To protect information assets of the Institute Policy approved by - - PowerPoint PPT Presentation

▶

Sep 22, 2023 455 likes •590 views

To protect information assets of the Institute Policy approved by the Institute in Mar 2009 Information Security Organisation VP(ADM): Overall in-charge Information Security Officer (Director of ITS, aka Head of ITS): policy

SLIDE 1

SLIDE 2

 To protect information assets of the Institute  Policy approved by the Institute in Mar 2009  Information Security Organisation

VP(ADM): Overall in-charge
Information Security Officer (Director of ITS, aka

Head of ITS): policy implementation

VP / Dean: oversees the implementation of the

respective departments

Heads of Department: departmental plan and

procedure; develop BCP

SLIDE 3

 Information Classification  Labeling  Storage  Copy and Transmission of Information  Disclosure  Disposal  Incident Report

SLIDE 4

Highly Confidential

HKID no.
Appraisal
Salary info.
Exam paper

before release Confidential

Staff &

student data

Budget
Tender

document Internal

Departmental

meeting notes

Internal

policy & procedure Public

Information

intended to be released to the public

Notes: Data owners to determine the classification.

SLIDE 5

 Highly confidential & confidential information

are required to marked with its classification

Use chops for paper document
For digital document, use filename like Confidential
xxx
Use watermark or mark “Confidential” in PDF, Word
r Excel documents
For storage media such as DVD, thumb drive,

marking should be made clearly on the media itself

 Internal information does not require explicit

labeling

SLIDE 6

 Should be stored and processed by Institute-

wned equipment within the campus

 Should be stored in a secure manner (central

IS system, DMS system with access control & password protection)

 Not recommended to store in portable media,

like notebook computers, PDAs, etc.

 Portable storage media containing

confidential information must be encrypted

SLIDE 7

 Proper authorization is required  Should copy the minimal amount that is

needed, and destroy the copies after use.

 Classification and protection same as the

riginal information

 Transmission via email

Make sure recipient’s email address is correct
The confidential information sent as an attachment

with password protection.

SLIDE 8

 Only be disclosed with authorization

ensure the people receiving the information aware
f the classification
third party to sign non-disclosure agreement

 Highly confidential information

only be disclosed by the data owner or the data

custodian

Keep the record of who have access to the

information

SLIDE 9

 Paper & CD/DVDs should be shredded  Use hard disk wiping tools for hard disk,

thumb drives, etc.

 Magnetic tapes and floppy disk should be

degaussed or physically destroyed

SLIDE 10

 Report information security incidents through

normal management channels ASAP and ISO must also be informed.

 Examples of incidents

Loss of highly confidential data stored in thumb

drive

Computer account compromised which could

potentially expose any confidential information

SLIDE 11

 HKIEd Information Security -

www.ied.edu.hk/infosec/

 HKSAR Infosec website – www.infosec.gov.hk  Personal Data (Privacy) Ordinance -

www.pcpd.org.hk/english/ordinance/ordfull. html

SLIDE 12

 Access your awareness of the Infosec Policy  Read the http://www.ied.edu.hk/infosec and

the policies documents

 Do the 10-questions self-review test  Answers will be revealed to you if you failed  Refer to the web site or policies if needed  URL for the online self-review test

http://tgweb.ied.edu.hk:8080/tester/