Speech by Mr. Stephen Mak, Acting Government Chief Information Officer, at "the Opening Ceremony of HKPC IT Management Showcase 2008"
13 August 2008

Mr. (Wilson) FUNG, Distinguished Guests, Ladies and Gentlemen,

Good morning! It is my pleasure to address you at this feature-packed IT Management Showcase. I understand that this is the 8th year when such a Showcase or its variants is organised, with themes that reflect the needs and interest of the industry and community. I would first congratulate the HKPC and the co-organisers for their great efforts in staging and maintaining interest in this event. I should also like to share a few thoughts on my take on the content of this Showcase with you.

First, I should like to talk about information security. There are many kinds of information security threats, e.g. viruses, spam emails, hacking etc. Among these, the recent spot light is on information leakage due to the popularity of mobile storage devices and data sharing platforms. There is a trend that data storage capabilities are being implemented in a number of other memories devices, like mobile phone, digital camera and video recorders etc. Coupled with this is the standardization of physical connection ports, the ubiquitous USB. The advent of wireless and mobile technologies and affordable services has added even more opportunities and threats for both users and management. The Government is keenly aware of the recent spate of data leakage incidents and considers the need to design a communication programme for all levels of staff in the Government. We expect this to be well worth the effort in the private sector, too.

In order to protect against various kinds of security threats, the fundamental step in implementing proper security governance and management measures is to prepare and update a set of policies and guidelines so that effective protection measures are adequately carried out. In parallel, a process of education to every individual involved should be in place. While this may sound imposing on some people and businesses, especially for SMEs who are less resourceful, its importance cannot be over-emphasised. From the management angle, this is similar in setting up road signs, traffic rules and law enforcement measures so as to reduce the chance of road accidents. At the user end, this is to be considered necessary good practices as a road user and driver.

In this connection, I find some of the topics in today's showcase very illuminating.

I now turn to IT Service Management. In an era of rapid technology advancement, information and information technology have become a major facilitator of business and a factor of production. IT service management (IT) evolved naturally as services are affected by the developing technology, in both positive and negative ways. In the past, IT was mainly focused on application development - all the new possibilities brought out by IT seemed to be the ends in themselves. Harnessing the apparent benefits of these new technologies meant concentrating on delivering the created applications as a part of a larger service offering, supporting the business itself.

IT is now an inseparable part of business operations. As the practice of service management grows, so too does the dependency of the business on it. Meeting the business need called for a more radical refocus in the IT service approach.

IT service management is a set of specialized organizational capabilities for providing value to customers in the form of IT services. It is also a set of functions and processes for managing IT services over their lifecycle to facilitate outcomes that customers want to achieve. Well-disciplined IT service management enhances efficiency and effectiveness in business operations in various stages of service lifecycles, including service strategy, service design, service transition, service operation and continual service improvement.

Industry best practices and standards on IT service management include, for example, IT Infrastructure Library (ITIL) and ISO 20000 for IT Service Delivery. They serve not only as a means to benchmark service performance among peers in the industry but also guidance for an organization to enhance its service management with reference to experiences from multiple organizational disciplines. Again I'm pleased to note that a number of our distinguished speakers will be sharing the latest insights and practices with us in this programme.

Government welcomes the local IT industry to consider the adoption of best practices and standards of IT service management in their service delivery. This would certainly help Hong Kong achieve and maintain its position as a hub for technological cooperation and trade, and more specifically as a premium location for hosting of high-end data centres.

Within the Government, we also see the opportunity of standardizing the service management of government data centres to facilitate resource sharing and staff deployment, and to improve effectiveness in managing and operating data centres. We will make reference to industry best practices in standardizing the system management practices of our data centers, and of course expect our contractors to do the same.

Finally, I would like to talk about Software Quality. Software quality has traditionally been in the realm of engineers and professionals whose major focus was on fitness for purpose, richness of the functionality, operational performance and cost efficiency. The key phrase used to be "meeting user expectations" and whatever that entails. Whilst these continue to be major factors for success of all kinds of software, the many dynamic changes in the platforms on which software is run have significantly increased the risks to which software is exposed. I am referring to the context in which all software, be it platform software sold as shrink-wrapped packages, open-source software available for free download on the Internet, to enterprise-level software suites and individual user-developed software, is changing such that any and all software vulnerabilities will be exploited in ways beyond our own imagination. Recent incidents on some platform software attest to this problem that we are facing. I therefore submit that Software Quality is now something to be closely associated with, if not part and parcel of, Information Security and IT Services Management, rather than a mundane but necessary step to prove that the software 'works' in the way intended. For that, I'm again pleased to observe that we will be having a separate track for this Showcase that I'm sure will bring out some useful discussions on how developers and users alike can take a more holistic view of the three interrelated topics we have today.

Ladies and gentlemen, I have taken more than a fair share of your time, and I'm sure you are as eager as I am to hear what our distinguished speakers have to tell us. I thank Mr. FUNG and his team for inviting me here, and would like to wish you all a very fruitful day at the Showcase today.

- END -