SlideShare ist ein Scribd-Unternehmen logo

Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong Kong

Amazon Web Services
Amazon Web Services

This session will provide an update on considerations for FIs around security and controls, with specific focus on the recently published Comprehensive Guidance on Cybersecurity Controls Issued by Securities and Futures Commission (SFC). The session will then conclude with an introduction to compliance concepts in the Cloud Using Security by Design principles.

Technologie
1 von 22
Downloaden Sie, um offline zu lesen
© 2016 Baker & McKenzie© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Paolo Sbuttoni, Special Counsel, Baker & McKenzie 17 June 2016 Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong Kong
This presentation has been prepared for clients and professional associates of Baker & McKenzie. Whilst every effort has been made to ensure accuracy, this presentation is not an exhaustive treatment of the area of law discussed and no responsibility for any loss occasioned to any person acting or refraining from action as a result of material in this presentation is accepted by Baker & McKenzie. Baker & McKenzie, a Hong Kong Partnership, is a member firm of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organisations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm. © 2016 Baker & McKenzie AWS Enterprise Summit: Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong Kong Paolo Sbuttoni, Special Counsel, Baker & McKenzie 17 June 2016
© 2016 Baker & McKenzie 3 Agenda •  Cybersecurity trends •  Legal framework on data security in Hong Kong for FSIs (Recent SFC and HKMA developments) •  Practical tips to address the risks
Cybersecurity trends
© 2016 Baker & McKenzie Increase in data breaches ‒  New York Times: §  Articles containing “data” and “breach” in 2012 = 117 §  Articles containing “data” and “breach” in 2015 = 650 ‒  Annual Verizon Data Breach Investigations Report: §  2012 report – 855 breaches, 174 million compromised records §  2015 report – 2,122 breaches, 700 million compromised records 5
© 2016 Baker & McKenzie 6 Trends ‒  Increasing incidence of attacks: large and small scale ‒  Increasing opportunity to do harm with personal information e.g. identity theft, extortion, corporate and political sabotage ‒  Increased expectations and legal obligations (including reporting): §  US Cybersecurity Act 2015 §  EU Network Information Security Directive
© 2016 Baker & McKenzie 7 Risks for FSIs ‒  Loss of confidential data, including trade secrets ‒  Prevention of access to data needed to run business ‒  Loss of income/loss of clients ‒  Loss of reputation ‒  Costs associated with remedying breach/improving systems ‒  Breach of contractual obligations ‒  Notification and potential penalities ‒  Involvement in police or regulatory investigation
© 2016 Baker & McKenzie Baker & McKenzie Cybersecurity Counter-offensive Asia Pacific Guide v  Provides an outline of the preliminary assessment we recommend should be undertaken by clients when confronted with a suspected data breach v  Identifies, for 13 countries in the Asia Pacific region, the position in response to a number of common issues which arise in dealing with a data breach incident 8
© 2016 Baker & McKenzie Common issues arising from a data breach incident (Please refer to Baker & McKenzie Cybersecurity Asia Pacific Guide for further detail) .au .cn .hk .in .id .jp .my .ph .sg .kr .tw .th .vn Is it unlawful to access third party data without authorisation? Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Are there any civil legal processes available to retrieve lost data? Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes No Is it possible to keep legal proceedings confidential? Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes No Are there obligations with respect to holding personal information securely? Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Are there specific laws restricting/limiting the export of personal information? Yes Yes No No No No Yes Yes Yes Yes Yes Yes No Is there a general obligation to notify data subjects of a security breach? No No No No Yes No No Yes No Yes Yes No No Is there a general obligation to notify the authorities of a data breach? No No No Yes No No No Yes No Yes No No Yes Are there sector specific data breach notification obligations? Yes Yes No No No Yes No Yes Yes Yes Yes Yes Yes 9
Legal Framework on data security in Hong Kong
© 2016 Baker & McKenzie 11 Data Security Framework Personal Data (Privacy) Ordinance ‒  Six Data Protection Principles (DPPs): 1.  Scope of collection 2.  Accuracy and length of retention 3.  Use of data 4.  Security of data 5.  Data privacy policies 6.  Rights of access
© 2016 Baker & McKenzie 12 Data Security Framework ‒  Data Protection Principle 4: All practicable steps shall be taken to ensure that personal data held by a data user are protection against unauthorized or accidental access, processing, erasure, loss or use ‒  All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data) ‒  Failure to take these steps: §  Enforcement Notice against the data user §  Civil claim by affected data subjects against data user
