Survey on Professionals Perspective on Information Security

Document Sample
Survey on Professionals Perspective on Information Security Powered By Docstoc
					                          Professionals’ Perspective on
              Information Security Development in Hong Kong 2006
We are collecting opinions from the information security industry elites to foster a picture
for the development of Information Security in Hong Kong. Please contribute your
valuable 15 minutes to complete the following questionnaire.

A. View on Information Security Development Status in Hong Kong

In your view, what is the status of development of following information security
areas of Hong Kong? (Please tick the appropriate answer)

* IS = Information Security

                                                 Strongly Disagree Neutral Agree    Strongly
                                                 Disagree                            Agree
                                                     1       2        3       4         5

 1. Role of Government in Information Security
 a.   There is a comprehensive and
      long-term IS policy in Hong Kong.
 b.   The Government has given much
      attention to IS development.
 c.   The Government is playing a
      leading role in coordination and
      management of critical information

 2. Communication and Consultation
 a.   Concerning the IS of Hong Kong,
      the public can see a clear division
      of labour and collaboration among
      Government departments.
 b.   Inputs from IS experts are
      effectively communicated to
      Government in the development of
      IS policies and strategies.

 3. IT Governance and IS Standard
 a.    The standards for IT governance
       and IS (such as COBIT and
       ISO17799) are well-deployed in
       local public sector.
 b.    The standards for IT governance
       and IS are well-deployed in private

 4. Information Security Awareness
 a.    The IS awareness in the business
       sector remains at low level.

b.   The IS awareness in the public
     community remains at low level.
c.   My organization has provided
     sufficient IS awareness training to

5. Certification of quality of the IS workforce
a.   There is sufficient supply of
     qualified manpower in the field of
b.   The Government has provided good
     incentives for the workforce to
     develop IS expertise.
c.   The Government has enforced the
     adoption of IS professional

6. Research and Development
a.   For local R&D in IS field, the
     existing resources and supporting
     services are adequate.
b.   There are sufficient R&D activities
     in the local IS industry.

7. Collaboration with Mainland
a.   The Government has provided
     adequate support to local IS
     industry to tap into the Mainland

8. Computer Forensics and Law Enforcement
a.   Hong Kong has sufficient computer
     forensics facilities to cope with the
     current growth of computer-related
b. Hong Kong has sufficient law to
     combat computer-related crime.

9. Critical Information Infrastructure Continuity and Incident Response
a.   There is a well defined list of
     deficiencies in critical information
     infrastructure and there is a clear
     roadmap for improvement.
b. The Government has control of the
     business continuity of the Internet
     infrastructure operated by
     non-government bodies (such as the
     Hong Kong Internet Exchange

c.   The current Internet infrastructure
     of Hong Kong is capable of
     surviving large scale information
     security attacks, like worms or
     distributed denial of service

10. New and Emerging Technologies
a.   The Government has been active in
     gathering input from the industry on
     the security threats of new and
     emerging technologies.

11. Overall Comment
a    The general IS development in
     Hong Kong is satisfactory.
b. Hong Kong is currently competitive
     in IS when compared to other
     regional economies.
c.   Five years later, Hong Kong will be
     competitive in IS when compared to
     other regional economies.
d. The resources currently allocated by
     the government to IS development
     in Hong Kong is enough.
e.   The IS threat to Hong Kong
     business is low.
f.   The IS threat to Hong Kong home
     users is low.

B. Comment on Most Concerned Information Security Areas

12. In your view, which of the follow information security areas of Hong Kong
requires more development? (Please tick the appropriate answer)

      Information Security Areas of               Strongly Disagree No      Agree Strongly
      Concern                                     Disagree          comment       Agree
                                                        1       2               4       5
 a.   Government playing a more active
      role in IS.
 b.   Promoting and facilitating the
      adoption of IT governance and IS
      standards in public and private
 c.   Promoting more IS awareness in the
 d.   Enforcing the certification of the IS
      workforce qualifications.
 e.   Allocating more resources to
      IS-related Research & Development
 f.   Helping local IS industry to tap the
      growing Mainland market
 g.   Improving the business continuity
      planning and incident response
      capabilities of critical information
      infrastructure of Hong Kong
 h.   Adopting computer forensics
      standards in Hong Kong
 i.   Establishing mechanism to gather
      opinions to assessing risks for new
      and emerging technologies.
 j.   Others (please specify):

13. In connection with the incident on the leakage of personal data on the
    internet concerning complaints against the Hong Kong Police, are you
    satisfied with the Government’s overall remedial action?

        Yes.

        No.

        No comments

C. About the Respondent

14. Which professional organization(s) do you belong to? (Please choose all that apply)
    ( ) Hong Kong Computer Society
    ( ) Information Security and Forensics Society
    ( ) Information Systems Audit and Control Association (Hong Kong Chapter)
    ( ) Information Systems Security Association (Hong Kong Chapter)
    ( ) Professional Information Security Association
    ( ) Others IS-related organizations: (please specify) __________________________

15. Which information security professional qualification(s) do you have? (Please
    choose all that apply)
    ( ) CBCP           ( ) CISA          ( ) CISM          ( ) CISSP
    ( ) GCIH / GCIA / GSEC / GCFW
    ( ) Others (please specify): ______________________________

16. Number of full-time staff in the Hong Kong office of your company is:

      ( ) 1- 9    ( ) 10- 19    ( ) 20-49      ( ) 50-99   ( ) 100 or above

We would like to record your contact so that we can send you the free report
summary of this survey and invite you to our seminar. All personal data will be kept
strictly confidential. Thanks for your kind cooperation.

Name: ___________________________________
Email: ___________________________________
Telephone: ________________________________

                                **End of Questionnaire**
                                      Thank you!

Please kindly fax the completed questionnaire to 2537 1469

This survey is jointly conducted by
Hong Kong Computer Society (Information Security Specialist Group)
Information Security and Forensics Society
Information Systems Audit and Control Association (Hong Kong Chapter)
Information Systems Security Association (Hong Kong Chapter)
Office of Sin Chung-kai, Legislative Councillor (IT)
Professional Information Security Association

Enquiry: 2509 3256