The Information Security Unit (ISU) in the Computing Services Centre (CSC) manages the University's IT security portfolio.  One of their regular duties is to regularly assess CityUHK’s IT systems security to identify IT related security risk, and to carry out possible mitigations and remediation measures to ensure adherence to the required security standards.  Ad-hoc security assessment and review services could also be requested by respective system owners.

The assessment and review would cover from the end point devices to all the components supporting the services, which also covers system architecture, network design, data protection measures, etc.  The aims of the IT system's review and assessment are to:

1. systematise, improve and integrate business procedures and the coverage of business information in the information systems (IS);
2. identify risks and weaknesses, thus enabling the definition of solutions for introducing controls over processes supported by IT;
3. centralise the control system and eliminate bottlenecks in information flow through the IS;
4. ensure information confidentiality, integrity and availability (CIA);
5. assess IT systems before and after implementation and conduct regular reviews;
6. align IT assessment and IT strategy; and,
7. attain IT management standards.