IT Security

With experienced professionals, C&T has in-depth knowledge in conducting IT security and Privacy Impact Assessment services. In addition to providing continual review of data privacy and security policies, and gap-analysis between the existing security posture and the contemporary regulatory requirements, C&T assists clients in security planning, assessments, auditing and training.
Security Services

Security Service

In C&T, we strengthen clients’ IT security posture with robust gap assessments, readiness reviews and remediation supports in the following procedures:

Security Planning

We can address all aspects of security planning to help organization establishing a balanced and effective security risk management program and policies which your management board is comfortable and confident with.

Development & Review of Security Policy and Procedure

We can develop security policies and procedures to control your current risks within framework of laws and regulations. With our extensive experience, we can review, revise and refine your existing IT security policies and procedures to meet business requirements, international best practices and corporate IT governance.

Security Assessment

Each organization’s system could not be secured without periodic assessment. We can effectively assist your organization to identify current threats via proven methodologies. Our expertise will guide you to implement the recommended rectifications and changes.

  • Vulnerability Scanning & Penetration Testing
    Vulnerability scanning and penetration testing can provide your management board a comprehensive view of application security threats. Without proper vulnerability scanning, the result is often leakage of critical information and loss of trust. Our penetration testing service is also extended from traditional web based applications to mobile based apps for the nowadays trend.

  • Source Code Review
    Source code review can prevent common loopholes from cross site scripting, code injection and implementation of improper authentication controls. By bringing in source code security requirements into development and quality assurance stage, it not only strengthens large software companies but also empowers small and medium enterprises to run their business safely.

Security Audit

We devote sufficient resources in security audit. We can highlight the gaps, show the risks existing in the current systems and procedures, and find out the root cause and risk factors. All our recommendations are based on up-to-date industrial best practice and international standards.

Security Awareness Training

Training is an imperative layer of security. It helps employees to understand any security risks relevant to their duties. We have extensive experience in providing security awareness training including briefing session, one-day introductory session, refresher program, and multi-day curriculum. These entire training programs will effectively overcome challenges of the business units in your organization.

Security Compromise Assessment

Compromise Assessment will tell if your organization is currently compromised or if there has been past attacker activity. We will provide your organization with recommendations based on the assessment’s findings, which may include the preliminary attack timeline and malware information.

Key benefits and features

  • Delivers all-rounded security services to strengthen security defenses and lower costs
  • Identifies vulnerabilities and determines gaps in information security
  • Aligns security requirements to business objectives, and quickly and effectively implements a comprehensive security strategy
  • Adopts a proven and proactive security methodology and approach to ensure excellent service delivery
  • Helps protect privacy to boost client’s confidence
  • Preserves corporate image
  • Fulfills government regulations and reinforces financial market rules

Our partner:  FireEye

Security Services Security Services


PIA Services

Privacy Impact Assessment (PIA) Service

Personal data privacy concerns can be particularly complex when organizations and enterprises face the dynamic challenges of innovation and change. With the objective of avoiding or minimizing adverse impacts, our certified Privacy Consultants deliver the PIA through targeted analysis of privacy risks arising from business processes, systems, operations, and legal/regulatory requirements such as Personal Data (Privacy) Ordinance (Cap. 486).

PIA service is deployed by our Privacy Team with respective qualification. Leveraging on different scales of project experiences from bureaus and departments of the HKSAR Government and multi-national enterprises, Privacy Team has a well-established assessment methodology in undertaking to suit clients’ specific needs and requirements.

We also offer customized services over diverse areas, including security monitoring and implementation. Please contact us to arrange an introduction.