© 2016 Baker & McKenzie Sector specific guidelines Supervisory Policy Manual: •  General Principles for Technology Risk Management •  Operational Risk Management •  E-banking •  Outsourcing Circular on Examinations on controls over Customer Data Protection (2006) / Customer Data Protection (2008) Circular on Customer Data Protection (October 2014) Cybersecurity Risk Management (September 2015) Cybersecurity Fortification Initiative (24 May 2016) Circular on security controls related to internet banking services (26 May 2016) SFC Code of Conduct Internal Control Guidelines Circular on IT Management (March 2010) Circular on Internet Trading Reducing Internet Hacking Risks (January 2014) Circular to all Licensed Corporations on Cybersecurity (23 March 2016) Circular: Mitigating Cybersecurity Risks (November 2014) Circular: Internet Trading (June 2015) 13
© 2016 Baker & McKenzie 14 SFC Circular on Cybersecurity - 23 March 2016 Five Key Areas of Concern 1. Inadequate coverage of cybersecurity risk assessment exercises 2. Inadequate cybersecurity risk assessment of service providers 3. Insufficient cybersecurity awareness training 4. Inadequate cybersecurity incident management arrangements 5. Inadequate data protection programs Eight Suggested Cybersecurity Controls 1. Establish a strong governance framework to supervise cybersecurity management 2. Implement a formalized cybersecurity management process for service providers 3. Enhance security architecture to guard against advanced cyber- attacks 4. Formulate information protection programs to ensure sensitive information flow is protected 5. Strengthen threat, intelligence and vulnerability management to pro- actively identify and remediate cybersecurity vulnerabilities 6. Enhance incident and crisis management procedures with more details of latest cyber-attack scenarios 7. Establish adequate backup arrangements and a written contingency plan with the incorporation of the latest cybersecurity landscape 8. Reinforce user access controls to ensure access to information is only granted to users on a need-to-know basis
© 2016 Baker & McKenzie 15 HKMA Cybersecurity Fortification Initiative (CFI) Cyber Resilience Assessment Framework • Seeks to establish a common risk- based framework for banks to assess their own risk profiles and determine the level of defence and resilience required. • Draft framework issued to the banking industry for consultation for 3 months. Professional Development Programme • Training and certification programme in Hong Kong which aims to increase the supply of qualified professionals in cybersecurity, who will be able to conduct risjk assessments. • HKMA will work with Hong Kong Institute of Bankers (HKIB) and Hong Kong Applied Science and Technology Research Institute (ASTRI) to roll out the first training courses for cybersecurity practitioners by the end of 2016. Cyber Intelligence Sharing Platform • Will allow sharing of cyber threat intelligence among banks in order to enhance collaboration and improve cyber resilience. • HKMA will work with The Hong Kong Association of Banks (HKAB) and ASTRI to establish the Cyber Intelligence Sharing Platform by the end of 2016. • All banks expected to join. A comprehensive initiative and a supervisory requirement for banks in Hong Kong to implement to raise the level of cybersecurity through a three-pronged approach (HKMA Circular 24 May 2016):
© 2016 Baker & McKenzie Data Breach Reporting ‒  Guidance on Data Breach Handling and Giving of Breach Notifications (updated October 2015) ‒  Industry specific reporting: §  HKMA expects AIs to report breaches to HKMA / affected customers ‒  Privacy Management Programme - Best Practice Guide (2014) recommends: §  data users establish procedures and have an officer / team responsible for managing a data breach 16
Practical tips
© 2016 Baker & McKenzie Incident response plan ‒  Formulate policies and procedures which will establish systems for identifying, investigating, mitigating and resolving risks ‒  Regularly monitor compliance with those systems, including, where necessary, conducting further risk assessments 18
© 2016 Baker & McKenzie Where an incident has occurred ‒  Conduct a timely and proportionate initial investigation ‒  Gather information / contain the breach / assess the “risk of harm” to data subject ‒  Consider: §  Whether the company has any notification obligations e.g. regulatory, contractual (insurers) – see data breach assessment guidelines in Cybersecurity Counter-offensive Asia Pacific Guide §  When notification should be made 19
© 2016 Baker & McKenzie Early notification is good ‒  Acting quickly: §  Assists in containment §  Affected individuals/organizations can start to take steps to mitigate their losses §  Seen to be concerned – reduced reputational impact 20
© 2016 Baker & McKenzie Jumping the gun is not ‒  May cause affected individuals to take unnecessary detrimental steps ‒  May cause unaffected individuals to believe they are affected (further loss of reputation) ‒  May compromise the investigation of perpetrators ‒  May increase risk of legal action by customers/contractual counterparties 21
This presentation has been prepared for clients and professional associates of Baker & McKenzie. Whilst every effort has been made to ensure accuracy, this presentation is not an exhaustive treatment of the area of law discussed and no responsibility for any loss occasioned to any person acting or refraining from action as a result of material in this presentation is accepted by Baker & McKenzie. Baker & McKenzie, a Hong Kong Partnership, is a member firm of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organisations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm. © 2016 Baker & McKenzie Paolo Sbuttoni Special Counsel, Hong Kong +852 2846 1521 paolo.sbuttoni@bakermckenzie.com Paolo Sbuttoni Special Counsel, Hong Kong +852 2846 1521 paolo.sbuttoni@bakermckenzie.com

