Cloud Security Alliance Announces Industry’s First Credential for Cloud Auditing

The Cloud Security Alliance (CSA) has announced the Certificate of Cloud Auditing Knowledge (CCAK), the only credential for industry professionals that demonstrates expertise in the essential principles of auditing cloud computing systems. Set to be released in the second half of 2020, the CCAK aims to solve the current industry knowledge gap for IT audit and security professionals trained and certified for traditional on-premise IT auditing and assurance.

Designed to provide CISOs, security and compliance managers, internal and external auditors, and practitioners of tomorrow with the proven skillset to address the specific concerns that arise from the use of various forms of cloud services, the CCAK will provide a common baseline of expertise and shared nomenclature to ensure that IT auditors and other related stakeholders are communicating appropriately and accurately regarding the effectiveness of cloud security controls.

With its focus on cloud computing, the CCAK differs from traditional IT audit certification programs, which have many excellent elements, but were not developed with an understanding of cloud computing and its many nuances. An audited organization using cloud computing, for instance, will have a very different approach to satisfying control objectives, and a cloud tenant will certainly not have the same administrative access as in a legacy IT system and will employ a wide range of security controls that will be foreign to an audit and assurance professional grounded in traditional IT audit practices.

“Cloud computing represents a radical departure from legacy IT in virtually every respect. The new technology architecture, the nature of how cloud is provisioned, and the new shared responsibility model means that IT audits must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure,” said Jim Reavis, co-founder and CEO, Cloud Security Alliance. “Because CSA already has developed the most widely adopted cloud security audit criteria and organizational certification, we are uniquely positioned to lead efforts to ensure industry professionals have the requisite skill set for auditing cloud environments.”

The CCAK’s holistic body of knowledge will be composed of the CSA’s Cloud Controls Matrix (CCM), the fundamental framework of cloud control objectives; its companion Consensus Assessments Initiative Questionnaire (CAIQ), the primary means for assessing a cloud provider’s adherence to CCM; and the Security, Trust, Assurance & Risk (STAR) program, the global leader in cloud security audits and self-assessments, in addition to new material.

For more than 10 years, CSA has led the development of the trusted cloud ecosystem, which notably includes the STAR program and the Certificate of Cloud Security Knowledge (CCSK), the gold standard for measuring professional competency in cloud security. The CCAK and the CCSK will complement one another in that the CCSK provides the knowledge that enables an expert to secure cloud systems that will, in turn, be successfully scrutinized by an expert holding the CCAK. In many cases, an industry professional will be well served by obtaining both certificates.

Because the CCAK is intended to create a common cloud audit understanding, it’s expected to become a mandatory requirement for IT auditors and highly recommended for IT managers and professionals, especially governance, risk management, compliance, and vendor/supply chain management.

Several opportunities exist for those looking to participate in the CCAK’s development. Individuals can volunteer to provide subject matter expertise or peer review, while organizations with a vested interest in cloud security can become a founding sponsor. Learn more about the Certificate for Cloud Auditing Knowledge and how to get involved.

CCSP Information Sharing Session

APAC-CCSP-Info-Session-708x212

To support continuous professional development for InfoSec and CloudSec professionals in the region, ISC2 will be running an information webinar for CCSP certification on November 7 at 14:00 HKT.  In this 60-min info session, you will learn:

  • Current trends in the cloud security space
  • Reasons why you should pursue the CCSP certification
  • Overview of the recent updates to the CCSP domains
  • How to earn the CCSP certification, including exam and experience requirements
  • And you have the opportunity to ask any question that you may have

Do not miss the opportunity and register at: https://www.isc2.org/News-and-Events/Webinars/APAC-Webinars?commid=372419&utm_source=csa_hk#

CSA HKM Supports CTF Open 2019

CTF Open 2019
Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organsiation for the CTF Open 2019.  This will probably be the first CTF competition ever held in Hong Kong open to both students and general public.

