Hong Kong ICT Awards 2018

The Hong Kong ICT Awards aims at recognising and promoting outstanding information and communications technology (ICT) inventions and applications, thereby encouraging innovation and excellence among Hong Kong’s ICT talents and enterprises in their constant pursuit of creative and better solutions to meet business and social needs.

As a supporting organization of the Hong Kong ICT Awards 2018, Cloud Security Alliance Hong Kong & Macau Chapter encourages the active participation of our members and the general public to the eight categories under the Award.

Details of the Awards can be found at http://hkcs.org.hk/ictawards/

ICT Awards 2018

Advertisements

Cloud Security Alliance Announces Launch of CCSK v4

ccsk-large
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the general availability of its latest industry leading Certificate of Cloud Security Knowledge exam, version 4 (CCSK v4). The new exam has been significantly updated to reflect changes in the cloud and security landscape and features new content that aligns with this year’s earlier release of Guidance for Critical Areas of Focus in Cloud Computing 4.0.

“Since its launch, the CCSK has been recognized and widely accepted as the gold standard by a broad coalition of experts and organizations for demonstrating cloud security competency,” said Jim Reavis, CEO, CSA. “With this update, the CCSK is again proving to be the definitive resource for anyone in IT and information security who is looking to declare their understanding of key cloud security issues.”

Version four content represents more clarity, accuracy and better alignment with the recently published Guidance for Critical Areas of Focus in Cloud Computing 4.0 document, to better reflect current operational realities in cloud. Some key updates to note in the new version are reflected in the rebuilding of the introductory, infrastructure, and governance/legal/risk sections. Additionally, the materials covering data security includes an expanded coverage of Cloud Access Security Broker (CASB) technologies and business continuity/disaster recovery. Also, the Related Technologies sections now covers how IoT, mobile, serverless computing, and Big Data technologies are connected to cloud computing. A detailed list of changes between the CCSK v3 and v4 can be found at https://ccsk.cloudsecurityalliance.org/en/faq#changes.

Launched in 2010, the CCSK emerged as the industry’s first benchmark for measuring cloud security skillsets. The body of knowledge is constituted by Guidance for Critical Areas of Focus in Cloud Computing 4.0, the CSA Cloud Control Matrix (CCM) and the European Cyber Security Agency (ENISA) Cloud Computing Risk Assessment report. Information technology and security professionals interested in studying for the CCSK v4 exam can prepare through CSA’s self-study preparation kitor through their network of training partners offering instructor-led and online classes.

Approximately 86 percent of the exam questions will be related to the content of the Guidance for Critical Areas of Focus in Cloud Computing 4.0.  The CCSK v4 exam is now available for $395.  For more information or to take the exam visit https://cloudsecurityalliance.org/education/ccsk.

CSA HKM Knowledge Sharing Event – December 2017

CSA Knowledge Sharing Event provides an excellent opportunity for cybersecurity professionals to discuss the latest trends and developments in IT and in the process build a close-knitted cybersecurity community in Hong Kong and Macau.

This month we have invited Dr Bradley Schatz, director of the independent digital forensics consultancy firm Schatz Forensic, to deliver a talk entitled “Live Cloud Forensics” when he will share with the audience on the new approach of live analysis and how partial physical acquisition can ba applied in the cloud environment.

THE TALK:

With businesses increasingly migrating from on-premise to cloud based, forensics in and of the cloud is an increasing challenge. To date, the majority of work in the area has been academically focused, or adaptations of traditional methodologies to the cloud environment. The cloud environment imposes new constraints and opportunities around IO, processing power, and timeliness.

In this presentation, Dr Bradley Schatz will describe how the new approach of live analysis and partial physical acquisition can be applied in the cloud environment, with practical examples of how the methodology is being used by incident responders and forensic analysts across the globe. A case study of a real court case where it has been used in Australia will be presented.

SPEAKER:
Dr Bradley Schatz, Director, Schatz Forensic

Dr Bradley Schatz is the director of the independent digital forensics consultancy Schatz Forensic. Since the completion of a PhD in Digital forensics in 2007, his principal role has been as a practitioner of digital forensics in private practice, where he has served primarily legal clients in both civil and criminal matters. His evidence has been accepted as expert opinion in a range of courts within Australia. In 2008, Dr Schatz was appointed Adjunct Associate Professor at QUT, where he occasionally lectures & supervises doctoral students.

Bradley is regularly invited to present and deliver training internationally on the subject, and holds leadership roles in the leading peer review venues of the field; the DFRWS conference and the Journal of Digital Investigation. He has remained an active researcher advancing the field, and has published 15 peer reviewed academic papers and two book chapters all in the area of digital forensics.

