Security Assessment and Review
The Information Security Unit (ISU) in the Office of the Chief Information Officer (OCIO) manages the University's IT security portfolio. One of their regular duties is to regularly assess CityU’s IT systems security to identify IT related security risk, and to carry out possible mitigations and remediation measures to ensure adherence to the required security standards. Ad-hoc security assessment and review services could also be requested by respective system owners.
The assessment and review would cover from the end point devices to all the components supporting the services, which also covers system architecture, network design, data protection measures, etc. The aims of the IT system's review and assessment are to:
- systematise, improve and integrate business procedures and the coverage of business information in the information systems (IS);
- identify risks and weaknesses, thus enabling the definition of solutions for introducing controls over processes supported by IT;
- centralise the control system and eliminate bottlenecks in information flow through the IS;
- ensure information confidentiality, integrity and availability (CIA);
- assess IT systems before and after implementation and conduct regular reviews;
- align IT assessment and IT strategy; and,
- attain IT management standards.