Empfohlen

How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRCharlie Pownall
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
Cyber Sentinel Sample Maturity Assessment report
Cyber Sentinel Sample Maturity Assessment reportCyber Sentinel Sample Maturity Assessment report
Cyber Sentinel Sample Maturity Assessment reportChristian Nyakanyanga
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 

Empfohlen

How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRCharlie Pownall
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
Cyber Sentinel Sample Maturity Assessment report
Cyber Sentinel Sample Maturity Assessment reportCyber Sentinel Sample Maturity Assessment report
Cyber Sentinel Sample Maturity Assessment reportChristian Nyakanyanga
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
Technology Alignment Framework
Technology Alignment FrameworkTechnology Alignment Framework
Technology Alignment FrameworkMark S. Mahre
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsDam Frank
 
Enterprise Identity and Access Management Use Cases
Enterprise Identity and Access Management Use CasesEnterprise Identity and Access Management Use Cases
Enterprise Identity and Access Management Use CasesWSO2
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Cobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingCobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingMuhammad Aslam
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantIlesh Dattani
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Privacy By Designer (PHP.ghent)
Privacy By Designer (PHP.ghent)Privacy By Designer (PHP.ghent)
Privacy By Designer (PHP.ghent)Ann Wuyts
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Dr. Ann Cavoukian
 

Weitere ähnliche Inhalte

Was ist angesagt?

SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Technology Alignment Framework
Technology Alignment FrameworkTechnology Alignment Framework
Technology Alignment FrameworkMark S. Mahre
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsDam Frank
 
Enterprise Identity and Access Management Use Cases
Enterprise Identity and Access Management Use CasesEnterprise Identity and Access Management Use Cases
Enterprise Identity and Access Management Use CasesWSO2
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Cobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingCobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingMuhammad Aslam
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantIlesh Dattani
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 

Was ist angesagt? (20)

SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Technology Alignment Framework
Technology Alignment FrameworkTechnology Alignment Framework
Technology Alignment Framework
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT Systems
 
Enterprise Identity and Access Management Use Cases
Enterprise Identity and Access Management Use CasesEnterprise Identity and Access Management Use Cases
Enterprise Identity and Access Management Use Cases
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Cobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingCobit itil and iso 27001 mapping
Cobit itil and iso 27001 mapping
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliant
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
 
