CSA HKM Supports 3rd CXO Forum

The Cloud Security Alliance Hong Kong & Macau Chapter is pleased to support the 3rd CXO Forum organised by Kornerstone.

More than a year into the COVID era, there are too many businesses scorched by the impact of business + customer isolation. With the dying down of infection numbers and the advent of vaccines, the business community is ready to be reborn, rising out of the ashes. Can your business be the same?

With multiple themes include “Meeting Growth Challenges in a Digital Age”, “Think like a Technology Company – Innovation and Transformation”, “Reinvent the Organisational Model”, “Data-centric Business Strategies” and “Success in the Customer Experience Economy”, the speakers at the event will bring you all the insights for your success, or survival.

DATE: December 2, 2021 (Thursday)
TIME: 9:00 am – 12:30 pm
FORMAT: Physical event
VENUE: 7/F Cordis, Hong Kong, 555 Shanghai Street, Mongkok
DETAILS AND REGISTRATION: https://www.cxoforum.hk/

CSA HKM Supports HKCERT Webiner: Secure Coding Practices – OWASP Top 10 (2021)

Cloud Security Alliance Hong Kong & Macau is pleased to support the webiner “Secure Coding Practices – OWASP Top 10 (2021): What’s Changed and Implications to Application Developer”. The webiner is organised by the HKCERT and will be held on November 24, 2021.

The latest OWASP Top 10 2021 version features considerable changes by shifting to emphasise security control areas over individual vulnerabilities for improved risk management. It leads to a recategorisation of several risks and new additions. Examples are the most significant one is now the Broken Access Control, while the long-standing number one risk of “Injection” is downgraded to 3 rd position.

Wanna know more about the changes? Join this webinar NOW and learn from software security specialist from OWASP HK Chapter and security expert!

DATE: November 24, 2021 (Wednesday)
TIME: 3:00 – 4:30 pm
FORMAT: Online Webiner
LANGUAGE: Cantonese with English terminology
DETAILS AND REGISTRATION: https://bit.ly/3H750fV

CSA HKM Supports the Hong Kong International Computer Conference 2021

The Hong Kong International Computer Conference (HKICC) is an annual flagship event organised by the Hong Kong Computer Society (HKCS) since 1978 and is one of the best and most popular ICT conferences in Hong Kong. It brings together ICT professionals and experts, government leaders and business executives from local and abroad to share and discuss the latest trends of ICT innovations and developments in enhancing business opportunities and productivity.

This year the theme of the event is Emerging Technologies Shaping our Future in the Greater Bay Area and the highlighted topics include Sustainability and Smart Living / City: Good for today and tomorrow, Role of Hong Kong in the Great Bay Area, Emerging Technologies: Opportunities and Challenges; as well as Hong Kong as an International Technology and Innovation Centre.

DATE: November 17-18, 2021 (Wednesday and Thursday)
TIME: 9:30am – 5:15pm
FORMAT: Hybrid Conference
PHYSICAL VENUE: Theatre 1 & 2, Hong Kong Convention & Exhibition Centre, Wan Chai
LANGUAGE: English & Mandarin
DETAILS and REGISTRATION: http://hkicc.hkcs.org.hk/

CSA HKM Supports ICT Conference 2021

The “ICT Conference 2021 – Embracing Digital Futures Under New Normal”, aims to provide a forum for the government officials, university researchers, and major industry professionals to share the views on the government policy, the latest development and applications, as well as the opportunities and threats in the future ICT era.

Cloud Security Alliance Hong Kong & Macau Chapter is pleased to support this event organised by the Institution of Engineering and Technology (IET) Hong Kong. Details of the event is as follows:

DATE: October 8, 2021, Friday
TIME: 2:00-5:30 pm
FORMAT: Online Webiner
LANGUAGE: English
FEE: Free of Charge
REGISTRATION: ictconference.hk

CSA HKM Supports Cybersec Infohub Annual Professional Workshop 2021

Cloud Security Alliance Hong Kong & Macau Chapter will support the Cybersec Infohub Annual Professional Workshop 2021 organised by the Office of the Government Chief Information Officer (OGCIO) and the Hong Kong Intenet Registration Corporation Limited on September 17.

