The reading notes record thoughts from things I read. 這網誌是我的一些閱讀後的思考和摘要記錄。My website 我的網頁:

IPCC incident

This is a very unfortunate incident, especially when it happened in IPCC, which is a department almost exclusively staffed by EO. Please see latest press report below. Barring any intentional malicious act by the persons with proper authorization to data access, which is something any IT security system could not prevent, the data leakage seems to stem from negligence, or ignorance/indifference to data security. Basically, this has nothing to do with IT. If you need to contract out the counting of money, or re-indexing many personnel files, would you let the contractor take them away to sort them out? Electronic data are of equal importance.

I think many colleagues have similar experience from the recent exercise of the eLeave project. Many departments contracted out the project which involved the conversion of personal bio-data as well as old leave records. These small IT projects belong to HR managers and are mostly handled by EO. I understand that all conversion work were conducted within the premises of the departments using office PC and LAN. Grateful if colleagues would share their experience. Are there any eLeave system using OCGIO’s hosting service, which has just been contracted out as well?

This case is a strong illustration that IT management has become an essential management field, which is closely integrated into everyday management work. In all smaller departments or offices, managers (aka EO) are the de facto persons to be responsible for the management of IT systems which are part of all office systems. For large IT systems, the management aspect is very complex that professionals in resource and system management (aka EO) are required. It is so obvious that the EO grade needs to be prepared, at a very early stage, for the provision of such professional managerial service.

There are some IT training for EO, mainly on the use of office tools like MS Office, network admin, database admin, system development, etc. While all these are useful for IT awareness, I think more advanced topics on IT management are required. Word/Excel/LAN admin are actually clerical work. While managers need to know what they are, there is no need for intensive training. It is like training EO to type or to index files. Instead, we should make reference to the topics taught in university IT management courses: like IT security, IT project management, data privacy law, contract management, etc.

The most essential move, which is the responsibility of grade management, is to promote IT management as a professional stream of EO work. Strategic steps should be in place to identity, develop and properly create a career for IT management professionals within the grade. There is no need to worry about the fast developing technology which can be obtained from the market. Just like any other management streams, managers need to keep abreast of the general development in their field. Such general information is readily available from newspapers and journals. When managers are in posts with good recognition and prospect, they will seek out such general information as part of the job and equip themselves properly.




此外,警監會極度關注外泄資料遭濫用的情?,強調未經當事人同意下使用有關資料,便屬違反法例,可能會被警告及起訴。警監會已委任電腦專業人士,追查過去 3年曾查閱及下載有關資料的紀錄。