmartCity Smart-e-ID
2
SmartCityHK Initiative Definition of SmartCity (Boyd Cohen) (HK Government OGCIO)
is an urban development vision to integrate ICT amp IoT solutions in a secure fashion to manage a city assets amp create values to the community SmartCity is an evolving concept it now encompasses-
bull ICT technology Bigdata Data Liberalization amp Openness bull Green amp sustainable development of a City bull SmartCity technologies will transform the way cities are managed
Citizens can enjoy greater efficiency and new services
Lingnan SmartCity Knowledge Transfer Initiatives
Lingnan has joined the Chinese Manufacturing Association (CMA) as one of it Standing Member of ldquoSmart Cityrdquo Sub-Committee in 2016
Lingnan has cooperated with Smart City Consortium HK in submitting the Chief Executive Community Fund to bid for a fund over 15M+ for SmartCity Smart Aging
In compiling KT proposals in- (i) Digital Citizenship Of HK amp (ii)SmartCity How BigData Reinvent HK Digital Future
SmartCity organizations offer Student Internship to Lingnan Students
LIFE plans to offer professional training programs to support HKSmartCity development Eg Bigdata analytic Smart-Aginghellipetc
In 2016 Chief Executive Policy Address it re-affirmed Governmentrsquos commitment to building HK as a SmartCity The OGCIO has commissioned a Consultative Study (Till mid-2017) for formulating a SmartCity blueprint for HK
3
HKG-OGCIO Objective of SmartCity Consultative Study a) To formulate medium amp longer term measures up to 2030 to develop HK into a SmartCity b) Scopes of Consultative Study
1) Policies amp strategies 2)Development plans 3)Governance model4) Digital infrastructure 5) Data Liberalization amp 6) Public-private collaboration
c) Aims To use innovative amp ICT technologies to enhance-bull City attractiveness to global business and talents bull To achieve cost amp energy savings bull To maintain City innovation (Urbanization) sustainability economic development safety amp efficiency
What Benefits amp Effects will SmartCity will Bring a) SmartCity Citizen will enjoy the benefits of new facilities via emerging technologies like-
bullTo Support bull City Management e-Govrsquot e-Come-Fin Industrial Revolution 40
bull Urban Innovations Transportation Environmental protection (Low bull Internet of Things (IoT)
Carbon city) Waste management amp Quality of Living (QoL)
bull Big data analytics Cloud computing bull Mobile technology
b) Make HK more - Liveable Economic diversified Convenient Healthier amp Safer
c) Improve the HK competitiveness better employment amp upward mobility opportunities for the youth amp the public 4
5
SmartCity Blueprints Core Info Security e-ID BigData amp
Internet+ 1 Smart Living 2 Smart Building amp Home (SmartHome) 3 Smart Transportation 4 Smart Energy (Renewable) 5 Smart Waste Management (Waste
recycling residual management Core
e-ID Info Security BigData Internet+
Recovery of waste organics amp energy) 6 Smart Education (e-Education) 7 Smart Governance(e-Government) 8 Smart Health (e-Medical) 9 Smart Communications (Internet+) 10 Smart NetworksMobility 11 Environmental Awareness (changing
weather conditions)
Internet + 1st mentioned by China prime minister Li Keqiang on 3Mar15 (Government Work Report) Application of the Internet amp other ICT (Mobile Internet Cloud computing Bigdata and IoT) to conventional industries to foster New Industries (Industrial Rev V4) amp business development in China
(B) Hongkong Post e-Certificate Essential amp Fundamental Element for
SmartCity amp Digital-Citizen
6
e-Commerce Driver (1)- Top 10 eCommerce Market by Country in 2016 The fast expansion of e-Commerce amp Online sales in existing global market will continue to growth with the prevalent of Internet (No signs of slowing down)
e-Cert is important to endorse (e-Commerce transactions) + (person identification) in the Internet
Rank
Country Sales Increase Top Online Retailer
eComTotal Retail Sales
1 China $42626 billion 340 Alibaba 101
2 USA $30565 billion 157 Amazon 65
3 UK $82 billion 166 Amazon 13
4 Japan $7083 billion 140 Rakuten 49
5 Germany $6338 billion 221 Amazon 73
6 France $3836 billion 121 Odigeo 46
7 South Korea $3311 billion 130 Coupang 9
8 Canada $2463 billion 174 Amazon 52
9 Russia $1747 billion 160 ulmartru 22
10 Brazil $1628 billion 220 B2W Digital Inc 38
Sources httpstrelliscoblogtop-10-ecommerce-markets-by-country 7
Compliance Driver (2)- HK Electronic Transactions Ordinance (ETO) (Cap 553) httpwwwogciogovhkenregulationeto
The HK Electronic Transactions Ordinance (Cap 553) (ETO) was enacted in January 2000 and updated in June 2004
In general the ETO
1Establish electronic signature have the same legal status as the paper-based counterparts amp 2To enhance public confidence in electronic transactions amp promote to use e-signature in e-transaction
Same Legal Status Hand Signature Electronic Signature 8
Basic of E-Cert Public-Private Key Encryption (加密)
Involves 2 distinct keys ndash public (stored in CA) private (user-owned) The private key is kept secret and never be divulged and it is password protected The public key is not secret and can be freely distributed shared amp use with anyone It is also called ldquoAsymmetric Cryptographyrdquo Two keys are mathematically related the private key cannot be derived from the
public key
Encryption
Public Key B (from CA-Certizen)
Decryption
Private Key B (User Own)
Ciphertext Plaintext (B) (A) Plaintext
9
Message Message
Hash function
Msg Digest (MD)
Encryption
Digital Signature
Hash function
Msg Digest (MD)
Decryption
Expected MD
Public Key (A)
Digital Signature How it Work Digital signature can be used in all e-Commerce Web amp e-mail to endorse
e-Transaction It is an electronic stamp or seal that append to the document Ensure the document being unchanged during transmission
Characteristic of e-Transaction Message Sender (A) Message Receiver (B) Authentication ndash Digital Certificate
Private Key (A)
Proof of identity of the parties in an electronic transaction
Non-repudiation ndash Digital Signature ndash Prevention of denial of commitment
or transaction with digital signature ndash
Confidentiality - Encryption ndash Protection the content information
of a transaction is kept private and secret from unauthorized third parties
Integrity ndash Message Digest ndash Proof that the message contents
have not been altered changed during transmission
10
Types of e-Certificate
Stored in bull e-Cert file USB bull e-Cert file Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque
HKID Holders
Stored in bull e-Cert file USB bull e-Cert file Card bull Smart ID Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque 11
HK Companies with Business Registration
(BR)
e-Cert (Organisational)e-Cert (Personal)
httpwwwhongkongpostgovhkproductecerttypepersonalindexhtml
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Part(1) - SmartCity Smart-e-ID
2
SmartCityHK Initiative Definition of SmartCity (Boyd Cohen) (HK Government OGCIO)
