Mr. Albert HUI
Lead Trainer – Innovation and Technology
Hong Kong Institute of Security
-
Security Ronin Principal Consultant.
-
UK Institute of Directors (IoD) Cyber Security Advisor.
-
Former IBM Global Security Architect.
-
Former IBM Global Security Architect.
-
Former Deloitte Risk Advisory Director.
-
Former HKUST Computer Science Lecturer.
-
Member of the Task Force on Information and Communications Management System Certification, Hong Kong Accreditation Service (HKAS) of Innovation and Technology Commission (ITC) (since 2023).
-
Advisory Board Member, SANS Institute (since 2010).
-
Advisory Committee Member, IEEE Computer Society Hong Kong Section (since 2011).
-
International Information System Security Certification Consortium ( (ISC)² ) Information Security Leadership Achievements (ISLA) Honouree.
-
SANS Institute GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) (expired).
-
Harvard University Certificate in Cybersecurity: Managing Risk in the Information Age.
-
Information Systems Audit and Control Association (ISACA) Certified in Risk and Information Systems Control (CRISC) (expired).
-
Information Systems Audit and Control Association (ISACA) Certified Information Security Manager (CISM) (expire).
-
Information Systems Audit and Control Association (ISACA) Certified Information Systems Auditor (CISA) (expired).
-
Cloud Security Alliance (CSA) Certificate of Competence in Zero Trust (CCZT).
-
Covert Access Team (CAT) Elicitation Toolbox Certificate.
-
Covert Access Team (CAT) Physical Audit Certificate.
-
Master of Philosophy (MPhil) in Computer Science, Hong Kong University of Science and Technology (HKUST).
>>> Learn
>>> 學習
>>> Share
>>> 分享
>>> Grow
>>> 成長
Copyright © 2024 The Hong Kong Institute of Security Limited. All rights reserved.
Penny Fung
- Penny served in the Hong Kong Police in 1976-1993, primarily in criminal investigation with special focus on commercial crime investigation and crime prevention. She left as a Detective Senior Inspector.
- Penny served in two international banks in Asia. She served in the Standard Chartered Bank in 1993-2000 and left as its Area Head – Security & Operations Risk Management for Hong Kong, China, and Northeast Asia. She also served in the Bank of America and later Bank of America Merrill Lynch in 2006-2011 as its Regional Director of Security and Regional Director of Investigations in Asia.
- Penny has been a security risk consultant since 2000. She was the Associate Managing Director of Kroll Associates (Asia) Ltd. in 2000-2003 and has been the Principal Consultant of “K2 Consulting Co. Ltd. (K2)” since 2011.
- Penny founded K2 in 2003, which initially focused on offering security management training and later expanded to security consulting services. K2 had been the training partner of the “International Professional Security Association – Hong Kong (IPSA HK)” until the establishment of the Hong Kong Institute of Security in 2022.
Penny has been a pioneer in promoting professional development of the security services in Hong Kong since the 1990’s:
- Penny was the Chairperson of IPSA HK in 1993-2003 and 2009-2011 and led in re-defining the criteria for membership advancement to include professional qualifications and practical working experiences.
- Penny was an appointed member of the Security Services Training Board of the Vocational Training Council (“VTC”) in 1998-2006 and led in the first manpower survey of the security industry in Hong Kong, among others.
- Penny was a Board Director of the Association of Certified Fraud Examiners - Hong Kong Chapter and served as its President in 2009-2011 and Director of Training in 2007-2009. She was instrumental in developing and launching the Investigations Training programme of the Hong Kong Chapter.
- In 2013-2018, Penny was appointed by the Education Bureau as a member of the Industry Technical Advisory Committee of the Qualifications Framework for Security Services. She led in the establishment of the Specification of Competency Standards (“SCS”). On assignment by the VTC, she authored several SCS-based training packages as essential learning and assessment guidelines for security training. She has also been appointed as the Assessor and Question Writer of the Recognition of Prior Learning Programme under the QF for Security Services since 2021.
Penny received her security training in the Home Office in UK, the Edith Cowan University in Australia, and the University of Louisville in the US. She also holds a Diploma in Adult Education and Training by the HKUSPACE.
Penny is a Fellow Member of IPSA HK, Diplomate of the International Institute of Security, Certified Business Continuity Professional of the Disaster Recovery Institute, and Certified Fraud Examiner of the Association of Certified Fraud Examiners.
Subscribe to our newsletter now!
2022.11.04 – 丙類保安工作的最高年齡限制由55 歲提升至60 歲
請參閱:保安及護衞業管理委員會 (SGSIA ) - 簽發保安人員許可證準則 https://www.sb.gov.hk/chi/links/sgsia/pdffile/GN%20-%20Criteria%20for%20Security%20Personnel%20Permit%20(Chi).pdf
2022.11.04 – upper age limit for Cat C security work raised from 55 to 60
Please refer to: SGSIA - Criteria for Issuing a Security Personnel Permit https://www.sb.gov.hk/eng/links/sgsia/pdf/GN%20-%20Criteria%20for%20Security%20Personnel%20Permit%20(Eng).pdf
Education and training institutions can now make use of this VQP to design relevant training courses and security practitioners can also make more structured plans for their career and personal development in the security industry.