The practical outcomes of his research have contributed to the mainstreaming of volatile memory analysis, and led to the commercialisation of the Evimetry forensic system, which is used by police, government and corporate forensic and IR teams globally.

Please do not miss this opportunity to learn from the expert and connect with your peers.

Participants can claim 1.5 CPE.

Event Details:

TOPIC: Live Cloud Forensics

DATE: December 6, 2017 (Wednesday)

TIME: 6:30 – 8:30 pm

VENUE: Room Z414, Core Z, The Hong Kong Polytechnic University, Hung Hom

REGISTRATIONhttps://csakse1712.eventbrite.hk

中國雲安全聯盟正式成立 (C-CSA formed in China)

(2017年11月1日 = China) 在廣東惠州舉行的中國物聯網雲計算應用技術博覽會上,中國雲安全與新興技術安全創新聯盟(以下簡稱「中國雲安全聯盟」或 「 C-CSA」)聯合中國雲體系產業創新戰略聯盟(以下簡稱「中國雲體系聯盟」)共同主辦2017中國雲安全與新興技術安全創新論壇,並為中國雲安全與新興技術安全創新聯盟舉行成立揭牌儀式,參加論壇的領導有中國科協原黨組副書記、副主席張勤院士,中國產學研合作促進會執行副會長、秘書長王建華,惠州市副市長劉小軍,中國雲安全聯盟常務副理事長李雨航,以及 雲安全的政產學研各界代表。 中國雲體系聯盟和中國雲安全聯盟秘書長沈寓實主持了論壇,專家們圍繞網路空間、雲計算、物聯網等領域分享了雲計算2.0時代的新興技術安全創新。

中國產學研合作促進會執行副會長、秘書長王建華宣讀中國雲安全與新興技術安全創新聯盟成立批復函拉開論壇序幕。 王建華強調中國雲安全聯盟的成立旨在加強產學研用深度融合,整合行業內各方資源優勢,搭建創新平臺並引進國際雲安全聯盟CSA等國際最佳實踐,突破雲計算和新興技術領域瓶頸,並引導建立安全共性標準, 培養更多的具有核心競爭力的產業集群和優秀人才,為建設網路強國提供有力支撐。

惠州市副市長劉小軍表示,惠州一直以來致力於打造世界手機之都,橫向融合縱向升級,推動智慧終端機產業發展。 資訊安全網路安全雲安全必不可缺,近些年來惠州重點支援物聯網、雲計算等資訊產業,惠州市對中國雲安全聯盟的專業性和權威性高度認可。

中國科協原黨組副書記、副主席張勤院士指出,去年 11月國家出臺了《網路安全法》,確立了國家網路空間安全發展戰略等重要內容,明確了網路空間治理的規則以及國際參與,將網路安全上升為國家安全的高度。 科技部等國家部委也出臺相應政策,大力推動雲安全與新興技術安全領域發展,科技部連續兩年組織實施國家重點研發計畫「網路空間安全」重點專項。 習近平同志在十九大報告中指出,創新是引領發展的第一動力。 此次舉辦中國雲安全與新興技術安全創新論壇,圍繞著物聯網、雲計算、大資料等新興技術及其優秀應用實踐進行分享,就雲計算和新興技術領域新的安全解決方案共同探討交流,對於加快科技成果轉化為生產力,實施創新驅動發展戰略, 建設技術創新體系,推動社會經濟發展具有重大的現實意義。 會上特別會上特別祝賀中國雲安全聯盟正式成立和大會取得成功。

李雨航常務副理事長受在京參加院士大會的方濱興理事長委託做了題為「 CSA2.0」的揭幕主題演講,強調安全已成為網路強國的命脈,新興技術如大資料、物聯網、人工智慧等的安全,是雲安全的延伸,中國雲安全聯盟將在中國政府認可下規範運作,貫徹國家網路主權自主可控的方針政策, 充分發揮聯盟各成員的主人翁精神,與國際雲安全聯盟CSA等國際組織緊密對接,把先進安全實踐經驗帶到中國並完成當地語系化改進。 早在2010年,CSA就在中國開展起志願工作。 2014年在政產學研7家中國戰略合作夥伴的支援下,CSA大中華區落地中國並實現半職業化,此次中國雲安全聯盟的成立,是CSA2.0 時代的起航,標誌著CSA在中國職業化,邁向在華新階段。

論壇由沈寓實秘書長主持,國家資訊中心安全管理處處長邵國安、武漢大學教授陳晶、普華永道風險及控制服務部合夥人李睿、安恒資訊副總裁劉志樂、中科院雲計算中心電子政務事業部主任孫傲冰、平安科技技網路安全研究所所長王曉箴 、創元網路技術股份有限公司總經理張少華、安信科技總經理陳林、北京益安線上科技股份有限公司總監李岩共9位行業實戰專家就各自所擅長的領域進行了分享。