is an urban development vision to integrate ICT amp IoT solutions in a secure fashion to manage a city assets amp create values to the community SmartCity is an evolving concept it now encompasses-
bull ICT technology Bigdata Data Liberalization amp Openness bull Green amp sustainable development of a City bull SmartCity technologies will transform the way cities are managed
Citizens can enjoy greater efficiency and new services
Lingnan SmartCity Knowledge Transfer Initiatives
Lingnan has joined the Chinese Manufacturing Association (CMA) as one of it Standing Member of ldquoSmart Cityrdquo Sub-Committee in 2016
Lingnan has cooperated with Smart City Consortium HK in submitting the Chief Executive Community Fund to bid for a fund over 15M+ for SmartCity Smart Aging
In compiling KT proposals in- (i) Digital Citizenship Of HK amp (ii)SmartCity How BigData Reinvent HK Digital Future
SmartCity organizations offer Student Internship to Lingnan Students
LIFE plans to offer professional training programs to support HKSmartCity development Eg Bigdata analytic Smart-Aginghellipetc
In 2016 Chief Executive Policy Address it re-affirmed Governmentrsquos commitment to building HK as a SmartCity The OGCIO has commissioned a Consultative Study (Till mid-2017) for formulating a SmartCity blueprint for HK
3
HKG-OGCIO Objective of SmartCity Consultative Study a) To formulate medium amp longer term measures up to 2030 to develop HK into a SmartCity b) Scopes of Consultative Study
1) Policies amp strategies 2)Development plans 3)Governance model4) Digital infrastructure 5) Data Liberalization amp 6) Public-private collaboration
c) Aims To use innovative amp ICT technologies to enhance-bull City attractiveness to global business and talents bull To achieve cost amp energy savings bull To maintain City innovation (Urbanization) sustainability economic development safety amp efficiency
What Benefits amp Effects will SmartCity will Bring a) SmartCity Citizen will enjoy the benefits of new facilities via emerging technologies like-
bullTo Support bull City Management e-Govrsquot e-Come-Fin Industrial Revolution 40
bull Urban Innovations Transportation Environmental protection (Low bull Internet of Things (IoT)
Carbon city) Waste management amp Quality of Living (QoL)
bull Big data analytics Cloud computing bull Mobile technology
b) Make HK more - Liveable Economic diversified Convenient Healthier amp Safer
c) Improve the HK competitiveness better employment amp upward mobility opportunities for the youth amp the public 4
5
SmartCity Blueprints Core Info Security e-ID BigData amp
Internet+ 1 Smart Living 2 Smart Building amp Home (SmartHome) 3 Smart Transportation 4 Smart Energy (Renewable) 5 Smart Waste Management (Waste
recycling residual management Core
e-ID Info Security BigData Internet+
Recovery of waste organics amp energy) 6 Smart Education (e-Education) 7 Smart Governance(e-Government) 8 Smart Health (e-Medical) 9 Smart Communications (Internet+) 10 Smart NetworksMobility 11 Environmental Awareness (changing
weather conditions)
Internet + 1st mentioned by China prime minister Li Keqiang on 3Mar15 (Government Work Report) Application of the Internet amp other ICT (Mobile Internet Cloud computing Bigdata and IoT) to conventional industries to foster New Industries (Industrial Rev V4) amp business development in China
(B) Hongkong Post e-Certificate Essential amp Fundamental Element for
SmartCity amp Digital-Citizen
6
e-Commerce Driver (1)- Top 10 eCommerce Market by Country in 2016 The fast expansion of e-Commerce amp Online sales in existing global market will continue to growth with the prevalent of Internet (No signs of slowing down)
e-Cert is important to endorse (e-Commerce transactions) + (person identification) in the Internet
Rank
Country Sales Increase Top Online Retailer
eComTotal Retail Sales
1 China $42626 billion 340 Alibaba 101
2 USA $30565 billion 157 Amazon 65
3 UK $82 billion 166 Amazon 13
4 Japan $7083 billion 140 Rakuten 49
5 Germany $6338 billion 221 Amazon 73
6 France $3836 billion 121 Odigeo 46
7 South Korea $3311 billion 130 Coupang 9
8 Canada $2463 billion 174 Amazon 52
9 Russia $1747 billion 160 ulmartru 22
10 Brazil $1628 billion 220 B2W Digital Inc 38
Sources httpstrelliscoblogtop-10-ecommerce-markets-by-country 7
Compliance Driver (2)- HK Electronic Transactions Ordinance (ETO) (Cap 553) httpwwwogciogovhkenregulationeto
The HK Electronic Transactions Ordinance (Cap 553) (ETO) was enacted in January 2000 and updated in June 2004
In general the ETO
1Establish electronic signature have the same legal status as the paper-based counterparts amp 2To enhance public confidence in electronic transactions amp promote to use e-signature in e-transaction
Same Legal Status Hand Signature Electronic Signature 8
Basic of E-Cert Public-Private Key Encryption (加密)
Involves 2 distinct keys ndash public (stored in CA) private (user-owned) The private key is kept secret and never be divulged and it is password protected The public key is not secret and can be freely distributed shared amp use with anyone It is also called ldquoAsymmetric Cryptographyrdquo Two keys are mathematically related the private key cannot be derived from the
public key
Encryption
Public Key B (from CA-Certizen)
Decryption
Private Key B (User Own)
Ciphertext Plaintext (B) (A) Plaintext
9
Message Message
Hash function
Msg Digest (MD)
Encryption
Digital Signature
Hash function
Msg Digest (MD)
Decryption
Expected MD
Public Key (A)
Digital Signature How it Work Digital signature can be used in all e-Commerce Web amp e-mail to endorse
e-Transaction It is an electronic stamp or seal that append to the document Ensure the document being unchanged during transmission
Characteristic of e-Transaction Message Sender (A) Message Receiver (B) Authentication ndash Digital Certificate
Private Key (A)
Proof of identity of the parties in an electronic transaction
Non-repudiation ndash Digital Signature ndash Prevention of denial of commitment
or transaction with digital signature ndash
Confidentiality - Encryption ndash Protection the content information
of a transaction is kept private and secret from unauthorized third parties
Integrity ndash Message Digest ndash Proof that the message contents
have not been altered changed during transmission
10
Types of e-Certificate
Stored in bull e-Cert file USB bull e-Cert file Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque
HKID Holders
Stored in bull e-Cert file USB bull e-Cert file Card bull Smart ID Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque 11
HK Companies with Business Registration
(BR)
e-Cert (Organisational)e-Cert (Personal)
httpwwwhongkongpostgovhkproductecerttypepersonalindexhtml
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
SmartCityHK Initiative Definition of SmartCity (Boyd Cohen) (HK Government OGCIO)
