One Blog

電腦入侵升15% 倡設專責部門監察

.......................... 今年首7個月，香港電腦保安事故協調中心（下稱「協調中心」）接獲532宗電腦入侵（即黑客入侵、釣魚網站、濫發信息及間諜程式）的報告，比去年同期的464宗升15%；感染電腦病毒的報告則有218宗，與去年相若。

政府資訊科技總監辦公室發言人回應稱，政府撥款資助的協調中心是本港電腦保安事故匯報及應變中心，負責協助及協調電腦保安事故的修復工作。辦公室、警務處 及協調中心定期與互聯網供應商聯繫，打擊網上保安事故，提升香港作為領先數碼城市的網上保安。

...................

Why the computer incident increase 68 (15%)?

Actually I feel surprising if only 532 incident reported. There are 4.35 million Inernet users in Hong Kong (according to CNNIC) and incident report rate is only 0.01223 . In this sense, can government master the actually situation of incident? Or in other words, there are lots of incidents are not reported.

To stop/reduce the impact of and incident, we should know how serious of the impact. In security terms, we call it "Risk Analysis" We can do it in quantitative and qualitative way.

Quantitative Risk Analysis - calculate the Annual Loss Expected (ALE). The amount spend on prevent the incident should be less than the ALE, otherwise it is so call "not worth". However, this is not proper in a social responsibility.

Qualitative Risk Analysis - evaluate the impact and give a rating. Media always say"hacking is dangerous, it can steal everything from you, take care!" To general public, the impact is very high and it match their expectation that government should ~do something~ to protect citizen lives and assets.

The most important point is the technology gap. The gap is very important and important!!! Education is important but not limited to those stupid ways anymore such as exhibition in shopping mall, leaflet (in rubbish bin), low-B TV advertisement, non-sense slogan and horrible actor/actress representative.

Labels: security

posted by 一零一零 @ 8/13/2009