Semi-Final Round

  • Date : October 5-6, 2019
  • Time : 12:00 pm October 5 to 6:00 pm October 6
  • Duration : 30 Hours
  • Style : Online Jeopardy
  • Category : Student (Hong Kong Full-Time Undergraduate Students) and Public (Open to everyone)
  • Teams : Each team must have 2 – 4 members

Grand Final Round

  • Date : October 19, 2019
  • Time: 10:00 am to 4:00 pm
  • Venue : Deloitte (35/F, One Pacific Place, 88 Queensway, Hong Kong)
  • Duration : 6 Hours
  • Style : On-site Jeopardy
  • Participants must bring and use their own personal computing devices

For details and registration, please visit: https://www.eventbrite.hk/e/hk-ctf-open-2019-opening-and-cyber-security-seminar-of-red-vs-blue-tickets-73305311159 

CSA HKM co-organises Information Security Summit 2019

IS Summit 2019

Cloud Security Alliance Hong Kong & Macau Chapter is a joint organizer of the Information Security Summit 2019, an event leaded by the Hong Kong Productivity Council.

The Information Security Summit “Over the Horizon Cyber Security” is a regional event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

This year’s Summit will include a two-day conference and a number of workshops demonstrating management and technical theory, applications and practical experiences on all aspects of information security relating to securing and protecting data in borderless cloud and mobile environment, big data analytics and the Internet of Things.

DATE:                              October 23-24, 2019 (Wednesday and Thursday)
TIME:                              09:00 – 17:30
VENUD:                          L2, Hong Kong Convention & Exhibition Center
REGISTRATION:            https://www.issummit.org/

CSA HKM Supports 5th Cloud Forum

5 Cloud Forum

Cloud Security Alliance Hong Kong & Macau Chapter is supporting the 5th Cloud Forum on October 31, 2019.

The Cloud Forum is a must-go event for those who seek solutions to the challenges and the obstacles brought on by their extensive involvement with the cloud. It is the place for vision and education. Better vision leads to more innovative solutions and better education leads to more productive implementation.

The 5th Cloud Forum is a perfect event for the innovative business executives and sharp skilled professionals. Whether you are involved in the digital transformation of your business, the management of a mountain of useful data or the defence of all sorts of cloud threats, you will find something useful at our event.

DATE:                      October 31, 2019 (Thursday)
TIME:                      09:00 – 16:00
VENUD:                   S221, Hong Kong Convention & Exhibition Center
REGISTRATION:    https://www.cloudforum.hk/

CSA HKM Supports BIM Forum 2019

Cloud Security Alliance Hong Kong & Macau Chapter is supporting the BIM Forum 2019, an event organized by the Institution of Engineering and Technology Hong Kong.

This forum aims to provide a platform for the government officials, university researchers, and major industry professionals to share the views on the government policy, the latest development and the newly developed applications in Building Information and Modelling (BIM) in different aspects.

The theme of this year BIM Forum is “Emerging Disruptive Technologies and Applications”.  Professionals, young engineers and other stakeholders are welcome to join this event.

DATE:                          September 21, 2019 (Saturday)
TIME:                           09:30 – 13:30
VENUD:                       Inno Space, 1/F HKPC Building, 78 Tat Chee Avenue, Kowloon
REGISTRATION:         http://bimforum2019.hkeco.net/

CSA HKM Supports ISOC HK Security Bootcamp 2019

Security Bootcamp graphic

ISOC HK is organising the Security Bootcamp 2019 this month and this event is supported by the Cloud Security Alliance Hong Kong & Macau Chapter.  The event comes with hands-on workshops conducted by industry practitioners and CTF challenges for participants to build a foundation and sense of security, as well as to explore further in infrastructure and application.

The program this year covers IoT hacking, malware analysis, steganography, forensic, cryptography, symbolic execution, formal proof and many more.  The event targets undergraduate students this year and has received a vast number of registrations.

DATE:              September 14-15, 2019 (Saturday and Sunday)
VENUD:           Common First Year Laboratory (Room CF004), Hong Kong Polytechnic University
LANGUAGE:    Chinese and English
FEE:                 HK$300 (All material inclusive) REGISTRATION: https://www.isoc.hk/news/security-bootcamp-2019/