is an urban development vision to integrate ICT amp IoT solutions in a secure fashion to manage a city assets amp create values to the community SmartCity is an evolving concept it now encompasses-
bull ICT technology Bigdata Data Liberalization amp Openness bull Green amp sustainable development of a City bull SmartCity technologies will transform the way cities are managed
Citizens can enjoy greater efficiency and new services
Lingnan SmartCity Knowledge Transfer Initiatives
Lingnan has joined the Chinese Manufacturing Association (CMA) as one of it Standing Member of ldquoSmart Cityrdquo Sub-Committee in 2016
Lingnan has cooperated with Smart City Consortium HK in submitting the Chief Executive Community Fund to bid for a fund over 15M+ for SmartCity Smart Aging
In compiling KT proposals in- (i) Digital Citizenship Of HK amp (ii)SmartCity How BigData Reinvent HK Digital Future
SmartCity organizations offer Student Internship to Lingnan Students
LIFE plans to offer professional training programs to support HKSmartCity development Eg Bigdata analytic Smart-Aginghellipetc
In 2016 Chief Executive Policy Address it re-affirmed Governmentrsquos commitment to building HK as a SmartCity The OGCIO has commissioned a Consultative Study (Till mid-2017) for formulating a SmartCity blueprint for HK
3
HKG-OGCIO Objective of SmartCity Consultative Study a) To formulate medium amp longer term measures up to 2030 to develop HK into a SmartCity b) Scopes of Consultative Study
1) Policies amp strategies 2)Development plans 3)Governance model4) Digital infrastructure 5) Data Liberalization amp 6) Public-private collaboration
c) Aims To use innovative amp ICT technologies to enhance-bull City attractiveness to global business and talents bull To achieve cost amp energy savings bull To maintain City innovation (Urbanization) sustainability economic development safety amp efficiency
What Benefits amp Effects will SmartCity will Bring a) SmartCity Citizen will enjoy the benefits of new facilities via emerging technologies like-
bullTo Support bull City Management e-Govrsquot e-Come-Fin Industrial Revolution 40
bull Urban Innovations Transportation Environmental protection (Low bull Internet of Things (IoT)
Carbon city) Waste management amp Quality of Living (QoL)
bull Big data analytics Cloud computing bull Mobile technology
b) Make HK more - Liveable Economic diversified Convenient Healthier amp Safer
c) Improve the HK competitiveness better employment amp upward mobility opportunities for the youth amp the public 4
5
SmartCity Blueprints Core Info Security e-ID BigData amp
Internet+ 1 Smart Living 2 Smart Building amp Home (SmartHome) 3 Smart Transportation 4 Smart Energy (Renewable) 5 Smart Waste Management (Waste
recycling residual management Core
e-ID Info Security BigData Internet+
Recovery of waste organics amp energy) 6 Smart Education (e-Education) 7 Smart Governance(e-Government) 8 Smart Health (e-Medical) 9 Smart Communications (Internet+) 10 Smart NetworksMobility 11 Environmental Awareness (changing
weather conditions)
Internet + 1st mentioned by China prime minister Li Keqiang on 3Mar15 (Government Work Report) Application of the Internet amp other ICT (Mobile Internet Cloud computing Bigdata and IoT) to conventional industries to foster New Industries (Industrial Rev V4) amp business development in China
(B) Hongkong Post e-Certificate Essential amp Fundamental Element for
SmartCity amp Digital-Citizen
6
e-Commerce Driver (1)- Top 10 eCommerce Market by Country in 2016 The fast expansion of e-Commerce amp Online sales in existing global market will continue to growth with the prevalent of Internet (No signs of slowing down)
e-Cert is important to endorse (e-Commerce transactions) + (person identification) in the Internet
Rank
Country Sales Increase Top Online Retailer
eComTotal Retail Sales
1 China $42626 billion 340 Alibaba 101
2 USA $30565 billion 157 Amazon 65
3 UK $82 billion 166 Amazon 13
4 Japan $7083 billion 140 Rakuten 49
5 Germany $6338 billion 221 Amazon 73
6 France $3836 billion 121 Odigeo 46
7 South Korea $3311 billion 130 Coupang 9
8 Canada $2463 billion 174 Amazon 52
9 Russia $1747 billion 160 ulmartru 22
10 Brazil $1628 billion 220 B2W Digital Inc 38
Sources httpstrelliscoblogtop-10-ecommerce-markets-by-country 7
Compliance Driver (2)- HK Electronic Transactions Ordinance (ETO) (Cap 553) httpwwwogciogovhkenregulationeto
The HK Electronic Transactions Ordinance (Cap 553) (ETO) was enacted in January 2000 and updated in June 2004
In general the ETO
1Establish electronic signature have the same legal status as the paper-based counterparts amp 2To enhance public confidence in electronic transactions amp promote to use e-signature in e-transaction
Same Legal Status Hand Signature Electronic Signature 8
Basic of E-Cert Public-Private Key Encryption (加密)
Involves 2 distinct keys ndash public (stored in CA) private (user-owned) The private key is kept secret and never be divulged and it is password protected The public key is not secret and can be freely distributed shared amp use with anyone It is also called ldquoAsymmetric Cryptographyrdquo Two keys are mathematically related the private key cannot be derived from the
public key
Encryption
Public Key B (from CA-Certizen)
Decryption
Private Key B (User Own)
Ciphertext Plaintext (B) (A) Plaintext
9
Message Message
Hash function
Msg Digest (MD)
Encryption
Digital Signature
Hash function
Msg Digest (MD)
Decryption
Expected MD
Public Key (A)
Digital Signature How it Work Digital signature can be used in all e-Commerce Web amp e-mail to endorse
e-Transaction It is an electronic stamp or seal that append to the document Ensure the document being unchanged during transmission
Characteristic of e-Transaction Message Sender (A) Message Receiver (B) Authentication ndash Digital Certificate
Private Key (A)
Proof of identity of the parties in an electronic transaction
Non-repudiation ndash Digital Signature ndash Prevention of denial of commitment
or transaction with digital signature ndash
Confidentiality - Encryption ndash Protection the content information
of a transaction is kept private and secret from unauthorized third parties
Integrity ndash Message Digest ndash Proof that the message contents
have not been altered changed during transmission
10
Types of e-Certificate
Stored in bull e-Cert file USB bull e-Cert file Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque
HKID Holders
Stored in bull e-Cert file USB bull e-Cert file Card bull Smart ID Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque 11
HK Companies with Business Registration
(BR)
e-Cert (Organisational)e-Cert (Personal)
httpwwwhongkongpostgovhkproductecerttypepersonalindexhtml
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
HKG-OGCIO Objective of SmartCity Consultative Study a) To formulate medium amp longer term measures up to 2030 to develop HK into a SmartCity b) Scopes of Consultative Study
1) Policies amp strategies 2)Development plans 3)Governance model4) Digital infrastructure 5) Data Liberalization amp 6) Public-private collaboration
