Home' A Plus Magazine : June 2013 Contents June 2013 19
stock brokers, for
findings from such exercises. “Well defined
security policies, standards and guidelines
with regular security awareness training
and regular monitoring are critical to main-
taining effective data protection,” he adds.
Henry Shek, a partner at KPMG China,
says traditional IT management centered
on physical equipment – such as computers
and servers – is no longer valid. “ The focus
must now be on information governance,”
he says, which includes maintaining an up-
to-date inventory of data.
The Institute’s Chiu says that concerns
over data extend beyond the original col-
lection and storage of the data. “ We need
to know how data are being processed and
passed around among third parties who
have business dealings with the original or-
ganization that obtained the data,” she says.
There is no one-size-fits-all security
solution, experts warn. “Banks, insurance
companies or stock brokers, for instance,
have higher security requirements than
small owner-managed businesses,” says
James Ye, practising director at Mazars in
Hong Kong and an Institute member.
Meanwhile, obser vers say that Hong
Kong legislation is far from complete.
“ There are currently no specific regula-
tions for emerging technologies,” warns
Chiang at Grant Thornton. A recent South
China Morning Post report, for example,
noted that there were no provisions cover-
ing unprocessed data, such as what could
be collected from a satellite.
According to Kershaw at FTI, the adage
that the only secure computer is one that is
turned off and encased in concrete at the
bottom of Victoria Harbour, and that never
had any data on it in the first place, is not
entirely untrue. “Information,” he warns,
“can never be truly secure.”
info audit_v8.indd 19
4/6/13 9:25 PM
Links Archive May 2013 July 2013 Navigation Previous Page Next Page