Participants will gain insights from attending experts on how cyber security strategy and mindset support business continuity and help create business value in the new norm.

DATE: September 17, 2021, Friday
TIME: 2:30-4:30 pm
FORMAT: Live Broadcast
LANGUAGE: Cantonese
AGENDA:
Presentation 1 – Build Your Own Cyber Security Strategy for Your Business
Presentation 2 – Challenges of Digital Transformation in the Post-epidemic Era
Panel Discussion – The Importance of Cyber Security Mindset in the New Norm

REGISTRATION: https://forms.office.com/r/1NLNRDPh6n

CSA HKM Supports BSI Privacy Control Seminar

Cloud Security Alliance Hong Kong & Macau Chapter is supporting BSI in the organisation of a seminar on privacy control.

Given the dynamic environment in which we operate, the need for guidance on how organizations should manage and process data to reduce the risk to privacy information is getting more important.

Please join the seminar on August 4 to learn:
• Hot news of privacy breaches
• Highlight of privacy trend
• How to implement privacy control to compliance with the privacy acts across the globe
• Demonstrating compliance and building trust with privacy information management system

DATE: August 4, 2021, Wednesday
TIME: 2:30 – 4:00 pm
VENUE: 23/F, Cambridge House, TaiKoo Place, 979 King’s Road, Island East, Hong Kong
MEDIUM: Cantonese
DETAILS: https://page.bsigroup.com/l/73472/2021-04-28/zj6zp4?_ga=2.40865057.262037903.1625453284-1280419738.1615774271

CSA HKM Supports “Be Smart Online, Stay Away from Pitfalls” GIF Graphic Design Contest

Cloud Security Alliance Hong Kong & Macau Chapter is proud to support the Build a Secure Cyberspace 2021 – “Be Smart Online, Stay Away from Pitfalls” GIF Graphic Design Contest.

Organised by the GovCert.hk, the Hong Kong Computer Emergency Response Team Co-ordination Center and the Hong Kong Police Force, the Contest aims to arouse the awareness of public on Internet safety and etiquette.

A webinar cum GIF Graphic Design Contest Award Ceremony will be held on September 24 to conclude the contest.  In this webinar, cyber security experts will introduce cyber security best practices and share their insights on defending against cyber attacks and the enhancement of cyber security postures of enterprises.  The expert speakers will also share their experiences in staying away from cyber pitfalls and offer advice for being an ethical Internet user.  

DATE: September 24, 2021, Friday
TIME: AM Session – 9:30am – 12:15pm / PM Session 2:30pm – 5:00pm
DETAILS and REGISTRATION: https://www.cybersecurity.hk/en/event20210924.php

CSA HKM Announces 2021/2022 Management Team

Cloud Security Alliance Hong Kong & Macau Chapter announced a new management team for 2021/2022 after their AGM on July 13, 2021.

PositionName
ChairmanClaudius Lam
Deputy Chairman (Hong Kong)Harry Pun
Deputy Chairman (Macau)Terry Cheung
Vice Chairman – Secretarial & TreasurerOtto Lee
Vice Chairman – Membership & External AffairsVince Wan
–      Government Relationship Development DirectorSC Leung
–      Membership (Events & Activities) DirectorHenry Ng
Vice Chairman – Programs & ResearchSamuel Ng
–      Research DirectorFrank Chow
Vice Chairman – Professional DevelopmentRicci Ieong
–      Education Director (Hong Kong)Kevin Liu
–      Education Director (Macau)Kevin Lam
–      Certification Coordination DirectorTBD

The team will work together to further the development of CSA HKM in the year to come.

