The Macao SAR Government has placed heavy emphasis on information security to reduce the risk of data leakage and cyber-attacks. Therefore, in addition to promoting the development of systems and improving the centralized management of infrastructures, works have been done in strengthening internal information management and education and promotion, particularly in the following three areas: prevention, response, and awareness, in order to increase the overall capacity in information security and crisis management of the SAR Government.
In order to perform advance planning, prevention, and preparation for foreseeable information security incidents so that timely emergency measures can be taken, based on regulatory documents such as Information Security Policy Guidelines and Information Security Management Framework, etc., the SAR Government has requested agencies to develop and properly implement internal information management guidelines based on their own needs. The SAR Government also encourages agencies to adopt international standards and obtain international accreditation in the field of information security, raising the management level of the agencies.
Currently, all goverment agencies with large amount of information equipment have already developed their own internal information management guidelines, such as Information Security Management Guidelines, Information Security Guidelines for Users, Information Equipment Usage Handbook, Response Mechanism for Emergency and Crises, etc., and have been implementing news improvement measures to continuously strengthen the information security and crisis management capacity.
At the same time, in accordance with the centralized management strategy of the Government Data Centre, and to further strengthen the development of the security system and standards system for electronic governance of the SAR, the Government has drafted a report on the implementation planning for information security and crisis management, making suggestions on the continued strengthening of capabilities in information security and crisis management in the future.
Furthermore, the SAR Government and the Macau New Technologies Incubator Centre regularly conduct the Macau Information Security Survey, performing studies and analysis on three aspects: information security policy, information security control, and information security incident, with the goal to examine on an ongoing basis the overall information security status as well as to enhance the infomation security awareness of the SAR Government and various sectors in Macao.