c) Aims To use innovative amp ICT technologies to enhance-bull City attractiveness to global business and talents bull To achieve cost amp energy savings bull To maintain City innovation (Urbanization) sustainability economic development safety amp efficiency
What Benefits amp Effects will SmartCity will Bring a) SmartCity Citizen will enjoy the benefits of new facilities via emerging technologies like-
bullTo Support bull City Management e-Govrsquot e-Come-Fin Industrial Revolution 40
bull Urban Innovations Transportation Environmental protection (Low bull Internet of Things (IoT)
Carbon city) Waste management amp Quality of Living (QoL)
bull Big data analytics Cloud computing bull Mobile technology
b) Make HK more - Liveable Economic diversified Convenient Healthier amp Safer
c) Improve the HK competitiveness better employment amp upward mobility opportunities for the youth amp the public 4
5
SmartCity Blueprints Core Info Security e-ID BigData amp
Internet+ 1 Smart Living 2 Smart Building amp Home (SmartHome) 3 Smart Transportation 4 Smart Energy (Renewable) 5 Smart Waste Management (Waste
recycling residual management Core
e-ID Info Security BigData Internet+
Recovery of waste organics amp energy) 6 Smart Education (e-Education) 7 Smart Governance(e-Government) 8 Smart Health (e-Medical) 9 Smart Communications (Internet+) 10 Smart NetworksMobility 11 Environmental Awareness (changing
weather conditions)
Internet + 1st mentioned by China prime minister Li Keqiang on 3Mar15 (Government Work Report) Application of the Internet amp other ICT (Mobile Internet Cloud computing Bigdata and IoT) to conventional industries to foster New Industries (Industrial Rev V4) amp business development in China
(B) Hongkong Post e-Certificate Essential amp Fundamental Element for
SmartCity amp Digital-Citizen
6
e-Commerce Driver (1)- Top 10 eCommerce Market by Country in 2016 The fast expansion of e-Commerce amp Online sales in existing global market will continue to growth with the prevalent of Internet (No signs of slowing down)
e-Cert is important to endorse (e-Commerce transactions) + (person identification) in the Internet
Rank
Country Sales Increase Top Online Retailer
eComTotal Retail Sales
1 China $42626 billion 340 Alibaba 101
2 USA $30565 billion 157 Amazon 65
3 UK $82 billion 166 Amazon 13
4 Japan $7083 billion 140 Rakuten 49
5 Germany $6338 billion 221 Amazon 73
6 France $3836 billion 121 Odigeo 46
7 South Korea $3311 billion 130 Coupang 9
8 Canada $2463 billion 174 Amazon 52
9 Russia $1747 billion 160 ulmartru 22
10 Brazil $1628 billion 220 B2W Digital Inc 38
Sources httpstrelliscoblogtop-10-ecommerce-markets-by-country 7
Compliance Driver (2)- HK Electronic Transactions Ordinance (ETO) (Cap 553) httpwwwogciogovhkenregulationeto
The HK Electronic Transactions Ordinance (Cap 553) (ETO) was enacted in January 2000 and updated in June 2004
In general the ETO
1Establish electronic signature have the same legal status as the paper-based counterparts amp 2To enhance public confidence in electronic transactions amp promote to use e-signature in e-transaction
Same Legal Status Hand Signature Electronic Signature 8
Basic of E-Cert Public-Private Key Encryption (加密)
Involves 2 distinct keys ndash public (stored in CA) private (user-owned) The private key is kept secret and never be divulged and it is password protected The public key is not secret and can be freely distributed shared amp use with anyone It is also called ldquoAsymmetric Cryptographyrdquo Two keys are mathematically related the private key cannot be derived from the
public key
Encryption
Public Key B (from CA-Certizen)
Decryption
Private Key B (User Own)
Ciphertext Plaintext (B) (A) Plaintext
9
Message Message
Hash function
Msg Digest (MD)
Encryption
Digital Signature
Hash function
Msg Digest (MD)
Decryption
Expected MD
Public Key (A)
Digital Signature How it Work Digital signature can be used in all e-Commerce Web amp e-mail to endorse
e-Transaction It is an electronic stamp or seal that append to the document Ensure the document being unchanged during transmission
Characteristic of e-Transaction Message Sender (A) Message Receiver (B) Authentication ndash Digital Certificate
Private Key (A)
Proof of identity of the parties in an electronic transaction
Non-repudiation ndash Digital Signature ndash Prevention of denial of commitment
or transaction with digital signature ndash
Confidentiality - Encryption ndash Protection the content information
of a transaction is kept private and secret from unauthorized third parties
Integrity ndash Message Digest ndash Proof that the message contents
have not been altered changed during transmission
10
Types of e-Certificate
Stored in bull e-Cert file USB bull e-Cert file Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque
HKID Holders
Stored in bull e-Cert file USB bull e-Cert file Card bull Smart ID Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque 11
HK Companies with Business Registration
(BR)
e-Cert (Organisational)e-Cert (Personal)
httpwwwhongkongpostgovhkproductecerttypepersonalindexhtml
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
5
SmartCity Blueprints Core Info Security e-ID BigData amp
Internet+ 1 Smart Living 2 Smart Building amp Home (SmartHome) 3 Smart Transportation 4 Smart Energy (Renewable) 5 Smart Waste Management (Waste
recycling residual management Core
e-ID Info Security BigData Internet+
Recovery of waste organics amp energy) 6 Smart Education (e-Education) 7 Smart Governance(e-Government) 8 Smart Health (e-Medical) 9 Smart Communications (Internet+) 10 Smart NetworksMobility 11 Environmental Awareness (changing
weather conditions)
Internet + 1st mentioned by China prime minister Li Keqiang on 3Mar15 (Government Work Report) Application of the Internet amp other ICT (Mobile Internet Cloud computing Bigdata and IoT) to conventional industries to foster New Industries (Industrial Rev V4) amp business development in China
(B) Hongkong Post e-Certificate Essential amp Fundamental Element for
SmartCity amp Digital-Citizen
6
e-Commerce Driver (1)- Top 10 eCommerce Market by Country in 2016 The fast expansion of e-Commerce amp Online sales in existing global market will continue to growth with the prevalent of Internet (No signs of slowing down)
e-Cert is important to endorse (e-Commerce transactions) + (person identification) in the Internet
Rank
Country Sales Increase Top Online Retailer
eComTotal Retail Sales
1 China $42626 billion 340 Alibaba 101
2 USA $30565 billion 157 Amazon 65
3 UK $82 billion 166 Amazon 13
4 Japan $7083 billion 140 Rakuten 49
5 Germany $6338 billion 221 Amazon 73
6 France $3836 billion 121 Odigeo 46
7 South Korea $3311 billion 130 Coupang 9
8 Canada $2463 billion 174 Amazon 52
9 Russia $1747 billion 160 ulmartru 22
10 Brazil $1628 billion 220 B2W Digital Inc 38
Sources httpstrelliscoblogtop-10-ecommerce-markets-by-country 7
