General Users
Home > 
General Users
< back
Result: Item(s)
e-Authentication Methods
There are three basic authentication factors (i.e. “what the user knows”, “what the user has”, and “what the user is or does”) commonly referred to in an authentication system.
Guidelines for Using Software
A wide range of software can provide tools for ensuring information security.
Preventing Data Theft
At any time of day or night, a huge amount of data is being stored, retrieved and transferred in the average company or organisation. As a responsible user, you must know how to protect your data and prevent data theft from mobile devices.
Making Regular Backups
When you modify or remove important data on your computer, make sure that the data is backup.
Wireless Network Security
Low deployment costs make wireless networks attractive to both organisations and end users. However, the easy availability of inexpensive equipment also gives attackers the tools to launch attacks on the network. New security risks come with the benefits of adopting wireless networks.
Security Incident Handling for Companies
An Information Security Incident is an adverse event in an information system and/or a network that poses a threat to computer or network security in respect of availability, integrity and confidentiality.
Handling Malware Outbreak
Given that attackers are now moving away from attacks that are merely a nuisance or destructive towards activity that is motivated by financial gain, malicious code attacks have become more sophisticated and a significant concern to organisations.
Proper Use of the Internet
The Internet is now more than just an information source or research tool. It provides a great deal of opportunities for us to work, transact, communicate, learn and play.
Avoiding Phishing Websites
Try to avoid visiting phishing websites that imitate sites of well-known organisations. These are purposely setup to collect sensitive information from visitors, such personal information, usernames and passwords, in a fraudulent manner. This type of activity is notorious, and is known as phishing.
Surfing the Web and e-Shopping
All kinds of things can now be done online, from shopping, banking to studying and research.
Downloading Software
The Internet provides a virtually boundless space for downloadable resources. There are a number of potential risks, however, that you should take care to avoid.
Tips for Preventing Web Attacks
To avoid your PC being compromised and becoming a weapon to attack other machines, some tips are advised to web application and Internet users.
Handling User Accounts and Passwords
These are frontline security issues that have a direct effect on the way you handle your personal data, such as user accounts and passwords.
Handling Personal Information
Handle your personal information carefully while surfing the Internet.
Identity Management
Identity management in an enterprise is a combination of processes and technologies to manage and secure access to the information and resources of an organisation.
Keeping Self Awareness for Information Security
It is the responsibility of all of us to take charge of protecting our own information and data from attacks and computer related crimes. The following tips can help you stay aware of information security threats.
Securing Access Using e-Authentication
Electronic authentication (e-Authentication) is the process of establishing confidence in user identities presented electronically to an information system. This may involve verifying with “what the user knows”, “what the user has”, and/or “what the user is or does”. The greater the number of factors being verified, the higher the confidence can be established.
Encrypting Your Data
Encryption is a process for scrambling and transforming data from an easily readable and understandable format (such as Plain Text) into an unintelligible format that seems to be useless and not readily understandable (known as Cipher Text).
Protecting Your Privacy
Many websites, like e-shopping sites, Internet community sites, and social networking sites collect your personal information. It is easy to give away too much personal information online without really meaning to. Check a site's privacy statement and how they use your personal information and how they handle your account and password.
Handling Emails
Today, email is a common way of communicating with other people. It is very convenient, but it also poses threats to your computer system.
Protecting against Phishing Attacks
Do not follow URL links from un-trusted sources or emails such as spam emails to avoid being re-directed to malicious websites by malicious links looking seemingly legitimate.
Protecting against Spam Emails
Spam has become a major problem for almost every email user. We all need to spend time cleaning away the massive amount of unwanted and unsolicited email messages everyday.
Using Webmail Wisely
Some tips to end-users on using webmail wisely.
Avoiding Phone Fraud
Criminals also use the phone, and especially Internet phone systems, to trick people.
Using QR Code Carefully
QR code is a machine-readable two-dimensional barcode which contains information. Scanning a QR code will redirect you to a website or an application. Due to the prevalence of mobile devices, QR codes have become popular and widely used in advertising, promotion events and even mobile payment. Using QR codes wisely can bring us convenience, but you may easily fall into traps if you underestimate the risks.
Protecting Your Notebook
You have to protect your notebook computer from stealing.
Security Tips for Using Mobile Applications
Mobile devices (such as smartphones and tablet) have become an indispensable part of our daily lives. Mobile applications would process massive information, including personal and sensitive information. Users should exercise care when using mobile applications and take precautions to protect themselves from the potential security threats such as information leakage.