主席
The Authority consists of a Chairman and five Members appointed by the
Chief Executive, as well as a representative of the Secretary for Security. A
secretariat has been set up to provide day-to-day administrative support to the
Authority.
Chairman
Mr. Stephen YIP Chun-nam, B.B.S, M.H., J.P.
Members
Dr Terence CHAN Ho-wah
Mr YIU Ming, M.H.
The Honourable KWOK Wai-keung, J.P.
Ms KUOK Hui-kwong
Mr LAU Ka-keung, B.B.S, M.H., J.P.
A representative of the Secretary for Security
Secretary
According to the conviction records in the previous two years published by the Labour Department (https://www.labour.gov.hk/common/osh/pdf/Conviction_record_en.pdf), in April 2023, Thorn Security (Hong Kong) Limited was convicted of an offence of “Failing to ensure workman wearing suitable safety helmet” and fined $6,000.
According to various media reports, the Labour Department has completed its investigation in March this year into the incident at a Maternal and Child Health Centre in Yau Ma Tei on August 15 last year, in which a female security guard was pressed by a toppled leaf of the gate and died. Wise Security Limited, the employer of the female security guard, was summonsed for an offence of “Failing to ensure the safety and health of employees” while four other occupiers were also summonsed. The case is still under trial. (Case reference: KTS 3046-3050/2023).
根據勞工處過往兩年的定罪記錄(https://www.labour.gov.hk/common/osh/pdf/Conviction_record_en.pdf), 2023年4月 Thorn Security (Hong Kong) Limited 被定罪 “Failing to ensure workman wearing suitable safety helmet”及罰款$6000。
而根據各媒體的新聞報導,去年8月15日油麻地母嬰健康院發生鐵閘倒塌事故意外導致一名43歲女保安被壓中身亡事故,勞工處已於今年三月份完成調查,並票控其僱主威智護衛有限公司「沒有確保僱員的安全及健康」,還有其他四個相關的處所佔用人亦被票控,案件尚在審理中(案件編號:KTS 3046- 3050/ 2023)。
Webinar
Missed this talk?
(1) Opening and introduction
HKQF for Security Services - how to obtain recognition under the "Recognition of Prior Learning" mechanism
(CSI / IPSA HK / HKIOS members, students and employees are encouraged to attend)
「保安業資歷架構」已經推出多年,擁有豐富保安工作經驗,但欠缺學歷或保安專業資歷的從業員,可以透過「過往資歷認可」機制去確認他們已經具備的保安資歷級別。這個分享會會為大家介紹「保安業資歷架構」及「過往資歷認可」機制,並邀請到幾位業內人士與大家分享他們如何透過「過往資歷認可」機制成功獲取第四級資歷認可的經驗。
香港保安學會培訓及專業發展總監
衞業有限公司高級行動經理
國際專業保安協會(香港)執行委員會委員;資深保安從業員
Webinar
Design Thinking: Optimizing Workforce and Improving Operational Efficiency
(For CSI / IPSA HK / HKIOS members, students and employees only)
Design thinking is a people-oriented way of thinking and design that solves problems and innovates. In this seminar, it is our great honor to invite two authorities in design thinking and innovation management – Mr. David Chung and Ms. Yan Choi to introduce design thinking and talk about how to apply it to improve the labor force and operational efficiency of the security industry.
Founder and Managing Partner, InnoEdge Consulting Ltd.
Board Member, Global Innovation Management Institute
Senior Consultant, InnoEdge Consulting Ltd.
Certified Instructor, Design Thinking
Chief Innovation Officer, Shop! Asia
網上研討會
設計思維:優化勞動力,提升營運效能
(只供 CSI / IPSA HK / HKIOS 會員、學員及屬員參加)
經驗分享會
保安業資歷架構 – 如何透過「過往資歷認可」機制獲取資歷認可?
