In pursuance of the Force Information Security Strategy (FISS) Action Plan 2014, which identifies "Incident Response and Management (IRM)" as one of the Targeted Policy Areas, the "Incident Response and Management Roadmap" was endorsed by the 7th Force Committee on Information Security (FCIS) Meeting on September 4, and has been made accessible on POINT via the "Incident Response and Management Roadmap" hexagon since November 24. 

 

The IRM Roadmap depicts the six steps of Classify, Contain, Inform, Investigate, Remedial Actions and Review (CIR²), each with hyperlinks to relevant orders, manuals and policies to provide Force members with a quick reference guide on handling of information security incidents.

 

The Roadmap was devised by a Focus Group set up by Information Systems Wing in March. The Focus Group comprises representatives from Support Wing, Administration Wing, Technology Crime Division of Commercial Crime Bureau and Police Public Relations Branch to streamline the procedures and mechanism for handling information security incidents, no matter they are paper records or IT related data. 

 

Since 2008, various measures, under the steering of a Force Working Group chaired by Deputy Commissioner (Operations), have been introduced to enhance Force members' awareness of information security and mitigate security risks in data protection, processing, storage and transmission. Since last year, the Force Working Group has been renamed as FCIS with expanded membership to include all Major Formation Commanders for formulating the FISS. Director of Management Services, as Force Information Security Officer, is the Chairperson of the FISS Working Group to oversee implementation of this strategy.