中國產學研促進會已經支援成立了包括中國雲體系聯盟、中國雲安全聯盟在內的上百個各領域的聯盟,並獲得党和國家領導人習近平、李克強、栗戰書、汪洋、王滬甯、趙樂際、韓正、劉延東、路甬祥等極大的關懷和支援。 新成立的中國雲安全聯盟,將在促進會的指導下,力爭成為國際雲安全聯盟和其它國際安全性群組織在華的管理和運營機構。

C-CSA formed in China

圖片說明:(左起)C-CSA秘書長沈寓實,惠州市政府副秘書長鄒平生,C-CSA常務副理事長李雨航,促進會執行秘書長王建華,中國科協原副主席張勤,惠州市副市長劉小軍,工信部信通院雲安全主任栗蔚, C-CSA分會會長劉志樂

詳細資料:www.c-csa.cn

The EU GDPR: Hong Kong’s Road to Compliance Workshop – November 6, 2017

 

CSA HKM is proud to support a one-day workshop on “The EU GDPR: Hong Kong’s Road to Compliance” on November 6.

The workshop, which is hosted by the Internet Society Hong Kong, will map out the key changes to the EU data protection regime and their implications for key stakeholders in Hong Kong, notably regulatory authorities and organizations that handle personal data. Through a combination of panel and interactive discussions, it will provide more clarity on the applications of the GDPR for businesses, and guidance to help public and private entities adopt an action plan for compliance in preparation for the GDPR’s implementation in May 2018.

Date:    November 6, 2017 (Monday)
Time:   09:00 – 17:00
Venue: Ching Room, Sheraton Hotel, Hong Kong
Detailshttps://www.isoc.hk/2017/11/the-eu-gdpr-hong-kongs-road-to-compliance-part-of-the-isoc-online-privacy-workshop-series/
Registration: https://goo.gl/vdrwQ6

EU GDPR 171106

Industry and University Collaboration Forum 2017 – November 14, 2017

CSA HKM is supporting the organisatin of the Industry and University Collaboration Forum (IUCF) to be held on 14th November, 2017 at Hong Kong Science Park, Shatin.

The theme this year is “Connecting the Dots for Reindustrialisation: The Greater Bay Area Landscape”.  The event will focus on innovation and technologies that can facilitate the next generation of industrial revolution for this region. It will be aligned with the national priorities for ‘Industry 4.0’ and ‘Made in China 2025’ as well as other national programmes such as the ‘South China Greater Bay Area’ or international mega-plans like the ‘Belt and Road’ initiative.

Mr Nicholas W. Yang, GBS, JP, Secretary for Innovation and Technology and Ms Annie Choi, JP, Commissioner for Innovation and Technology will officiate the opening ceremony of IUCF 2017.  In addition, Professor Tsui Lap-chee, Founding President of the Academy of Sciences of Hong Kong; Ms Wu Ling, Director of Ministry of Science and Technology Wide Band Gap Semiconductor Programme Office; and Professor Zexiang Li from the Hong Kong University of Science and Technology have agreed to deliver keynote speeches in the event.  Experts from the 3rd Generation of the Semiconductor Industry as well as eminent professionals from the fields of robotics, artificial intelligence and Internet of Things for intelligent manufacturing have also confirmed to share their thoughts and insights in the Forum.

DATE:  November 14, 2017 (Tuesday)
TIME:  9:30 – 17:30
Venue:  Charles K Kao Auditorium, Hong Kong Science Park, Shatin
Details and Registration: www.iucf-astri.hk/index

Basic RGB

Hong Kong SMEs Cloud Adoption, Security & Privacy Readiness Survey Results Announced

October 25, 2017 – HONG KONG – Internet Society Hong Kong and Cloud Security Alliance – Hong Kong and Macau Chapter jointly announced the third annual report on “Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security & Privacy Readiness Survey” today. This survey is sponsored by Microsoft Hong Kong.

In the survey, 95% of the SMEs have already established policies towards data security after the launch of Personal Data (Privacy) Ordinance (the “Ordinance”), which is a leap of 40% as compared to that of two years ago. More than 50% of the SMEs believed that cloud security services provided by the Cloud Service Providers (“CSPs”) are reliable; Meanwhile, 45% of the SMEs claimed their CSPs are lacking transparency while handling customers data and information. It is not clear if the data kept on cloud could be deleted or returned after terminating the service contract with the providers. In terms of data privacy standard, 70% of the SMEs are not familiar with cloud security standards, such as ISO/IEC 27017 and ISO/IEC 27018, which reflects SMEs are not able to distinguish which CSPs follow the Ordinance or similar international legislation to protect their personal data.