(歡迎 CSI / IPSA HK / HKIOS 會員、學員、屬員及保安業內人士參加)
香港保安學會培訓及專業發展總監
衞業有限公司高級行動經理
國際專業保安協會(香港)執行委員會委員;資深保安從業員
2024年8個實體保安趨勢預測 / Top 8 Physical Security
Trends in 2024
實體保安與IT的融合正在加速,並且不會只局限於技術方面。
未來一年,不少機構會尋求優化IT與實體保安團隊之間的協作。這兩個寶貴技術的連結,會讓機構更有效地應對風險和最大化利用機構的整體數據。儘管沒有一刀切的方法,大多數人都會考慮以下的策略:
- 實體保安的領導者會擴展其部門的IT專業能力
- 保安運作的功能將會擴大,以便應對實體保安風險和利用來自兩個群體的數據
- IT團隊亦會引入實體保安,並開始負上監督實體保安任務
隨著這些以人為本的整合的不斷發展,對統一系統和雲端連結的實體保安解決方案的需求亦會隨之增長。這將會幫助團隊全面了解系統和不斷變化的風險,同時幫助他們從數據中提取更多有用的訊息。
實體保安數據民主化正在進行中。與過往相比,愈來愈多雇員需要接觸實體保安技術和數據。Genetec的2024年實體保安趨勢研究報告指出,近40%的機構仍面臨實體保安勞動力短缺問題。對特定任務或資訊存取的把關只會加劇資源的壓力。
隨著數位時代雇員角色的轉變,機構將尋求更具協作性的實體保安技術。它們需要更容易使用的解決方案,並且能支援保安部門以外的人員安全及有限度的使用。
這帶來的現象,將包括:犯罪現場的目擊者能夠安全地將其手機的錄影共享到中央證據貯存庫或團隊負責人監督與其部門相關的存取請求。
對許多機構來說,這將會增強整個企業的勞動力,亦會幫助它們擴大保安投資的價值和應用範圍。
出入管制現代化仍將是各機構於2024年的首要任務。為了減輕系統升級的複雜性,不少機構將轉向採用混合雲端模式及雲端就緒的出入口管制解決方案。這將帶來持續的創新和網絡安全更新,從而加強從門到網絡的安全。
我們亦將看到對開放出入管制解決方案的更大需求。比過往任何時候,各機構都更希望能夠自由地添加和連接現有的最新技術。到2024年,這將包括從物業管理系統、生命和安全解決方案到人力資源管理軟體和行動憑證等等。
將出入管制與這些不同的技術相結合,可以提高營運效率和持續發展的主動性。亦會讓雇主增進持卡人的體驗,尤其是對流暢和方便的感覺。
很多人將捨棄單獨管理錄影和出入口管理系統。為了提高效率,領導者將採取行動實現系統統一。這將簡化系統監控和維護任務,從而提高企業產能並節省成本。
到2024年,實體保安業對混合雲的採用將大幅增加。最近的研究發現,44%的機構已經在超過四分之一的實體保安部署了雲端或混合雲環境。
隨著雲端採用率的上升,人們對新的即插即用、雲端就緒設備愈來愈感興趣。它們不單只讓採用雲端服務更容易,還增強了邊緣的運算能力。
我們也將看到人們對雲端數據的使用和相關成本的關注。那些已經採用了混合雲的人們正在尋求從雲端支出得到最大回報的方案。很多人將依靠渠道合作夥伴以探索保安以外的用例,最大限度地提高混合雲的投資回報。
近年,警察部門一直在努力招募和留住警員。為了解決這個問題,許多城市正在投資新的打擊犯罪技術。從車輛調查系統和態勢感知平台到無人機和可穿戴設備,全部都使有助於提高公共安全部門的效率。
隨著科技的使用在城市中擴展,公共穩私問題也隨之增加。2024年,我們將看到城市越來越致力於建立更多公眾信任並加強穩私保護工作。以下的核心策略將有幫助:
- 選擇採用以穩私為本而設計的解決方案,以便能更佳地控制所收集、處理和共享的數據。
- 與值得信賴的技術供應商合作,確保優化所有防線並強化系統。
- 採取更透明的措施來保護資訊,並分享新科技投資如何增強社區安全的指標。
- 創建合作夥伴計劃讓公民呈報事故、提供回饋和參與社區警務工作。
進入市場的實體保安設備和其他工業物聯網感測器的數量正在增加,但仍未能滿足各個行業的機構的需要。IT和保安專家希望擴展其保安部署的數據類型。此外,他們亦希望從貯存系統中抽取數據,並建立數據湖以服務未來的目標。
在這關鍵時刻,選擇以API為中心及開放架構的統一實體保安平台的人將隨著時間的推移獲得最大收益。他們可以就著自身條件靈活地組合和同時分析不同來源的數據。最終,這能夠為新的數據驅動策略提供信息,並最大限度地提高所有科技投資的回報。
在數據湧現期間,許多機構還須尋找方法來增強操作員的能力,並將當前的工作流程數位化。因此,付帶嵌入式分析、自動化工具和視覺儀表板的實體保安解決方案的需求將會增加。
據IBM稱,2023年的每宗數據外洩事故的平均成本為445萬美元。當中只有三分之一的公司是透過內部保安團隊來識別漏洞。
2023年,31% 的終端用戶表示他們的機構成為網絡犯罪分子的目標。儘管各機構不斷改善網絡安全措施,人們對網絡安全的擔憂程度仍在持續上升。