Governance Report 管治報告 The Education University of Hong Kong Annual Report 2024-2025 74 Principal Risk Themes: (3) Information systems and cybersecurity 主要風險類別:(3)資訊系統及網絡安全 Risk Statements 風險陳述 The fast-changing technological landscape continues to require EdUHK to upgrade its IT infrastructure to maintain resilience and protect against the cyber-attack and evolving threats. 科技發展瞬息萬變,教大需持續提升資訊科技基礎設 施,以保持韌性,應對網絡攻擊與不斷變化的威脅。 Mitigation Plans 減緩風險計劃 • Continue to enhance IT infrastructure to ensure operational resilience, scalability, and support for emerging technologies • Strengthen cybersecurity measures by continuously implementing advanced security controls to defend against cyberattacks and evolving threat landscapes • Benchmark our cybersecurity posture against leading practices in the higher education sector and global standards to maintain a robust and forward-looking security framework • 持續提升資訊科技基礎設施,確保營運韌性、具擴增 性及支援新興科技應用 • 加強網絡安全措施,繼續採用先進的保安控制工具, 防範網絡攻擊與不斷進化的威脅形勢 • 檢視大學的網絡安全狀態,以高等教育界的主要慣例 及全球標準為基準,維持穩健且具前瞻性的保安架構 Risk Treatments 風險管理 • Upgrade the data centre environment to enhance resilience, with a focus on critical components such as the Uninterruptible Power Supply (UPS) • Continue replacing obsolete hardware and pursue opportunities to implement more resilient design architectures where feasible • Explore alternative solutions from diverse sources and opensource communities to strengthen critical IT infrastructure and services • Enforce Multi-Factor Authentication (MFA) across all systems and services to bolster identity and access security • Deploy advanced security technologies, including an AI-enhanced email security gateway and other specialised appliances and services • Adopt a third-party cybersecurity posture assessment platform to continuously monitor the University’s cybersecurity risk and benchmark it against global standards and the higher education sector • 升級數據中心環境以提升韌性,關注不間斷電源供應 器等關鍵組件 • 持續更換過時的硬件設備,並在可行的情況下伺機採 用更具韌性的設計架構 • 在多元來源與開源社群中探索替代方案,以提升關鍵 資訊科技基礎設施與服務 • 所有系統及服務均實施多重認證,以加強身份識別與 存取安全 • 運用先進的保安技術,包括增強型人工智能電郵閘道 及其他專用設備與服務 • 採用第三方網絡安全狀態評估平台,持續監察大學的 網絡安全風險,並以全球標準及高等教育界為基準進 行評估
RkJQdWJsaXNoZXIy Mjk0NjMy