Compliance Driver (2)- HK Electronic Transactions Ordinance (ETO) (Cap 553) httpwwwogciogovhkenregulationeto
The HK Electronic Transactions Ordinance (Cap 553) (ETO) was enacted in January 2000 and updated in June 2004
In general the ETO
1Establish electronic signature have the same legal status as the paper-based counterparts amp 2To enhance public confidence in electronic transactions amp promote to use e-signature in e-transaction
Same Legal Status Hand Signature Electronic Signature 8
Basic of E-Cert Public-Private Key Encryption (加密)
Involves 2 distinct keys ndash public (stored in CA) private (user-owned) The private key is kept secret and never be divulged and it is password protected The public key is not secret and can be freely distributed shared amp use with anyone It is also called ldquoAsymmetric Cryptographyrdquo Two keys are mathematically related the private key cannot be derived from the
public key
Encryption
Public Key B (from CA-Certizen)
Decryption
Private Key B (User Own)
Ciphertext Plaintext (B) (A) Plaintext
9
Message Message
Hash function
Msg Digest (MD)
Encryption
Digital Signature
Hash function
Msg Digest (MD)
Decryption
Expected MD
Public Key (A)
Digital Signature How it Work Digital signature can be used in all e-Commerce Web amp e-mail to endorse
e-Transaction It is an electronic stamp or seal that append to the document Ensure the document being unchanged during transmission
Characteristic of e-Transaction Message Sender (A) Message Receiver (B) Authentication ndash Digital Certificate
Private Key (A)
Proof of identity of the parties in an electronic transaction
Non-repudiation ndash Digital Signature ndash Prevention of denial of commitment
or transaction with digital signature ndash
Confidentiality - Encryption ndash Protection the content information
of a transaction is kept private and secret from unauthorized third parties
Integrity ndash Message Digest ndash Proof that the message contents
have not been altered changed during transmission
10
Types of e-Certificate
Stored in bull e-Cert file USB bull e-Cert file Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque
HKID Holders
Stored in bull e-Cert file USB bull e-Cert file Card bull Smart ID Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque 11
HK Companies with Business Registration
(BR)
e-Cert (Organisational)e-Cert (Personal)
httpwwwhongkongpostgovhkproductecerttypepersonalindexhtml
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
(B) Hongkong Post e-Certificate Essential amp Fundamental Element for
SmartCity amp Digital-Citizen
6
e-Commerce Driver (1)- Top 10 eCommerce Market by Country in 2016 The fast expansion of e-Commerce amp Online sales in existing global market will continue to growth with the prevalent of Internet (No signs of slowing down)
e-Cert is important to endorse (e-Commerce transactions) + (person identification) in the Internet
Rank
Country Sales Increase Top Online Retailer
eComTotal Retail Sales
1 China $42626 billion 340 Alibaba 101
2 USA $30565 billion 157 Amazon 65
3 UK $82 billion 166 Amazon 13
4 Japan $7083 billion 140 Rakuten 49
5 Germany $6338 billion 221 Amazon 73
6 France $3836 billion 121 Odigeo 46
7 South Korea $3311 billion 130 Coupang 9
8 Canada $2463 billion 174 Amazon 52
9 Russia $1747 billion 160 ulmartru 22
10 Brazil $1628 billion 220 B2W Digital Inc 38
Sources httpstrelliscoblogtop-10-ecommerce-markets-by-country 7
Compliance Driver (2)- HK Electronic Transactions Ordinance (ETO) (Cap 553) httpwwwogciogovhkenregulationeto
The HK Electronic Transactions Ordinance (Cap 553) (ETO) was enacted in January 2000 and updated in June 2004
In general the ETO
1Establish electronic signature have the same legal status as the paper-based counterparts amp 2To enhance public confidence in electronic transactions amp promote to use e-signature in e-transaction
Same Legal Status Hand Signature Electronic Signature 8
Basic of E-Cert Public-Private Key Encryption (加密)
Involves 2 distinct keys ndash public (stored in CA) private (user-owned) The private key is kept secret and never be divulged and it is password protected The public key is not secret and can be freely distributed shared amp use with anyone It is also called ldquoAsymmetric Cryptographyrdquo Two keys are mathematically related the private key cannot be derived from the
public key
Encryption
Public Key B (from CA-Certizen)
Decryption
Private Key B (User Own)
Ciphertext Plaintext (B) (A) Plaintext
9
Message Message
Hash function
Msg Digest (MD)
Encryption
Digital Signature
Hash function
Msg Digest (MD)
Decryption
Expected MD
Public Key (A)
Digital Signature How it Work Digital signature can be used in all e-Commerce Web amp e-mail to endorse
e-Transaction It is an electronic stamp or seal that append to the document Ensure the document being unchanged during transmission
Characteristic of e-Transaction Message Sender (A) Message Receiver (B) Authentication ndash Digital Certificate
Private Key (A)
Proof of identity of the parties in an electronic transaction
Non-repudiation ndash Digital Signature ndash Prevention of denial of commitment
or transaction with digital signature ndash
Confidentiality - Encryption ndash Protection the content information
of a transaction is kept private and secret from unauthorized third parties
Integrity ndash Message Digest ndash Proof that the message contents
have not been altered changed during transmission
10
Types of e-Certificate
Stored in bull e-Cert file USB bull e-Cert file Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque
HKID Holders
Stored in bull e-Cert file USB bull e-Cert file Card bull Smart ID Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque 11
HK Companies with Business Registration
(BR)
e-Cert (Organisational)e-Cert (Personal)
httpwwwhongkongpostgovhkproductecerttypepersonalindexhtml
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
e-Commerce Driver (1)- Top 10 eCommerce Market by Country in 2016 The fast expansion of e-Commerce amp Online sales in existing global market will continue to growth with the prevalent of Internet (No signs of slowing down)
e-Cert is important to endorse (e-Commerce transactions) + (person identification) in the Internet
Rank
Country Sales Increase Top Online Retailer
eComTotal Retail Sales
1 China $42626 billion 340 Alibaba 101
2 USA $30565 billion 157 Amazon 65
3 UK $82 billion 166 Amazon 13
4 Japan $7083 billion 140 Rakuten 49
5 Germany $6338 billion 221 Amazon 73
6 France $3836 billion 121 Odigeo 46
7 South Korea $3311 billion 130 Coupang 9
8 Canada $2463 billion 174 Amazon 52
9 Russia $1747 billion 160 ulmartru 22
10 Brazil $1628 billion 220 B2W Digital Inc 38
Sources httpstrelliscoblogtop-10-ecommerce-markets-by-country 7
Compliance Driver (2)- HK Electronic Transactions Ordinance (ETO) (Cap 553) httpwwwogciogovhkenregulationeto
The HK Electronic Transactions Ordinance (Cap 553) (ETO) was enacted in January 2000 and updated in June 2004
