Professionals’ Perspective on
Information Security Development in Hong Kong 2006
We are collecting opinions from the information security industry elites to foster a picture
for the development of Information Security in Hong Kong. Please contribute your
valuable 15 minutes to complete the following questionnaire.
A. View on Information Security Development Status in Hong Kong
In your view, what is the status of development of following information security
areas of Hong Kong? (Please tick the appropriate answer)
* IS = Information Security
Strongly Disagree Neutral Agree Strongly
1 2 3 4 5
1. Role of Government in Information Security
a. There is a comprehensive and
long-term IS policy in Hong Kong.
b. The Government has given much
attention to IS development.
c. The Government is playing a
leading role in coordination and
management of critical information
2. Communication and Consultation
a. Concerning the IS of Hong Kong,
the public can see a clear division
of labour and collaboration among
b. Inputs from IS experts are
effectively communicated to
Government in the development of
IS policies and strategies.
3. IT Governance and IS Standard
a. The standards for IT governance
and IS (such as COBIT and
ISO17799) are well-deployed in
local public sector.
b. The standards for IT governance
and IS are well-deployed in private
4. Information Security Awareness
a. The IS awareness in the business
sector remains at low level.
b. The IS awareness in the public
community remains at low level.
c. My organization has provided
sufficient IS awareness training to
5. Certification of quality of the IS workforce
a. There is sufficient supply of
qualified manpower in the field of
b. The Government has provided good
incentives for the workforce to
develop IS expertise.
c. The Government has enforced the
adoption of IS professional
6. Research and Development
a. For local R&D in IS field, the
existing resources and supporting
services are adequate.
b. There are sufficient R&D activities
in the local IS industry.
7. Collaboration with Mainland
a. The Government has provided
adequate support to local IS
industry to tap into the Mainland
8. Computer Forensics and Law Enforcement
a. Hong Kong has sufficient computer
forensics facilities to cope with the
current growth of computer-related
b. Hong Kong has sufficient law to
combat computer-related crime.
9. Critical Information Infrastructure Continuity and Incident Response
a. There is a well defined list of
deficiencies in critical information
infrastructure and there is a clear
roadmap for improvement.
b. The Government has control of the
business continuity of the Internet
infrastructure operated by
non-government bodies (such as the
Hong Kong Internet Exchange
c. The current Internet infrastructure
of Hong Kong is capable of
surviving large scale information
security attacks, like worms or
distributed denial of service
10. New and Emerging Technologies
a. The Government has been active in
gathering input from the industry on
the security threats of new and
11. Overall Comment
a The general IS development in
Hong Kong is satisfactory.
b. Hong Kong is currently competitive
in IS when compared to other
c. Five years later, Hong Kong will be
competitive in IS when compared to
other regional economies.
d. The resources currently allocated by
the government to IS development
in Hong Kong is enough.
e. The IS threat to Hong Kong
business is low.
f. The IS threat to Hong Kong home
users is low.
B. Comment on Most Concerned Information Security Areas
12. In your view, which of the follow information security areas of Hong Kong
requires more development? (Please tick the appropriate answer)
Information Security Areas of Strongly Disagree No Agree Strongly
Concern Disagree comment Agree
1 2 4 5
a. Government playing a more active
role in IS.
b. Promoting and facilitating the
adoption of IT governance and IS
standards in public and private
c. Promoting more IS awareness in the
d. Enforcing the certification of the IS
e. Allocating more resources to
IS-related Research & Development
f. Helping local IS industry to tap the
growing Mainland market
g. Improving the business continuity
planning and incident response
capabilities of critical information
infrastructure of Hong Kong
h. Adopting computer forensics
standards in Hong Kong
i. Establishing mechanism to gather
opinions to assessing risks for new
and emerging technologies.
j. Others (please specify):
13. In connection with the incident on the leakage of personal data on the
internet concerning complaints against the Hong Kong Police, are you
satisfied with the Government’s overall remedial action?
C. About the Respondent
14. Which professional organization(s) do you belong to? (Please choose all that apply)
( ) Hong Kong Computer Society
( ) Information Security and Forensics Society
( ) Information Systems Audit and Control Association (Hong Kong Chapter)
( ) Information Systems Security Association (Hong Kong Chapter)
( ) Professional Information Security Association
( ) Others IS-related organizations: (please specify) __________________________
15. Which information security professional qualification(s) do you have? (Please
choose all that apply)
( ) CBCP ( ) CISA ( ) CISM ( ) CISSP
( ) GCIH / GCIA / GSEC / GCFW
( ) ISSAP / ISSEP / ISSMP
( ) Others (please specify): ______________________________
16. Number of full-time staff in the Hong Kong office of your company is:
( ) 1- 9 ( ) 10- 19 ( ) 20-49 ( ) 50-99 ( ) 100 or above
We would like to record your contact so that we can send you the free report
summary of this survey and invite you to our seminar. All personal data will be kept
strictly confidential. Thanks for your kind cooperation.
**End of Questionnaire**
Please kindly fax the completed questionnaire to 2537 1469
This survey is jointly conducted by
Hong Kong Computer Society (Information Security Specialist Group)
Information Security and Forensics Society
Information Systems Audit and Control Association (Hong Kong Chapter)
Information Systems Security Association (Hong Kong Chapter)
Office of Sin Chung-kai, Legislative Councillor (IT)
Professional Information Security Association
Enquiry: 2509 3256