Information risk management
Information risk managementInformation risk management
Information risk management
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Security
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 

Andere mochten auch

Privacy By Designer (PHP.ghent)
Privacy By Designer (PHP.ghent)Privacy By Designer (PHP.ghent)
Privacy By Designer (PHP.ghent)Ann Wuyts
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Dr. Ann Cavoukian
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoEMarc Vael
 
Managing Cloud Security Design and Implementation in a Ransomware World
Managing Cloud Security Design and Implementation in a Ransomware World Managing Cloud Security Design and Implementation in a Ransomware World
Managing Cloud Security Design and Implementation in a Ransomware World MongoDB
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White PapaerKristyn Greenwood
 
Google在被遺忘權 (Right to Be Forgotten)中所扮演的角色
Google在被遺忘權 (Right to Be Forgotten)中所扮演的角色Google在被遺忘權 (Right to Be Forgotten)中所扮演的角色
Google在被遺忘權 (Right to Be Forgotten)中所扮演的角色Wayne Chung
 
#Ready4EUdataP Privacy by Design: effetti pratici sui sistemi IT Giancarlo Butti
#Ready4EUdataP Privacy by Design: effetti pratici sui sistemi IT Giancarlo Butti#Ready4EUdataP Privacy by Design: effetti pratici sui sistemi IT Giancarlo Butti
#Ready4EUdataP Privacy by Design: effetti pratici sui sistemi IT Giancarlo ButtiEuroPrivacy
 
Privacy by design
Privacy by designPrivacy by design
Privacy by designblogzilla
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignEleanor McHugh
 
Security by design: An Introduction to Drupal Security
Security by design: An Introduction to Drupal SecuritySecurity by design: An Introduction to Drupal Security
Security by design: An Introduction to Drupal SecurityMediacurrent
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsMarius FAILLOT DEVARRE
 
20171106 - Privacy Design Lab - LINDDUN
20171106 - Privacy Design Lab - LINDDUN20171106 - Privacy Design Lab - LINDDUN
20171106 - Privacy Design Lab - LINDDUNBrussels Legal Hackers
 
Safeguarding privacy in research design
Safeguarding privacy in research designSafeguarding privacy in research design
Safeguarding privacy in research designMarlon Domingus
 
Top career課件
Top career課件Top career課件
Top career課件Qilian
 
Ame Elliott – No, Thank You: User Experience Design for Privacy
Ame Elliott – No, Thank You: User Experience Design for PrivacyAme Elliott – No, Thank You: User Experience Design for Privacy
Ame Elliott – No, Thank You: User Experience Design for PrivacyNEXT Conference
 

Andere mochten auch (18)

Privacy By Designer (PHP.ghent)
Privacy By Designer (PHP.ghent)Privacy By Designer (PHP.ghent)
Privacy By Designer (PHP.ghent)
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoE
 
Managing Cloud Security Design and Implementation in a Ransomware World
Managing Cloud Security Design and Implementation in a Ransomware World Managing Cloud Security Design and Implementation in a Ransomware World
Managing Cloud Security Design and Implementation in a Ransomware World
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
 
Google在被遺忘權 (Right to Be Forgotten)中所扮演的角色
Google在被遺忘權 (Right to Be Forgotten)中所扮演的角色Google在被遺忘權 (Right to Be Forgotten)中所扮演的角色
Google在被遺忘權 (Right to Be Forgotten)中所扮演的角色
 
#Ready4EUdataP Privacy by Design: effetti pratici sui sistemi IT Giancarlo Butti
#Ready4EUdataP Privacy by Design: effetti pratici sui sistemi IT Giancarlo Butti#Ready4EUdataP Privacy by Design: effetti pratici sui sistemi IT Giancarlo Butti
#Ready4EUdataP Privacy by Design: effetti pratici sui sistemi IT Giancarlo Butti
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By Design
 
Security by design: An Introduction to Drupal Security
Security by design: An Introduction to Drupal SecuritySecurity by design: An Introduction to Drupal Security
Security by design: An Introduction to Drupal Security
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
 
