Accessibility Links

Accessibility Links

English 繁體版 简体版

Navigation Menu 1

General UsersYoungsters & StudentsParents and TeachersIT ProfessionalsSME
FAQ Search :
Change text size: Text Size: Default Size (A) Text Size: Larger (A) Text Size: Largest (A)
general user youngsters and students parents and teachers IT professionals sme

Navigation Menu 2




IT Security Standards and Best Practices

To facilitate your planning on information security management for your company, we have highlighted some internationally recognised information security standards, guidelines and effective security practices for reference.

( To view and print the downloaded document, you need to use an Adobe Acrobat Reader. Please click here to download if necessary. Go to Adobe Website to download Adobe Acrobat Reader )

Government IT Security Policy and Guidelines

The Government of HKSAR has issued a Baseline IT Security Policy and a series of guidelines related to IT security to provide references and guidance to Government bureaux and departments in respect of the protection of Government information systems. The related documents are obtainable through the hyperlinks provided below. Users should note that the documents are for general reference only and users are responsible to make their own assessment on the information provided and to obtain independent advice before acting on it.

  • Baseline IT Security Policy - This document sets the baseline standards of IT security policy for Government bureaux/departments. It states what aspects are of paramount importance.

  • IT Security Guidelines - This document introduces concepts relating to IT security and elaborates further on the Baseline IT Security Policy.

There is increasing public concern about the security of information passing through public Wi-Fi networks. To address such a concern, the Communications Authority (CA) has published a set of security guidelines for public Wi-Fi service operators to follow. The guidelines are developed jointly with the industry and the relevant professional bodies.

IT Governance Standards and Best Practices

  • ISO 27001 - ISO standards specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.

  • ISO 27002 - The document is the code of practice for information security controls.

  • British Standard 7799 Part 3 - Guidelines for information security risk management published by BSI Group.

  • COBIT - The Control Objectives for Information and related Technology (COBIT) is a control framework for the governance and management of enterprise IT published by ISACA.

  • Common Criteria (also known as ISO/IEC 15408) - combine and align existing and emerging evaluation criteria with a collaborative effort among national security standards organisations of Australia, Canada, France, Germany, Japan, Netherlands, New Zealand, Spain, UK and US.

  • ITIL (or ISO/IEC 20000 series) - A collection of best practices in IT service management (ITSM), and focuses on the service processes of IT and considers the central role of the user.

  • National Information Security Technology Standard Specification - A collection of national information security standards formulated by the National Information Security Standards Technical Committee. These standards include information security management, information security evaluation, authentication and authorisation, etc.

  • SANS Security Policy Resource – A set of resources for for rapid development and implementation of information security policies.

Guidelines on Conducting Online Businesses and Activities

Guidelines on Safeguarding Data Privacy

Other References

Back back to topTop

Footer Menu

Sitemap | Contact Us | Privacy Policy | Important Notices
General Users Youngsters & Students Parents & Teachers IT Professionals SME