Organization
Mission
Green IT
Guided Tour
Opening Hours
Location
ITSC Student User Consultation Committee
Announcements
System Availability
User Areas User Guide
Location
Opening Hours
Facilities
Services
Computing ID and Password
Computer Account Application
Accounts Information Management System
Computer Resources Assignment on various Systems
Request Additional Computer Resources
Alerts, News and Events
E-mail Fraud (Phishing) Alert
Good Practices for General Users
Good Practices for Technical Professionals (Intranet only)
LAN Administrators Resources Website
Information Security Policies (Intranet only)
Useful Tools and Links
Anti-virus Software - Kaspersky
CUHK Certificate Authority (CA)
FAQ
Glossary
Report IS Incidents
eLearning
High-performance Computing
iHome - CUHK Community Homepage Server
Logic - General Purpose UNIX Server
PC LAN Services at User Areas
System Maintenance Schedule
Computer Equipment Acquisition (Intranet only)
Software Licensing
University-wide Software Standards
Services to Department
Departmental Technology Solutions
Learning and Multimedia Technologies
University Administration Systems
AMSD Forms
MyCUHK
CU Link
ITSC Training Courses
Training Room Booking
Application Forms
Print Account Management System
eSurvey System
ITSC Digest
User Guides
E-Card Service
Posters and Wallpapers
Internet Applications
Campus-wide E-mail (CWEM)
CU Net-TV
More..
Campus Network
ResNet
ClassNet
Wireless LAN(Wi-Fi)
Off-Campus Access
VPN
Wi-Fi Hotspot Partnership Programme
Internet and Other Links
The Chinese University of Hong Kong Information Technology Services Centre 資訊科技服務處 香港中文大學
bullet Alerts, News and Events
bullet Good Practices for General Users
bullet Good Practices for Technical Professionals (Intranet Only)
bullet Information Security Policies (Intranet Only)
bullet Useful Tools and Links
bullet FAQ
bullet Glossary
bullet Report IS incidents
   
       
Frequently Asked Questions  
         
1. Q: How to check if the mail is a phishing email?  
  A: I. Check whether it is a reported case through our page on Phishing:
    II. Confirm with your LAN administrator or ITSC to verify if ITSC have sent such an email.
         
2. Q: What to do if I have answered phishing email?
  A: Please refer to here.
         
3. Q: Where to find anti-virus software?
    A: Please refer to here.
         
4. Q: Any tools to encrypt data?
  A: There are a lot of tools, one of them is a free open source encryption software - Truecrypt from here
         
5. Q: Any suggestion for securely use of mobile computing devices, e.g. USB memory drive, moveable hard drive, laptop?
  A: Please refer to the guidelines for securely managing mobile computing devices and removable storage media in ITSC homepage.
         
6. Q: How to avoid data leakage if I need to send a computing device with sensitive data for maintenance?
  A: You can use a software Blancco Data Cleaner to erases all the data stored in hard drive.
         
7 Q: How long should I set the session timeout?  
  A:

In general, 5 minutes for high-value applications, 10 minutes for medium value applications, and 20 minutes for low risk applications. For detailed information, please refer to here.

  
         
8. Q. How long should the audit logs be kept?  
  A:

An audit trail shows how the system is being used from day to day. Logs shall be retained for a period.

In most cases, the type of business will define the external requirements for information retention. Legal counsel and audit staff should always be included in the development process for any data retention policies to ensure the business is complying with all contracts, local laws, industry regulations, and national or international laws.

For instance, the Sarbanes-Oxley Act (SOX) that affects US Corporations specifies retaining audit logs for up to seven years. The VISA Cardholder Information Security Program (CISP) specifies retaining audit logs for at least six months.

Some organisations retain audit logs until it is determined that they are no longer needed for administrative, legal, audit, evidence or other operational purposes. Some choose to retain all evidence for months or years after the incident ends.

As a general guideline on information security, you may consider to keep the logs for six months or more.

The following documents may be useful for your reference:

  
    1.

IT Security Guidelines

  
    2. Information Security Guide for Small Businesses, Third Edition  
    3.

Guide to Computer Security Log Management (Sep 2006) by NIST

  
         
         

 

 

Need Help?
For comments and enquiries about this service, please write to the ITSC Electronic Helpdesk at
http://helpdesk.itsc.cuhk.edu.hk