CSA HKM Supports ICT Conference 2021

The “ICT Conference 2021 – Embracing Digital Futures Under New Normal”, aims to provide a forum for the government officials, university researchers, and major industry professionals to share the views on the government policy, the latest development and applications, as well as the opportunities and threats in the future ICT era.

Cloud Security Alliance Hong Kong & Macau Chapter is pleased to support this event organised by the Institution of Engineering and Technology (IET) Hong Kong. Details of the event is as follows:

DATE: October 8, 2021, Friday
TIME: 2:00-5:30 pm
FORMAT: Online Webiner
LANGUAGE: English
FEE: Free of Charge
REGISTRATION: ictconference.hk

CSA HKM Supports Cybersec Infohub Annual Professional Workshop 2021

Cloud Security Alliance Hong Kong & Macau Chapter will support the Cybersec Infohub Annual Professional Workshop 2021 organised by the Office of the Government Chief Information Officer (OGCIO) and the Hong Kong Intenet Registration Corporation Limited on September 17.

Participants will gain insights from attending experts on how cyber security strategy and mindset support business continuity and help create business value in the new norm.

DATE: September 17, 2021, Friday
TIME: 2:30-4:30 pm
FORMAT: Live Broadcast
LANGUAGE: Cantonese
AGENDA:
Presentation 1 – Build Your Own Cyber Security Strategy for Your Business
Presentation 2 – Challenges of Digital Transformation in the Post-epidemic Era
Panel Discussion – The Importance of Cyber Security Mindset in the New Norm

REGISTRATION: https://forms.office.com/r/1NLNRDPh6n

CSA HKM Supports BSI Privacy Control Seminar

Cloud Security Alliance Hong Kong & Macau Chapter is supporting BSI in the organisation of a seminar on privacy control.

Given the dynamic environment in which we operate, the need for guidance on how organizations should manage and process data to reduce the risk to privacy information is getting more important.

Please join the seminar on August 4 to learn:
• Hot news of privacy breaches
• Highlight of privacy trend
• How to implement privacy control to compliance with the privacy acts across the globe
• Demonstrating compliance and building trust with privacy information management system

DATE: August 4, 2021, Wednesday
TIME: 2:30 – 4:00 pm
VENUE: 23/F, Cambridge House, TaiKoo Place, 979 King’s Road, Island East, Hong Kong
MEDIUM: Cantonese
DETAILS: https://page.bsigroup.com/l/73472/2021-04-28/zj6zp4?_ga=2.40865057.262037903.1625453284-1280419738.1615774271

CSA HKM Supports “Be Smart Online, Stay Away from Pitfalls” GIF Graphic Design Contest

Cloud Security Alliance Hong Kong & Macau Chapter is proud to support the Build a Secure Cyberspace 2021 – “Be Smart Online, Stay Away from Pitfalls” GIF Graphic Design Contest.

Organised by the GovCert.hk, the Hong Kong Computer Emergency Response Team Co-ordination Center and the Hong Kong Police Force, the Contest aims to arouse the awareness of public on Internet safety and etiquette.

A webinar cum GIF Graphic Design Contest Award Ceremony will be held on September 24 to conclude the contest.  In this webinar, cyber security experts will introduce cyber security best practices and share their insights on defending against cyber attacks and the enhancement of cyber security postures of enterprises.  The expert speakers will also share their experiences in staying away from cyber pitfalls and offer advice for being an ethical Internet user.  

DATE: September 24, 2021, Friday
TIME: AM Session – 9:30am – 12:15pm / PM Session 2:30pm – 5:00pm
DETAILS and REGISTRATION: https://www.cybersecurity.hk/en/event20210924.php

CSA HKM Announces 2021/2022 Management Team

Cloud Security Alliance Hong Kong & Macau Chapter announced a new management team for 2021/2022 after their AGM on July 13, 2021.

PositionName
ChairmanClaudius Lam
Deputy Chairman (Hong Kong)Harry Pun
Deputy Chairman (Macau)Terry Cheung
Vice Chairman – Secretarial & TreasurerOtto Lee
Vice Chairman – Membership & External AffairsVince Wan
–      Government Relationship Development DirectorSC Leung
–      Membership (Events & Activities) DirectorHenry Ng
Vice Chairman – Programs & ResearchSamuel Ng
–      Research DirectorFrank Chow
Vice Chairman – Professional DevelopmentRicci Ieong
–      Education Director (Hong Kong)Kevin Liu
–      Education Director (Macau)Kevin Lam
–      Certification Coordination DirectorTBD

The team will work together to further the development of CSA HKM in the year to come.

CSA大中華區發佈《軟體定義邊界(SDP)和零信任》白皮書

CSA大中華區已發佈《軟體定義邊界(SDP)和零信任》白皮書,對如何使用SDP來實現零信任網絡(ZTN),為什麼將SDP應用於網絡連接,以及甚麼是最先進的ZTN實現等問題進行了分析解答。

軟體定義邊界(Software Defined Perimeter, SDP)是一個能夠為OSI七層協定棧提供安全防護的網絡安全架構,實現資產隱藏,並在允許連接到隱藏資產之前使用單個數據包通過單獨的控制和數據平面建立信任連接。 使用SDP實現的零信任網絡使組織能夠更好防禦新變種攻擊方法,以及改善企業所面臨攻擊面日益複雜和擴大的安全困境。

從本質上講,零信任是一種網絡安全概念,其核心思想是組織不應自動信任傳統邊界內外的任何事物,並旨在捍衛企業資產。 實施零信任需要在授予訪問許可權之前驗證所有嘗試連接到資產的事物,並在整個連接期間對會話進行持續評估。

軟體定義邊界(SDP)是零信任策略的最高級實現方案。 CSA已採用並宣導將以下結構應用於網絡連接:

