Vulnerability Scanning and Correction Procedure

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) Tagged

1.        Purpose

The development of Internet technology has originated a surge of new application solutions to improve business practices in corporations. This technology has allowed companies to be more competitive on a global scale and changed the way people do business.However, as businesses worldwide place increasing reliance on interconnected systems and electronic data, the risks of fraud, inappropriate disclosure of sensitive data, and disruption of critical operations and services increase. The same factors that benefit business operations also make it possible for individuals and organizations to inexpensively interfere with or eavesdrop on these operations from remote locations for purposes of fraud or sabotage, or other mischievous or malicious purposes.

Evidently, security and privacy protection are key issues for companies nowadays. Maintaining security and privacy requires corporate planning, training, implementing controls properly, monitoring the effectiveness of controls and taking necessary corrective action. Read More

Information Security Plan

by Posted in 2. IT Security (資訊保安), 2.1 IT Security Requirement (保安要求) Tagged

1           Introduction

1.1             General

To realize the business strategy plan of Company, ICT will play, as enabler, an important role. As described hereafter ICT will contribute in the primary, secondary and managed operations processes by enabling global connectivity, integration of business systems and standardization of business processes. The changing business processes will have consequences for the ICT environment. The ICT programdescribes the steps, which are needed to support the business processes as they are being developed in the years to come. In this information plan an overview is given of the expected business processes and the required information architecture in a global environment. It is obvious that changes in the business strategy of Company will have to be reflected in this information plan. Read More

Disaster Recovery Plan for MFG/PRO ERP System

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作), 3. IT Application (應用軟件), 3.1 ERP System (資源管理) Tagged ,

1.        Definition

In this document context, ‘MFGPRO ERP System Disaster’ refers to the situation where the total system is unavailable to the users either due to hardware, network, or software problems and recovery is estimated to take more than 48 hours

‘MFGPRO Disaster Recovery’ is to offer a temporary measure/workaround solution to the organization to enable partial delivery of the processing service. Read More

General Requirement of using Computer workstation

by Posted in 2. IT Security (資訊保安), 2.1 IT Security Requirement (保安要求)

1.         Background and Definitions

Under the Occupational Safety and Health (Display Screen Equipment DSE) Regulation (Cap.509B) in Hong Kong, as an employer and person responsible for workplace, the company has a duty to ensure that a safe, healthy Workstation is made available to Users. The following definitions are assigned to the capitalised terms in this summary. Read More

IT Security implementation within Factory

by Posted in 2. IT Security (資訊保安), 2.1 IT Security Requirement (保安要求) Tagged

1           Information

This document is a collection of standards, procedures, and ways of working as used at the present time within Company that are being used to uphold the level of security as far as this is implemented.

Security is necessary for everyone and everything that is working with confidential information and should therefore also be everyone’s responsibility.

This document has been written as an attempt to shed some light on these responsibilities and to point out to people what responsibility they have regarding security. Read More