20171106 - Privacy Design Lab - LINDDUN
20171106 - Privacy Design Lab - LINDDUN20171106 - Privacy Design Lab - LINDDUN
20171106 - Privacy Design Lab - LINDDUN
 
Safeguarding privacy in research design
Safeguarding privacy in research designSafeguarding privacy in research design
Safeguarding privacy in research design
 
Top career課件
Top career課件Top career課件
Top career課件
 
Ame Elliott – No, Thank You: User Experience Design for Privacy
Ame Elliott – No, Thank You: User Experience Design for PrivacyAme Elliott – No, Thank You: User Experience Design for Privacy
Ame Elliott – No, Thank You: User Experience Design for Privacy
 
Data Pipeline Matters
Data Pipeline MattersData Pipeline Matters
Data Pipeline Matters
 
The AI Rush
The AI RushThe AI Rush
The AI Rush
 

Ähnlich wie Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong Kong

Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessEversheds Sutherland
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...IAB Bulgaria
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...Taiye Lambo
 
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...IFG Network marcus evans
 
Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findwise
 
2016 Global data valuation survey
2016 Global data valuation survey2016 Global data valuation survey
2016 Global data valuation surveyBrunswick Group
 
EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)Napier University
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramTrustArc
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
Keep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approachKeep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approachNagib Aouini
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
The UK National Cyber Security Strategy
The UK National Cyber Security StrategyThe UK National Cyber Security Strategy
The UK National Cyber Security Strategy- Mark - Fullbright
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
 
Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016John T. Araneo
 

Ähnlich wie Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong Kong (20)

IASA ey deck presentation
IASA ey deck presentationIASA ey deck presentation
IASA ey deck presentation
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your business
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundation
 
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...
PROTECTING YOUR BUSINESS AND CLIENT INFORMATION IN A DIGITAL WORLD - Mitch Ta...
 
Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?
 
2016 Global data valuation survey
2016 Global data valuation survey2016 Global data valuation survey
2016 Global data valuation survey
 
EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
 
Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy Program
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
Keep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approachKeep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approach
 
Is it time for an IT Assessment?
Is it time for an IT Assessment?Is it time for an IT Assessment?
Is it time for an IT Assessment?
 
Global Threats| Cybersecurity|
Global Threats| Cybersecurity| Global Threats| Cybersecurity|
Global Threats| Cybersecurity|
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
The UK National Cyber Security Strategy
The UK National Cyber Security StrategyThe UK National Cyber Security Strategy
The UK National Cyber Security Strategy
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Kürzlich hochgeladen

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Kürzlich hochgeladen (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong Kong

