Security Project

For achieving business success, networking is always the key. With the advancement of Internet technology, networking also includes system and information knowledge. As long as there has been the Internet, e- security concern has twinned with its growth. The next e-commerce bloom relies on utmost protections against hackers, viruses, worms, and other threats to the proper functioning of corporate networks.

Although the statistics from the Hong Kong Police revealed that the number of reported cases of hacking plummeted from 275 in 2000 to 56 cases in the first half of 2001, this only translates that the public awareness on this kind of computer crime has been enhanced. But what calls our attention is the number of reported cases of criminal damage of data has been rising drastically, as the number of cases in the first half of 2001 was equaled to all cases recorded in 2000.

To the majority of SME, their teething problem is to cut cost and to survive, and at the same time, maintaining a certain level of confidence on protecting their information assets. Lack of information security knowledge and expertise, and lack of guidance, are not uncommonly found in the SME.

The heavy reliance of our daily activities and even critical services on computers and the Internet has led to the emergence of criminals of a different kind. It is important to realize how serious the threat of computer crime is, the profiles of computer criminals, their attack methods and what we can do about it before developing strategic solutions based on today's information technology.

Of course, there exists no single solution that can solve all the information security problems. The best way to effectively implement appropriate e-security solutions is to learn from real-life cases.

Security Project is a large-scale project focused on SMEs in Hong Kong. Being advised by Mr. Sin Chung Kai, Legislative Councillor (IT), Prof. Samuel Chanson, Chairman of Information Security & Forensics Society, and Ir. Jolly Wong, Deputy Chairman of The Hong Kong Institution of Engineers - Electronics Division, the Security Project aims to provide an effective platform for the enterprises to access to the latest security technologies and to grasp a clear picture about the new development and adoption of security technologies in Hong Kong.

Supporting organisations include The Hong Kong General Chamber of Commerce, Hong Kong Information Technology Federation, The Hong Kong Institution of Engineers, Hong Kong Internet Service Providers Association, Hong Kong Police IT Society, Hongkong Post, Hong Kong Science and Technology Parks Corporation, The Hong Kong Small & Medium Enterprise Association, Information Security & Forensics Society, Internet Security and PKI Application Centre (InPAC) of City University of Hong Kong, Professional Information Security Association, and Tradelink Electronic Commerce Ltd.

Being the organizer, e21MagicMedia sees the ultimate strategic solution to bring up security concerns could only be done through education, and sincerely hope that the Security Project could reach a promotional goal to minimize threats while enjoying the conveniences and benefits brought by the information technology.

The Project consists of three elements: Security Handbook, e-Security Conference 2001 Hong Kong and Security Survey.

Security Handbook

Being one of the three components of the Security Project, the Security Handbook was published and distributed to the members of the supporting organisations. The contents of this handbook covered updated development and services of e-security in Hong Kong. In addition to highlight some of the important issues on e-security, it also gave guidance and tips on information security with which all e- business should be aware of. A total of 5,000 handbooks were printed distributed to conference attendees and members of the supporting organisations.

Major contents of the Security Handbook included:

Overwhelming responses were received since the publication of the handbook, indicating that the audience made use of the handbook as their reference to acquire e-security information.

e-Security Conference 2001 Hong Kong

e-Security Conference 2001 Hong Kong was a solution-focused forum aimed at bringing together professionals in information security to reveal to the commercial world practical ways to manage security. It was successfully held for the first time on 12th December, 2001 (Wednesday) at the Hong Kong Convention and Exhibition Centre.

Being a platform to expose to valuable experience sharing by renowned experts, scholars, government officials and industry leaders, the Conference attracted over 500 attendees to discuss on various e- security solutions.

In a total of eight keynote sessions and eight other plenary case study sessions, attendees were exposed to series of sharing from real-life applications, with contents span over e-security issues in network architecture, security products and enabling technologies. The Conference also revealed to the audience the latest information security development in Hong Kong, providing them with a golden opportunity to evaluate and plan their e-security policy before entering 2002.

Keynote speakers included: Mr. Sin Chung Kai, Legislative Councillor (Information Technology), Prof. Dennis Longley, Visiting Professor of City University of Hong Kong, Mr. Ricci Ieong, Council Member of Information Security and Forensics Society, Ms. Puni Rajah, Vice President, Consulting of IDC Asia/Pacific, and representatives from e- Business Technology Institute, Hewlett-Packard Asia Pacific Ltd., Computer Associates and Symantec Hong Kong Ltd.\

Other speakers came from ACA Pacific Technology (HK) Ltd., Diyixian.com Ltd., F5 Networks Hong Kong Ltd., Hongkong Post, IBM China/Hong Kong Ltd., Information Security One (Hong Kong) Ltd. and Tradelink Electronic Commerce Ltd.

Security Survey DOWNLOAD (497k)

E-Commerce is growing in use, as organizations want to interact with potential and existing customers and partners in new ways often through the Internet. However, many of the SMEs are stilling not capitalizing on this emerging business channel. At the same time, most of the emerging Internet technologies present new business opportunities are accompanies by embedded risks, which are not easy to be aware. Security experts claimed that issues of trust related to information security take the spotlight, as users have to struggle to maintain the line between insider and outsider, and internal and external threats.

Capitalizing on this issue, together with the aim to keep the community abreast with the latest information security adoption in Hong Kong this Security Survey presented the attitude, approach and treatment SMEs in Hong Kong towards information security. Major concerns, budget allocation will be examined through statistical analysis. In addition, financial losses and corresponding actions related to security breaches encountered in the past 12 months were also investigated.

Target sample units are SMEs in Hong Kong. Survey questionnaires were mailed to the members of the twelve supporting organizations as loose inserts in the Security Handbook. Participations were all through voluntary responses – by fax back the completed questionnaire to e21MagicMedia within the period of November 12 and December 31.

Totally, 465 completed questionnaires were received, among which SME respondents amounted to 318, while the other 147 are classified as large corporations.

Respondents came mainly from the sectors of information technology, banking and finance, manufacturing, education, trading, and service industries, which are all among the 10 major industry sectors defined by the Census & Statistics Department.

Major findings included: