Baseline IT Security Policy (S17)

This document outlines the mandatory minimum security requirements for the protection of government’s information systems and data assets.
[PDF version]

IT Security Guidelines (G3)

This document elaborates on the policy requirements and sets the implementation standard on the security requirements specified in the Baseline IT Security Policy.
[PDF version]

Practice Guide for Information Security Incident Handling (ISPG-SM02)

This document provides the practical guidance and reference for handling information security incidents in the Government.
[PDF version]

Practice Guide for IT Security Risk Management

This document provides the practical guidance and reference for IT security risk management in the Government.
[PDF version]

Practice Guide for IT Security Threat Management

This document provides the practical guidance and reference for IT security threat management in the Government.
[PDF version]

Practice Guide for Security by Design

This document provides the practical guidance and reference for the adoption of Security by Design in the Government.
[PDF version]

Practice Guide for Security Risk Assessment & Audit (ISPG-SM01)

This document provides the practical guidance and reference for security risk assessment & audit in the Government.
[PDF version]

Practice Guide for Penetration Testing

This document provides the practical guidance and reference for the secure adoption of penetration testing in the Government.
[PDF version]

Practice Guide for Internet Gateway Security

This document provides the practical guidance and reference for the secure adoption of Internet gateway in the Government.
[PDF version]

Practice Guide for Mobile Security (ISPG-SM03)

This document provides the practical guidance and reference for the secure use of mobile devices and development of mobile apps in the Government.
[PDF version]

Practice Guide for Cloud Computing Security (ISPG-SM04)

This document provides the practical guidance and reference for the secure adoption of cloud computing technology in the Government.
[PDF version]

Practice Guide for Internet of Things Security

This document provides the practical guidance and reference for the secure adoption of Internet of Things (“IoT”) technology in the Government.
[PDF version]

Practice Guide for Social Media Security

This document provides the practical guidance and reference for secure management and use of social media in the Government.
[PDF version]

Practice Guide for Wi-Fi Security

This document provides the practical guidance and reference for secure design, management and operation of Wi-Fi network in the Government.
[PDF version]

Baseline IT Security Policy (S17)

This document outlines the mandatory minimum security requirements for the protection of government’s information systems and data assets.
[PDF version]

IT Security Guidelines (G3)

This document elaborates on the policy requirements and sets the implementation standard on the security requirements specified in the Baseline IT Security Policy.
[PDF version]

Practice Guide for Information Security Incident Handling (ISPG-SM02)

This document provides the practical guidance and reference for handling information security incidents in the Government.
[PDF version]

Practice Guide for IT Security Risk Management

This document provides the practical guidance and reference for IT security risk management in the Government.
[PDF version]

Practice Guide for IT Security Threat Management

This document provides the practical guidance and reference for IT security threat management in the Government.
[PDF version]

Practice Guide for Security by Design

This document provides the practical guidance and reference for the adoption of Security by Design in the Government.
[PDF version]

Practice Guide for Security Risk Assessment & Audit (ISPG-SM01)

This document provides the practical guidance and reference for security risk assessment & audit in the Government.
[PDF version]

Practice Guide for Penetration Testing

This document provides the practical guidance and reference for the secure adoption of penetration testing in the Government.
[PDF version]

Practice Guide for Internet Gateway Security

This document provides the practical guidance and reference for the secure adoption of Internet gateway in the Government.
[PDF version]

Practice Guide for Mobile Security (ISPG-SM03)

This document provides the practical guidance and reference for the secure use of mobile devices and development of mobile apps in the Government.
[PDF version]

Practice Guide for Cloud Computing Security (ISPG-SM04)

This document provides the practical guidance and reference for the secure adoption of cloud computing technology in the Government.
[PDF version]

Practice Guide for Internet of Things Security

This document provides the practical guidance and reference for the secure adoption of Internet of Things (“IoT”) technology in the Government.
[PDF version]

Practice Guide for Social Media Security

This document provides the practical guidance and reference for secure management and use of social media in the Government.
[PDF version]

Practice Guide for Wi-Fi Security

This document provides the practical guidance and reference for secure design, management and operation of Wi-Fi network in the Government.
[PDF version]

The HKSARG Interoperability Framework

[PDF version]

- I want to secure my website

- I want to protect my Windows computer

- I want to protect my Mac computer

- I want to protect my Android device

- I want to protect my iOS device

- Learning Centre of Cyber Security Information Portal

- Expert Corner of Cyber Security Information Portal

- Infographics of Cyber Security Information Portal

- Leaflets of Cyber Security Information Portal

- Beware of Malware Infection

- Protect Yourself against Ransomware

- Hong Kong Computer Emergency Response Team Coordination Centre

- No More Ransomware Website

Seek assistance or report an information security incident to the Hong Kong Computer Emergency Response Team Coordination Centre
Tel: 8105 6060, Fax: 8105 9760
Email address: hkcert@hkcert.org
Online form: https://www.hkcert.org/form/incident-report-end-user-sme/entry

Report a cyber crime to the Cyber Security and Technology Crime Bureau of the Hong Kong Police
Tel: 2860 5012
e-Report Centre: https://www.police.gov.hk/ppp_en/contact_us.html