In general the ETO
1Establish electronic signature have the same legal status as the paper-based counterparts amp 2To enhance public confidence in electronic transactions amp promote to use e-signature in e-transaction
Same Legal Status Hand Signature Electronic Signature 8
Basic of E-Cert Public-Private Key Encryption (加密)
Involves 2 distinct keys ndash public (stored in CA) private (user-owned) The private key is kept secret and never be divulged and it is password protected The public key is not secret and can be freely distributed shared amp use with anyone It is also called ldquoAsymmetric Cryptographyrdquo Two keys are mathematically related the private key cannot be derived from the
public key
Encryption
Public Key B (from CA-Certizen)
Decryption
Private Key B (User Own)
Ciphertext Plaintext (B) (A) Plaintext
9
Message Message
Hash function
Msg Digest (MD)
Encryption
Digital Signature
Hash function
Msg Digest (MD)
Decryption
Expected MD
Public Key (A)
Digital Signature How it Work Digital signature can be used in all e-Commerce Web amp e-mail to endorse
e-Transaction It is an electronic stamp or seal that append to the document Ensure the document being unchanged during transmission
Characteristic of e-Transaction Message Sender (A) Message Receiver (B) Authentication ndash Digital Certificate
Private Key (A)
Proof of identity of the parties in an electronic transaction
Non-repudiation ndash Digital Signature ndash Prevention of denial of commitment
or transaction with digital signature ndash
Confidentiality - Encryption ndash Protection the content information
of a transaction is kept private and secret from unauthorized third parties
Integrity ndash Message Digest ndash Proof that the message contents
have not been altered changed during transmission
10
Types of e-Certificate
Stored in bull e-Cert file USB bull e-Cert file Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque
HKID Holders
Stored in bull e-Cert file USB bull e-Cert file Card bull Smart ID Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque 11
HK Companies with Business Registration
(BR)
e-Cert (Organisational)e-Cert (Personal)
httpwwwhongkongpostgovhkproductecerttypepersonalindexhtml
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Compliance Driver (2)- HK Electronic Transactions Ordinance (ETO) (Cap 553) httpwwwogciogovhkenregulationeto
The HK Electronic Transactions Ordinance (Cap 553) (ETO) was enacted in January 2000 and updated in June 2004
In general the ETO
1Establish electronic signature have the same legal status as the paper-based counterparts amp 2To enhance public confidence in electronic transactions amp promote to use e-signature in e-transaction
Same Legal Status Hand Signature Electronic Signature 8
Basic of E-Cert Public-Private Key Encryption (加密)
Involves 2 distinct keys ndash public (stored in CA) private (user-owned) The private key is kept secret and never be divulged and it is password protected The public key is not secret and can be freely distributed shared amp use with anyone It is also called ldquoAsymmetric Cryptographyrdquo Two keys are mathematically related the private key cannot be derived from the
public key
Encryption
Public Key B (from CA-Certizen)
Decryption
Private Key B (User Own)
Ciphertext Plaintext (B) (A) Plaintext
9
Message Message
Hash function
Msg Digest (MD)
Encryption
Digital Signature
Hash function
Msg Digest (MD)
Decryption
Expected MD
Public Key (A)
Digital Signature How it Work Digital signature can be used in all e-Commerce Web amp e-mail to endorse
e-Transaction It is an electronic stamp or seal that append to the document Ensure the document being unchanged during transmission
Characteristic of e-Transaction Message Sender (A) Message Receiver (B) Authentication ndash Digital Certificate
Private Key (A)
Proof of identity of the parties in an electronic transaction
Non-repudiation ndash Digital Signature ndash Prevention of denial of commitment
or transaction with digital signature ndash
Confidentiality - Encryption ndash Protection the content information
of a transaction is kept private and secret from unauthorized third parties
Integrity ndash Message Digest ndash Proof that the message contents
have not been altered changed during transmission
10
Types of e-Certificate
Stored in bull e-Cert file USB bull e-Cert file Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque
HKID Holders
Stored in bull e-Cert file USB bull e-Cert file Card bull Smart ID Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque 11
HK Companies with Business Registration
(BR)
e-Cert (Organisational)e-Cert (Personal)
httpwwwhongkongpostgovhkproductecerttypepersonalindexhtml
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Basic of E-Cert Public-Private Key Encryption (加密)
Involves 2 distinct keys ndash public (stored in CA) private (user-owned) The private key is kept secret and never be divulged and it is password protected The public key is not secret and can be freely distributed shared amp use with anyone It is also called ldquoAsymmetric Cryptographyrdquo Two keys are mathematically related the private key cannot be derived from the
public key
Encryption
Public Key B (from CA-Certizen)
Decryption
Private Key B (User Own)
Ciphertext Plaintext (B) (A) Plaintext
9
Message Message
Hash function
Msg Digest (MD)
Encryption
Digital Signature
Hash function
Msg Digest (MD)
Decryption
Expected MD
Public Key (A)
Digital Signature How it Work Digital signature can be used in all e-Commerce Web amp e-mail to endorse
e-Transaction It is an electronic stamp or seal that append to the document Ensure the document being unchanged during transmission
Characteristic of e-Transaction Message Sender (A) Message Receiver (B) Authentication ndash Digital Certificate
Private Key (A)
Proof of identity of the parties in an electronic transaction
Non-repudiation ndash Digital Signature ndash Prevention of denial of commitment
or transaction with digital signature ndash
Confidentiality - Encryption ndash Protection the content information
of a transaction is kept private and secret from unauthorized third parties
Integrity ndash Message Digest ndash Proof that the message contents
have not been altered changed during transmission
10
Types of e-Certificate
Stored in bull e-Cert file USB bull e-Cert file Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque
HKID Holders
Stored in bull e-Cert file USB bull e-Cert file Card bull Smart ID Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque 11
HK Companies with Business Registration
(BR)
e-Cert (Organisational)e-Cert (Personal)
httpwwwhongkongpostgovhkproductecerttypepersonalindexhtml
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Message Message
Hash function
Msg Digest (MD)
Encryption
Digital Signature
Hash function
Msg Digest (MD)
Decryption
Expected MD
Public Key (A)
Digital Signature How it Work Digital signature can be used in all e-Commerce Web amp e-mail to endorse