  • 將建立信任的控制平面與傳輸實際數據的數據平面分開。
  • 使用動態全部拒絕(deny-all)防火牆(不是完全deny-all,而是允許例外)來隱藏基礎架構(例如,使伺服器變”黑”,不可見)
  • 丟棄所有未經授權的數據包並將它們用於記錄和分析流量。
  • 訪問受保護的服務之前,通過單包授權(SPA)協定來認證和授權使用者以及驗證設備。
  • 最小授權在此協定中是自帶的。

在該白皮書中,CSA全球SDP工作組和CSA大中華區SDP工作組的多位專家們對SDP如何實現零信任的戰略、價值、實施等內容做了原創和翻譯,相信對廣大的安全專家、CIO、CISO和公司業務高管在考慮企業的零信任落地時會有啟示和説明。

下載《軟體定義邊界(SDP)和零信任》白皮書

雲安全聯盟大中華區發佈 《雲計算的 11 類頂級威脅》

越來越多的企業正在將數據和應用程式遷移到雲中,這帶來了獨特的資訊安全挑戰。 保護企業在雲中數據的主要責任並不完全在於服務提供者,而主要在於客戶本身。 為了使組織對雲安全問題有新的瞭解,以便他們可以就雲採用策略做出有根據的決策,CSA 大中華區發佈了新版本的《雲計算的11類頂級威脅》(中文版),本報告主要關注11個與雲計算的共用、按需特性相關的問題。 以下是本報告關注的11個主要威脅:

1.資料洩漏。
2.配置錯誤與變更控制不足。
3.缺乏雲端安全架構與策略。
4.身份,憑證,存取和金鑰管理不足。
5.帳戶劫持。
6.內部威脅。
7.不安全的介面和 API 。
8.控制平面薄弱。
9.元結構與應用程式結構失效。
10.有限的雲使用可見度。
11.濫用及違法使用雲服務。

拒絕服務共享技術漏洞以及雲服務提供者數據丟失和系統漏洞之類的問題已不在本報告之列。 這表明由雲服務提供者負責的傳統安全問題似乎已經有效的緩解。 相反我們看到更多的是需要解決那些位於技術棧更高層次的安全問題這些問題是高級管理層決策的結果。

在調查中評分最高的新專案更加細微表明消費者對雲的理解日益成熟。 這些問題本質上是雲計算的固有特性表明消費者正在積極考慮向雲遷移的技術環境。 這些主題涉及潛在的控制平面缺陷元結構和應用結構故障以及有限的雲可見性。 這些新的重點與以前的《 關鍵威脅Top Threats》報告中更為突出的通用威脅風險和漏洞(即數據丟失拒絕服務)明顯不同。

CSA大中華區希望本報告能夠提高組織對最重要的安全問題及其應對措施的認識並在為雲遷移和安全性制定預算時將其考慮在內。 該報告提供了控制建議和參考示例旨在供合規風險和技術人員使用管理層也能夠從本報告的技術趨勢和概述中受益。

下載報告:雲計算的 11 類頂級威脅

(ISC)² Info Session: CCSP – The Industry’s Premier Cloud Security Certification

MAR-CCSP-Info_Session_Banner-APAC-1200x628-20200814

Earning the globally recognized #CCSP cloud security certification is a proven way to build your career and better secure critical assets in the cloud. Join ISC2’s 60-min live info-session on September 10 (Thursday) at 14:00 to learn more about the CCSP, its exam domains, experience requirements and available study resources. And, get to ask any question that will support your certification journey!

(ISC)² Info Session

Topic: CCSP – The Industry’s Premier Cloud Security Certification
Date: September 10, 2020 (Thursday)
Time: 14:00-15:00

Register now: https://www.isc2.org/News-and-Events/Webinars/APAC-Webinars?commid=432478&utm_source=csahk

雲安全聯盟大中華區發佈「使用者自治數碼身份安全白皮書」

用戶自治數碼身份安全白皮書數碼身份是保障數碼經濟安全的信任基石,業界目前的數碼身份體系一般都是中心化的,區塊鏈作為解決可信問題的分散式技術,給數碼身份自治的場景打開了天窗,比如減少分散雲計算中心化身份數據大量聚合的洩露風險,在邊緣計算分散式系統中使可信身份認證管理更加便捷私密等。

雲安全聯盟大中華區在810日舉辦的CSA Summit上發佈了《使用者自治數碼身份安全白皮書》該白皮書主要是針對於希望用DID來進行技術開發或者應用落地的專案或公司需要注意的一些安全與隱私的問題分析為什麼在新的數碼化轉型過程中DID能夠解決的痛點問題並對目前國際上已有的標準和案例進行介紹。

本白皮書目前是第一版本因為DID本身的一系列標準還在開發之中安全對於數碼身份是第一要素新的安全問題肯定會出現,歡迎讀者專家們能夠提出意見使下一個版本的覆蓋面更廣,對於行業的發展能有更大貢獻。

下載用戶自治數碼身份安全白皮書

CSA HKM to hold Annual General Meeting on June 16, 2020

The Cloud Security Alliance Hong Kong & Macau Chapter will hold its Annual General Meeting on June 16, 2020:

Date:   16 June 2020

Time:   7:00 (p.m.)

Place:  Unit 1605, Hang Shing Building, 363 Nathan Road, Kowloon

Agenda:

  • To receive and consider the Directors’ Report and Audited Financial Statements for the year ended 30 June 2019.
  • To elect directors.
  • To re-appoint auditors and to fix their remuneration.
  • To consider any other business.

The meeting is open to all members.  Due to the social distancing policies introduced by the Hong Kong Government, it is advised to attend the meeting online rather than in person.  Please contact membership@csahkm.org for the meeting link.