Securing Your Wireless Network
Before you make connection to the wireless Network, it is important to make sure that your device is being logically protected. A mobile device can connect to your wireless network wherever it is within range of the signal strength from your wireless router.
Tips on Using Public Wi-Fi
Free Wi-Fi facilities are available at various local and overseas public areas such as shopping malls, coffee shops, hotels, airports or government premises. Users should pay attention to the security risks when using Wi-Fi services.
Using Instant Messaging Safely
The following tips are designed for end-users using Instant Messaging as regular communication tool.
Securing Your New PC
Don't forget to implement necessary security measures when you set up your new PC at home. Just taking a new computer out of the box and connecting it to the Internet is not safe. You are exposing your PC to a number of security risks, such as virus and malicious codes infection, spam emails, denial of service attacks, disclosure of personal or sensitive information and so on.
Installing and Enabling Firewall
A firewall is a tool that can either be hardware or software. Its purpose is to protect computers against threats from intruders breaking into your computer or network via the Internet.
Patching Operating System
From time to time, software bugs are discovered in applications running on your PC. Software vendors will then release one or more 'patches' to fix the weaknesses. At the same time, hackers can take advantage of these weaknesses to attack the unpatched PCs.
Protecting against Malware
The best practices can protect your computer(s) more effectively against malware attacks
Using Software with Security Updates
All software products, including operating systems and software applications, have a lifecycle. Any software products could reach their end of support date and become outdated. End of support refers to the date when the software vendor no longer provides security updates, patches or customer support, etc. Any new vulnerability discovered in the software product after its end of support will not be addressed by new security updates.
Security Incident Handling for Individuals
To give home computer users a guide to basic measures to take if they encounter a Security Incident.
Disposal of Computing Devices
This section provides information on data deletion, and the proper way of disposing computers or storage media in order to prevent unwanted disclosure of information.
Tips on Using Public Computer
A public computer is any of the various types of computers available in public areas. In Hong Kong, places where public computers are available include libraries, cafes, restaurants or facilities run by the government. Many different people throughout the day use public computers, so using them poses certain security risks.
Protecting Mobile Devices
Examples of mobile devices include smartphones, tablets, and notebook computers.
Security of Remote Working
Below are some tips for all parties including organisations and individuals to maintain a safe and secure remote working or learning environment.
Guide on Secure Video Conferencing
The followings are some security measures / good practices to reduce the risks and avoid privacy breaches when hosting VC meetings or using VC solutions.
What is Information Security
The CIA triad of confidentiality, integrity, and availability is at the heart of information security.
Why Information Security Concern Me
Information security concerns everybody, because each one of us is exposed to information security risks every time we go online.
Botnet
Botnets are serious security threats to the Internet and they account for a majority of email spam, identity theft, phishing and distributed denial-of-service (DDoS) attacks.
Brute Force Attack
Brute force attack is the crack of credentials using all possible combinations by trial-and-error method until the password is guessed correctly.
Core Security Principles
Core Security Principles are some generally accepted principles that address information security from a very high-level viewpoint. These principles are fundamental in nature, and rarely change.
Data Breach
Data breach is a security incident in which data are accessed, altered, erased, stolen or leaked from a system without the consent of the system’s owner.
Deepfake
In recent years, deepfakes have attracted public attention for their malicious uses in the creation of fake videos, forged images and financial fraud, resulting in the spread of misinformation or disinformation which can potentially erode the reputation of businesses and trust among people. Nowadays, tools that create deepfakes are becoming more readily available. Plausible deepfakes have elicited public responses to detect and limit their use.
Identity Theft
Identity theft is a criminal act of getting hold of personal data of others without their knowledge or permission with an intent to defraud. The personal data is used by identity thieves to impersonate the data subjects for fraudulent purposes.
Insider Threat
An insider threat is a security risk that originates from within an organisation. It typically involves current or former employees, and outsourced business associates who have access to sensitive information or privileged accounts.
Malware
Malicious code refers to computer viruses, worms, spyware, Trojan Horses and other undesirable software. Attack made by using such software is to cause disruption either by deleting files, sending emails, or rendering the host system inoperable.
Ransomware
Ransomware is a malicious software that cyber criminals used to lock the files stored on the infected computer devices. These locked files are like hostage and the victims are required to follow the instructions of this malicious software and pay a ransom to unlock them.
Quiz
As what our slogan emphasises: Information Security is Everybody's Business. How much do you know about Information Security and Computer Related Crime? Take the challenge of our "Quiz on InfoSec", and you will then know the answer.
Glossary
Glossary of commonly used terms in information security