e-Transaction It is an electronic stamp or seal that append to the document Ensure the document being unchanged during transmission
Characteristic of e-Transaction Message Sender (A) Message Receiver (B) Authentication ndash Digital Certificate
Private Key (A)
Proof of identity of the parties in an electronic transaction
Non-repudiation ndash Digital Signature ndash Prevention of denial of commitment
or transaction with digital signature ndash
Confidentiality - Encryption ndash Protection the content information
of a transaction is kept private and secret from unauthorized third parties
Integrity ndash Message Digest ndash Proof that the message contents
have not been altered changed during transmission
10
Types of e-Certificate
Stored in bull e-Cert file USB bull e-Cert file Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque
HKID Holders
Stored in bull e-Cert file USB bull e-Cert file Card bull Smart ID Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque 11
HK Companies with Business Registration
(BR)
e-Cert (Organisational)e-Cert (Personal)
httpwwwhongkongpostgovhkproductecerttypepersonalindexhtml
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Types of e-Certificate
Stored in bull e-Cert file USB bull e-Cert file Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque
HKID Holders
Stored in bull e-Cert file USB bull e-Cert file Card bull Smart ID Card bull e-token for signing purpose (MR) bull Bank - for signing e-Cheque 11
HK Companies with Business Registration
(BR)
e-Cert (Organisational)e-Cert (Personal)
httpwwwhongkongpostgovhkproductecerttypepersonalindexhtml
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
(C) Digital Cheque (e-Cheque)
12
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Current Status of e-Cheque in HK
bull Official launch of e-Cheque service on 7Dec2015
bull Between 7Dec15 to 31Jul16 (8 months) over 163000 e-Cheques with an aggregate value of HK$51 billion cleared through HK Interbank Clearing Limited (HKICL)
bull 9 local banks offers e-Cheque service to their customers
bull All banks must accept e-Cheque deposit (HKD USD RMB)
bull Deposit to Payee bank account directly
bull Legal protection governed by the Bills of Exchange (匯票) Ordinance
bull OrganizationsCorporates accepting e-Cheque payments ndash HKSAR Government (Inland Revenue Department Rating amp Valuation Department Treasury etc) ndash Utility companies ndash and more helliphellip
13
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
E-Cheque Cross Boundary (New)
Cross Boundary e-Cheque (Launch 20July2016) e-Cheque clearing between HK amp Guangdong (Shenzhen) province
bull e-Cheques issued by banks in HK amp deposited to banks in Guangdong province will be settled on T+1
bull 22 banks in Guangdong amp 28 banks in Shenzhen allow their customers to deposit e-Cheques through the Online e-Cheque Deposit Portal
bull List of Guangzhou banks accepting e-Cheque deposit httpsechequegzebsccn
bull List of Shenzhen banks accepting e-Cheque deposit httpscustszfesccn
14
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
What is e-Cheque
e-Cheque issued delivered and deposited online
Governed by the Bills of Exchange Ordinance
Support HKD USD RMB denominated e-Cheques
Digitally signed by the payer and the paying bank
Innovation Similar Application for University e-Transcript in Future
15
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Operating model e-Cheque Deposit through HKICLrsquos e-Cheque Drop Box
Payer 4B Payee Alternatively payer can send e-Cheque together with other
electronic documents to payee
Digitallysigned
e-Cheque
31 Send e-Cheque to payee by paying bank
7
5 Login e-Banking
9
4A Present e-Cheque amp select
or other collecting bank details Request for Digitally Digitallyauthenticated issuing signed signedmeans (2FA) e-Cheque e-Cheque e-Cheque
By Payer e-Cert amp Bank e-Cert
2 Verify Processing signature e-Cheque
6
HKICLrsquos e-Cheque
8
Verify Inward clearing file Drop Box Outward clearing file Payee identity and signedand signed ande-Cheque by HKICL e-Cheque by HKICL
Verify signature10
Clear and settle credit deposit internal records and e-Cheque Paying Bank Collecting Bank check for duplicate
presentments
16
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Overview of e-Cheque Deposit DropBox Channels
e-Cheque deposit
Deposit Channel Remarks
Hong Kong
bull Collecting bankrsquos Internet Banking Platform
bull HKICLrsquos e-Cheque Drop Box Desktop version wwwechequehkiclcomhk Mobile app version To download the apps from the website
Guangdong province
bull Guangzhoursquos online portal Desktop version httpsechequegzebsccn Mobile app version To download the apps from above website
Shenzhen bull Shenzhenrsquos online portal Desktop version httpwwwszfesccn httpscustszfesccn
17
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Benefits of e-Cheque Security Features of e-Cheque bull Retain all basic features and benefits of paper
cheque plus the following benefits
Faster ndash No need to wait in lines to deposit paper cheques
Safer ndash Once digitally signed e-cheques canrsquot be tampered using current technologies
Cheaper ndash Cutting costs and creating lots of business opportunities for banks and SMEs
bull More cost effective to use e-Cheque for cross-bankcross-boundary payments
bull More efficient for large volume bulk signing of e-Cheques via online means (for corporations)
bull Bulk signing and issuance of e-Cheques can be easily done online
bull 2 factor authentication (2FA) required for payer to issue e-Cheque through Internet banking platform
bull PKI technology any attempt to tamper e-Cheque will render the digital signature invalid and the e-Cheque not-presentable
bull Detail cheque record records of ALL e-Cheque will be kept by payer bank when it is issued
bull Duplicate presentment HKICL check for duplication presentment via centralised presentment portal
bull e-Cheque Encryption Private key encryption to further prevention of data leakage
18
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Updates of University-wide Information Security Policy
(2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
19
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
What is ISO
bull ISO represents International Standard Organization
bull The updated Lingnan IS Policy (Ver-Feb-2017) adheres to ISO 27000 Standard
bull Is an independent non-governmental international organization
bull It brings together experts to share knowledge and develop voluntary consensus-based market relevant international standards
bull ISO has published a lot of International Standards and related documents
(httpwwwisoorgisohomeabouthtm)
20
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Popular ISO Standards
The most common and well-known Management System standards are-
- ISO 9000 (Quality) amp ISO 14000 (Environmental)
- ISO 27000 (Information Security Management Systems)
(ISMS) Standards
(httpwwwisoorgisohomehtm)
21