  • 1. © 2016 Baker & McKenzie© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Paolo Sbuttoni, Special Counsel, Baker & McKenzie 17 June 2016 Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong Kong
  • 2. This presentation has been prepared for clients and professional associates of Baker & McKenzie. Whilst every effort has been made to ensure accuracy, this presentation is not an exhaustive treatment of the area of law discussed and no responsibility for any loss occasioned to any person acting or refraining from action as a result of material in this presentation is accepted by Baker & McKenzie. Baker & McKenzie, a Hong Kong Partnership, is a member firm of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organisations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm. © 2016 Baker & McKenzie AWS Enterprise Summit: Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong Kong Paolo Sbuttoni, Special Counsel, Baker & McKenzie 17 June 2016
  • 3. © 2016 Baker & McKenzie 3 Agenda •  Cybersecurity trends •  Legal framework on data security in Hong Kong for FSIs (Recent SFC and HKMA developments) •  Practical tips to address the risks
  • 5. © 2016 Baker & McKenzie Increase in data breaches ‒  New York Times: §  Articles containing “data” and “breach” in 2012 = 117 §  Articles containing “data” and “breach” in 2015 = 650 ‒  Annual Verizon Data Breach Investigations Report: §  2012 report – 855 breaches, 174 million compromised records §  2015 report – 2,122 breaches, 700 million compromised records 5
  • 6. © 2016 Baker & McKenzie 6 Trends ‒  Increasing incidence of attacks: large and small scale ‒  Increasing opportunity to do harm with personal information e.g. identity theft, extortion, corporate and political sabotage ‒  Increased expectations and legal obligations (including reporting): §  US Cybersecurity Act 2015 §  EU Network Information Security Directive
  • 7. © 2016 Baker & McKenzie 7 Risks for FSIs ‒  Loss of confidential data, including trade secrets ‒  Prevention of access to data needed to run business ‒  Loss of income/loss of clients ‒  Loss of reputation ‒  Costs associated with remedying breach/improving systems ‒  Breach of contractual obligations ‒  Notification and potential penalities ‒  Involvement in police or regulatory investigation
  • 8. © 2016 Baker & McKenzie Baker & McKenzie Cybersecurity Counter-offensive Asia Pacific Guide v  Provides an outline of the preliminary assessment we recommend should be undertaken by clients when confronted with a suspected data breach v  Identifies, for 13 countries in the Asia Pacific region, the position in response to a number of common issues which arise in dealing with a data breach incident 8
  • 9. © 2016 Baker & McKenzie Common issues arising from a data breach incident (Please refer to Baker & McKenzie Cybersecurity Asia Pacific Guide for further detail) .au .cn .hk .in .id .jp .my .ph .sg .kr .tw .th .vn Is it unlawful to access third party data without authorisation? Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Are there any civil legal processes available to retrieve lost data? Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes No Is it possible to keep legal proceedings confidential? Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes No Are there obligations with respect to holding personal information securely? Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Are there specific laws restricting/limiting the export of personal information? Yes Yes No No No No Yes Yes Yes Yes Yes Yes No Is there a general obligation to notify data subjects of a security breach? No No No No Yes No No Yes No Yes Yes No No Is there a general obligation to notify the authorities of a data breach? No No No Yes No No No Yes No Yes No No Yes Are there sector specific data breach notification obligations? Yes Yes No No No Yes No Yes Yes Yes Yes Yes Yes 9
  • 10. Legal Framework on data security in Hong Kong
  • 11. © 2016 Baker & McKenzie 11 Data Security Framework Personal Data (Privacy) Ordinance ‒  Six Data Protection Principles (DPPs): 1.  Scope of collection 2.  Accuracy and length of retention 3.  Use of data 4.  Security of data 5.  Data privacy policies 6.  Rights of access
  • 12. © 2016 Baker & McKenzie 12 Data Security Framework ‒  Data Protection Principle 4: All practicable steps shall be taken to ensure that personal data held by a data user are protection against unauthorized or accidental access, processing, erasure, loss or use ‒  All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data) ‒  Failure to take these steps: §  Enforcement Notice against the data user §  Civil claim by affected data subjects against data user
  • 13. © 2016 Baker & McKenzie Sector specific guidelines Supervisory Policy Manual: •  General Principles for Technology Risk Management •  Operational Risk Management •  E-banking •  Outsourcing Circular on Examinations on controls over Customer Data Protection (2006) / Customer Data Protection (2008) Circular on Customer Data Protection (October 2014) Cybersecurity Risk Management (September 2015) Cybersecurity Fortification Initiative (24 May 2016) Circular on security controls related to internet banking services (26 May 2016) SFC Code of Conduct Internal Control Guidelines Circular on IT Management (March 2010) Circular on Internet Trading Reducing Internet Hacking Risks (January 2014) Circular to all Licensed Corporations on Cybersecurity (23 March 2016) Circular: Mitigating Cybersecurity Risks (November 2014) Circular: Internet Trading (June 2015) 13