CSA大中華區發佈《軟體定義邊界(SDP)和零信任》白皮書

CSA大中華區已發佈《軟體定義邊界(SDP)和零信任》白皮書,對如何使用SDP來實現零信任網絡(ZTN),為什麼將SDP應用於網絡連接,以及甚麼是最先進的ZTN實現等問題進行了分析解答。

軟體定義邊界(Software Defined Perimeter, SDP)是一個能夠為OSI七層協定棧提供安全防護的網絡安全架構,實現資產隱藏,並在允許連接到隱藏資產之前使用單個數據包通過單獨的控制和數據平面建立信任連接。 使用SDP實現的零信任網絡使組織能夠更好防禦新變種攻擊方法,以及改善企業所面臨攻擊面日益複雜和擴大的安全困境。

從本質上講,零信任是一種網絡安全概念,其核心思想是組織不應自動信任傳統邊界內外的任何事物,並旨在捍衛企業資產。 實施零信任需要在授予訪問許可權之前驗證所有嘗試連接到資產的事物,並在整個連接期間對會話進行持續評估。

軟體定義邊界(SDP)是零信任策略的最高級實現方案。 CSA已採用並宣導將以下結構應用於網絡連接:

  • 將建立信任的控制平面與傳輸實際數據的數據平面分開。
  • 使用動態全部拒絕(deny-all)防火牆(不是完全deny-all,而是允許例外)來隱藏基礎架構(例如,使伺服器變”黑”,不可見)
  • 丟棄所有未經授權的數據包並將它們用於記錄和分析流量。
  • 訪問受保護的服務之前,通過單包授權(SPA)協定來認證和授權使用者以及驗證設備。
  • 最小授權在此協定中是自帶的。

在該白皮書中,CSA全球SDP工作組和CSA大中華區SDP工作組的多位專家們對SDP如何實現零信任的戰略、價值、實施等內容做了原創和翻譯,相信對廣大的安全專家、CIO、CISO和公司業務高管在考慮企業的零信任落地時會有啟示和説明。

下載《軟體定義邊界(SDP)和零信任》白皮書

雲安全聯盟大中華區發佈 《雲計算的 11 類頂級威脅》

越來越多的企業正在將數據和應用程式遷移到雲中,這帶來了獨特的資訊安全挑戰。 保護企業在雲中數據的主要責任並不完全在於服務提供者,而主要在於客戶本身。 為了使組織對雲安全問題有新的瞭解,以便他們可以就雲採用策略做出有根據的決策,CSA 大中華區發佈了新版本的《雲計算的11類頂級威脅》(中文版),本報告主要關注11個與雲計算的共用、按需特性相關的問題。 以下是本報告關注的11個主要威脅:

1.資料洩漏。
2.配置錯誤與變更控制不足。
3.缺乏雲端安全架構與策略。
4.身份,憑證,存取和金鑰管理不足。
5.帳戶劫持。
6.內部威脅。
7.不安全的介面和 API 。
8.控制平面薄弱。
9.元結構與應用程式結構失效。
10.有限的雲使用可見度。
11.濫用及違法使用雲服務。

拒絕服務共享技術漏洞以及雲服務提供者數據丟失和系統漏洞之類的問題已不在本報告之列。 這表明由雲服務提供者負責的傳統安全問題似乎已經有效的緩解。 相反我們看到更多的是需要解決那些位於技術棧更高層次的安全問題這些問題是高級管理層決策的結果。

在調查中評分最高的新專案更加細微表明消費者對雲的理解日益成熟。 這些問題本質上是雲計算的固有特性表明消費者正在積極考慮向雲遷移的技術環境。 這些主題涉及潛在的控制平面缺陷元結構和應用結構故障以及有限的雲可見性。 這些新的重點與以前的《 關鍵威脅Top Threats》報告中更為突出的通用威脅風險和漏洞(即數據丟失拒絕服務)明顯不同。

CSA大中華區希望本報告能夠提高組織對最重要的安全問題及其應對措施的認識並在為雲遷移和安全性制定預算時將其考慮在內。 該報告提供了控制建議和參考示例旨在供合規風險和技術人員使用管理層也能夠從本報告的技術趨勢和概述中受益。

下載報告:雲計算的 11 類頂級威脅