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Highlights of ISOIEC 27000 (ISMS) Family Members (httpwwwisoorgisohomehtm)
bull ISMS ndash Overview and vocabulary ISOIEC 27000
bull ISMS Requirements ISOIEC27001
bull Code of Practice for IS controls ISOIEC27002
bull ISMS Implementation guidance ISOIEC27003
bull IS Management - measurements ISOIEC27004
bull IS Risk Management ISOIEC27005
bull Guidelines for ISMS Auditing ISOIEC27007
bull Guidelines for Auditors on IS Controls ISOIEC27008
bull Code practice for IS controls based on ISOIEC 27002 for Cloud services ISOIEC27017 Cloud
bull Code of practice for protection of personally identifiable information (PII) in Public Clouds ISOIEC27018 Public Cloud
22
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
ISO 27002 Code of Practice (httpwwwiso27001securitycomhtml27002html)
A5 Information Security Policy A12 Operations Security
A6 Organization of Information Security A13 Communications Security
A7 Human Resources Security A14 System Acquisition Development and Maintenance
A8 Asset Management A15 Supplier Relationship
A9 Access Control A16 Information Security Incident Management
A10 Cryptography A17 Business Continuity Management
A11 Physical and Environmental Security A18 Compliance
23
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Summary of Update of Lingnan University Information Security Policy (2017)
Enacted on 15-Feb-2017 with the endorsement from TLIS
Major Changes
1 (ISMS) as the Foundation Framework New LU ISP adhere to ISO 27000 Information Security Management Standards
2 Change of Data Classification
3 Introduce Information Asset Handling Procedures
4 Introduce Data Encryption for Removable Storage Devices
5 Change of Password Policies
6 Introduce the Non-Disclosure Agreement (NDA) to outsourcing working partners
7 Introduce the Server Registration
24
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Highlights (1) Change of Data Classification
bull Data classification will be changed from-
Old ldquorestrictedrdquo ldquoproprietaryrdquo and ldquopublicrdquo to New classification
New ldquohighly confidentialrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo
bull Previous classification does not have a classification for highly confidentiality
documents
bull The new classification does align with the HKSAR government standard (ldquosecretrdquo ldquoconfidentialrdquo ldquorestrictedrdquo and ldquopublicrdquo)
25
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Highlights (2) Information Asset Handling Procedures
Procedures and requirements including-
bull labeling of the information asset
bull granting access rights to different information assets (Data Policy)
bull Introducing Asset LifeCycle Management
Release Distribute and Disposal of -
bull Any hard copies documents
bull Emails amp
bull Data files that contain ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo information
26
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Highlights (3) Encryption of Removable Storage Device
bull The encryption requirement when using removable storage devices Eg USB Thumb Drive
bull Under Pilot Testing by ITSC and Administrative Department Eg ITSC HRO
bull Data Encryption Tools Sophos Safeguard Enterprise Encryption v80 (100 licenses initial)
bull Apply to Staff first then extend to Students
27
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Highlights (4) Policy for Changing of Password
bull Change the Maximum Password age from 90 days to 180 days
bull Reduce the Password history from 6 history to 3 history
bull MANDATE PASSWORD CHANGE users will be forced to change their password every 180 days otherwise their accounts will be LOCKED
28
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Highlights (5) Introduce the NDA
bull Need to be signed and observed by Universityrsquos 3rd party contractor to aware of University information contains ldquoHighly Confidentialrdquo or ldquoConfidentialrdquo when they handle their jobs with Lingnan
29
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Highlights (6) Server Registration
bull To ensure proper management of network servers (including
departmental server) that intentionally or unintentionally offer access or
service to outsiders all servers reside within our campus shall be registered with ITSC before they can go live for production (Permit to
Connect to Campus Network-PCCN)
30
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Security Awareness Web Updates wwwlneduhkitscinformation-security
New Info Security Website
bull Dorsquos and Donrsquots tips
bull Policies amp Guidelines
bull Personal Data Protection
bull Data Encryption Solution
bull IS Events and Activities
bull Other Resources
31
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
How to Pursue the Information Security Profession (Self Value-Addedness)
Continuous Life Long
Liberal Art Education Motto Education
32
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Key Drivers for Demand of IS Professionals in 21st Century
Digital Transformation of SmartCity e-Payment amp Fintech
Mobile Cloud amp Internet+
e-Government e-Health
Digital contents
e-Business
IOT
Access Credential Management Web Services Data Security Protection
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Source Hong Kong Police 2016 amp Forbes 2017
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Certification for Information Security Lingnan collaborate with ISACA to offer IS Professional Examination amp Training to UG amp PG Students
ISACA Information Systems Audit and control Association COBIT Control Objectives for Information amp Technology CISSP Certified Information systems Security Professional (ISC)2 CMMI Capability Maturity Model Integration CSX Cyber Security Nexus
35
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
International Global Knowledge 2016 IT Professional Survey
15 TOP PAYING IT CERTIFICATIONS IN 2016
Source Global Knowledge 2016 (in USD)
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Hong Kong Government IS Job Requirement
ISACArsquos 5 certifications have been recognised as the pre-requisite qualifications of Assessor () and Enhanced Competency Framework () by The Hong Kong Monetary Authority
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT) Cybersecurity Nexus (CSX)
Certification CISSP CISA
Hong Kong Monetary Authority
Cyber Resilience Assessment Framework
Source wwwhkmagovhkmediaengdockey-informationguidelines-and-circular201620161221e1pdf httpwwwhkmagovhkmediachidockey-informationguidelines-and-circular201620161219c1pdf
Source OGCIO
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
ISACA Certifications (New Career Path for Lingnan Graduate) 2016 IT Skills Demands amp Pay Trends Report
Source ISACA 2016
Lingnan ISACA collaborate to offer IS Professional Examinations amp Trainings to UG amp PG Students
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396
Dr Ir Rosiah Ho CEng CPEng RPE
rosiahLNeduhk
Tel +852 26168396