The survey aims to understand Hong Kong SME’s readiness and application of cloud technologies. With the previous survey revealing the SMEs have already adopted cloud services to varying degrees, which brings to the focus of this year on analyzing SMEs understanding towards CSP’s handling on data and personal information.

Recommendations were made for SMEs to choose their CSPs. The survey was conducted in March 2017 and commissioned the Hong Kong Productivity Council to carry out telephone interviews to SMEs in Hong Kong (corporate size < 100 employees) over the course of three weeks and to review data from the Census and Statistics Bureau. The Council successfully collected 103 survey responses. The research covered major industry sectors in Hong Kong. The survey questionnaire was developed based on the Cloud Security Alliance Cloud Control Matrix international standard with questions adapted to local conditions.

SMEs Has A Higher Level Security Readiness In Overall Data Management And Information Security Systems The survey shows an increase in SMEs overall acknowledgment on data management and information security systems, particularly in physical security management, data privacy management, and incident management. Nearly 70% of the SMEs manage their IT systems with proper access rights and password control, representing an 15% increase when compared to that of 2015.

In addition, over 70% of the SMEs have good understanding of or have implemented data encryption, and over 60% of the SMEs have established their data disposal policy, which is a big jump when compare to none in 2015. Moreover, over 70% of the SMEs have established an Incident Response Plan and Disaster Recovery Plan, with a distinctive growth of 39% and 25% respectively. On the contrary, there is little progress on SMEs system management, with only 30% SMEs implemented a security patch policy, a slightly increase at 7.5%; Meanwhile, it is recorded a 4% decrease in SMEs firewall devices installation to further improve the security.

Mr. Sang YOUNG, Convener, Internet Security and Privacy Working Group, Internet Society Hong Kong, commented, “Comparing the data against with that of the past 2 surveys, we are happy to witness more and more SMEs formulate their data privacy policy, hence demonstrate higher readiness to data security on cloud and are more prepared to handle incidents. However, we see an increasing dependence on third party service provider’s cloud security systems, while a vast amount of SMEs are poor in implementing their security patches policies. We believe the number of SMEs relying on third party service provider’s cloud security service will remain huge, therefore we suggest SMEs to choose cloud service providers based on their transparency, and companies should review their vendor’s security solutions to ensure they are updated from time to time.”

SMEs Could Not Determine Whether CSPs Are Up To International Standard Compared with last year, the survey revealed that SMEs are showing more concern on personal data protection, with most of the companies (95%) claimed they follow the Ordinance from PCPD. However, SMEs are still lacking awareness on how CSPs process with their data, nearly half of the companies (45%) uses CSPs which are not transparent to their users if and when their data would be deleted and returned, and one-fifth of them (20%) do not know if their CSPs will use their data for marketing purpose. In the meantime, 25% of the surveyed SMEs reflected that their CSPs do not follow the Ordinance which raises a significant concern as CSPs are also data processors of the companies.

“SMEs should be clear on the CSP’s policies for data retention and deletion, including when the SMEs unsubscribe from the Cloud services in question. The survey revealed that up to 70% of SMEs are unclear on the international standard of cloud security & privacy, It is recommended that SMEs should look for CSPs which comply with international standards like ISO/IEC 27017 and ISO/IEC 27018 that provide guidelines to CSPs for the protection of Personally Identifiable Information,” commented Mr. Claudius LAM, Chairman of Cloud Security Alliance Hong Kong and Macau Chapter.

“As SMEs may not have the manpower and professional technology knowledge to deal with information security & privacy. With the use of reliable enterprise level CSP which in line with international standard, not only can overcome the deficiency, SMEs can also enjoy an enterprise level data privacy protection which ensure compliance with all relevant regulations at an affordable price”, said Mr. Fred SHEU, National Technology Officer of Microsoft Hong Kong Limited. “Microsoft is dedicated to help SMEs to leverage IT and enhance their competitiveness. The survey showed that more than 40% of Hong Kong SMEs will give priority to Microsoft Azure as their CSP. We will continue to invest and provide a more flexible and comprehensive cloud services to help local enterprises protect their data and assets effectively.”

For the full report, click HERE

SME Survey 2017

Photo shows: (From left) Claudius LAM, Chairman of Cloud Security Alliance Hong Kong & Macau Chapter, Sang YOUNG, Convener, Internet Security and Privacy Working Group, Internet Society Hong Kong, and  Fred SHEU, National Technology Officer of Microsoft Hong Kong Limited, announces the results of the Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security & Privacy Readiness Survey.