  • 14. © 2016 Baker & McKenzie 14 SFC Circular on Cybersecurity - 23 March 2016 Five Key Areas of Concern 1. Inadequate coverage of cybersecurity risk assessment exercises 2. Inadequate cybersecurity risk assessment of service providers 3. Insufficient cybersecurity awareness training 4. Inadequate cybersecurity incident management arrangements 5. Inadequate data protection programs Eight Suggested Cybersecurity Controls 1. Establish a strong governance framework to supervise cybersecurity management 2. Implement a formalized cybersecurity management process for service providers 3. Enhance security architecture to guard against advanced cyber- attacks 4. Formulate information protection programs to ensure sensitive information flow is protected 5. Strengthen threat, intelligence and vulnerability management to pro- actively identify and remediate cybersecurity vulnerabilities 6. Enhance incident and crisis management procedures with more details of latest cyber-attack scenarios 7. Establish adequate backup arrangements and a written contingency plan with the incorporation of the latest cybersecurity landscape 8. Reinforce user access controls to ensure access to information is only granted to users on a need-to-know basis
  • 15. © 2016 Baker & McKenzie 15 HKMA Cybersecurity Fortification Initiative (CFI) Cyber Resilience Assessment Framework • Seeks to establish a common risk- based framework for banks to assess their own risk profiles and determine the level of defence and resilience required. • Draft framework issued to the banking industry for consultation for 3 months. Professional Development Programme • Training and certification programme in Hong Kong which aims to increase the supply of qualified professionals in cybersecurity, who will be able to conduct risjk assessments. • HKMA will work with Hong Kong Institute of Bankers (HKIB) and Hong Kong Applied Science and Technology Research Institute (ASTRI) to roll out the first training courses for cybersecurity practitioners by the end of 2016. Cyber Intelligence Sharing Platform • Will allow sharing of cyber threat intelligence among banks in order to enhance collaboration and improve cyber resilience. • HKMA will work with The Hong Kong Association of Banks (HKAB) and ASTRI to establish the Cyber Intelligence Sharing Platform by the end of 2016. • All banks expected to join. A comprehensive initiative and a supervisory requirement for banks in Hong Kong to implement to raise the level of cybersecurity through a three-pronged approach (HKMA Circular 24 May 2016):
  • 16. © 2016 Baker & McKenzie Data Breach Reporting ‒  Guidance on Data Breach Handling and Giving of Breach Notifications (updated October 2015) ‒  Industry specific reporting: §  HKMA expects AIs to report breaches to HKMA / affected customers ‒  Privacy Management Programme - Best Practice Guide (2014) recommends: §  data users establish procedures and have an officer / team responsible for managing a data breach 16
  • 18. © 2016 Baker & McKenzie Incident response plan ‒  Formulate policies and procedures which will establish systems for identifying, investigating, mitigating and resolving risks ‒  Regularly monitor compliance with those systems, including, where necessary, conducting further risk assessments 18
  • 19. © 2016 Baker & McKenzie Where an incident has occurred ‒  Conduct a timely and proportionate initial investigation ‒  Gather information / contain the breach / assess the “risk of harm” to data subject ‒  Consider: §  Whether the company has any notification obligations e.g. regulatory, contractual (insurers) – see data breach assessment guidelines in Cybersecurity Counter-offensive Asia Pacific Guide §  When notification should be made 19
  • 20. © 2016 Baker & McKenzie Early notification is good ‒  Acting quickly: §  Assists in containment §  Affected individuals/organizations can start to take steps to mitigate their losses §  Seen to be concerned – reduced reputational impact 20
  • 21. © 2016 Baker & McKenzie Jumping the gun is not ‒  May cause affected individuals to take unnecessary detrimental steps ‒  May cause unaffected individuals to believe they are affected (further loss of reputation) ‒  May compromise the investigation of perpetrators ‒  May increase risk of legal action by customers/contractual counterparties 21
  • 22. This presentation has been prepared for clients and professional associates of Baker & McKenzie. Whilst every effort has been made to ensure accuracy, this presentation is not an exhaustive treatment of the area of law discussed and no responsibility for any loss occasioned to any person acting or refraining from action as a result of material in this presentation is accepted by Baker & McKenzie. Baker & McKenzie, a Hong Kong Partnership, is a member firm of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organisations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm. © 2016 Baker & McKenzie Paolo Sbuttoni Special Counsel, Hong Kong +852 2846 1521 paolo.sbuttoni@bakermckenzie.com Paolo Sbuttoni Special Counsel, Hong Kong +852 2846 1521 paolo.sbuttoni@bakermckenzie.com