Certificate of Cloud Auditing Knowledge (CCAK) Updates

Many of you may have heard that CCAK – a certificate on Cloud Auditing that jointly developed by Cloud Security Alliance (CSA) and ISACA are readily available now and the examination will be available on 22 March 2021.

Study guide are already available in ISACA bookstore.

Live events about CCAK were conducted in LinkedIn Live by Daniele Catteddu, CTO at Cloud Security Alliance and Paul Philips, Technical Research Manager, ISACA.

For more details about CCAK, please check here in the link. You can also get more information from CSA’s Circle, in the CCAK community after you register to the CSA’s Circle.

Later CCAK Training will be conducted in Hong Kong and Macau Chapter too. Stay Tune.

CSA HKM Knowledge Sharing Event – March 2021

Another great event is happening at the Cloud Security Alliance Hong Kong & Macau Chapter in March. Last month, we talked about securing cloud environment using SASE and Zero Trust. This month, we switched to secure the cloud environment from a Cloud Service Provider (CSP) perspective. This round, we invited Ken Zhang, Practice Manager of Amazon Web Services (AWS) to tell us the Top Ten AWS Security Tips.

In this session, you will hear fundamental recommendations for simple to implement, low or no cost AWS security solutions that offer potentially high impact. AWS services, including Amazon GuardDuty, AWS Security Hub and AWS CloudTrail enable better detection and response capabilities – making intrusion detection and incident response simpler and less costly than typical on-premises IT environments. It time allows, there would potentially be some AWS Console demo too. This will definitely be a resourceful session for you.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: 25 March, 2021 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar (in English)

SPEAKER: Ken Zhang, Practice Manager, Amazon Web Services (AWS)

TOPIC: Top Ten AWS Security Tips

THE SPEAKER:

Ken Zhang, Practice Manager of Amazon Web Services (AWS). Ken specializes in cloud, strategy, security, transformation, architecture and change management. He has experience helping organizations with their transformation journeys in banking, insurance, retail, health service and manufacturing. He also holds a variety of widely-recognized tech certificates and an MBA from a global top 30 business school. He is passionate about helping organizations to capture value and provide better experience to their customers.

Registration: https://csahkmkse2103.eventbrite.hk

Upcoming Events in February and March 2021

After Chinese New Year, many exciting activities and events are coming.

Firstly, on this coming Thursday (25 Feb 2021), we will have our knowledge sharing session by Zscaler on SASE and Zero Trust Model. Remember to register and join. More details can be found here.

Secondly, Information Security Summit – one of the most attractive, non-vendor driven, local Cybersecurity event will be held on March 9 – 10, 2021. This year, the Conference will be organised quite different from previous years due to the New Norm after Covid-19 virus. All the events will be organised online. Events and talks will be more interesting. Speakers from other countries will be conducting from other time zone to support us this year. For interactive panel discussion, some of the panelist will be discussing through the webinar from their home town on the topic – Challenge of Securing the New Norm – the Remote, Mobile, Decentralised and Virtual Business. Do register the conference and workshops. Do visit the link about the IS Summit 2021.

Periodically, CSA will have new publications. Recently CSA published the new report on Blockchains – Blockchains in the Quantum Era and report on IoT – CSA IoT Security Controls Framework v2. Stay tune with research from CSA.

Finally, Certificate of Cloud Auditing Knowledge (CCAK) is coming. More information about the joint certification program with ISACA will be clarified soon. At this stage, 400+ pages study guide are available in ISACA store. Stay tune with CCAK site from CSA.

CSA HKM Knowledge Sharing Event – February 2021

The Chinese New Year is coming. The Cloud Security Alliance Hong Kong & Macau Chapter wishes you Happy Chinese New Year.

We will continue our Knowledge Sharing Event after the Chinese New Year and the topic will be “How to leverage cloud platform to transform traditional security infrastructure to Secure Access Service Edge (SASE) and Zero Trust model to facilitate digital transformation”, which will be presented by Jones Leung of Zscaler.

In the “New Normal” situation, more company has to move away from existing design and implementation of securing corporate network through VPN to SASE. How to deploy and implement SASE is a hot topic.

Thanks for the success of cloud in the past few years, now there are far more innovative ways to operate our IT platform to support business growth and increase business agility, and the same can apply to securing a new digital enterprise. Secure Access Service Edge (SASE) is one of the most popular approaches to provide different business data access experience and coverage to new threats. This session is to share common approaches to deliver SASE, their fundamental differences, pros and cons for different approaches, and also how SASE can bring you closer to adopting zero trust access model.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: 25 February, 2021 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar (in Cantonese)

SPEAKER: Mr. Jones Leung, Systems Engineering Manager, ASEAN and Greater China, Zscaler, Inc

TOPIC: How to leverage cloud platform to transform traditional security infrastructure to Secure Access Service Edge (SASE) and zero trust model to facilitate digital transformation

THE SPEAKER:

Mr. Jones Leung has been with Zscaler for more than 7 years, promoting cloud transformation to enterprises and the industry. Over the past 20 years, Jones worked for many different top IT companies, such as Palo Alto Networks, Cisco and Blue Coat, and is a very well-recognized and knowledgeable technology evangelist in the region.

REGISTRATION: https://csakse2102.eventbrite.hk

Cloud Controls Matrix v4 part 1 published in Q1 2021

Cloud Control Matrix is the core component used in providing the cloud security compliance check.

CCM v3.0.1 was initially released 6 years ago. CSA determined that it is time to revise and provide the community with vendor-neutral security and privacy control framework.

More controls are added and more guidelines will be extended from the CCM v4.

CCM v4 can be downloaded from https://cloudsecurityalliance.org/research/cloud-controls-matrix/

CCM Implementation Guidelines will be published Q2, 2021

CCM Auditing Guidelines will be published Q3, 2021

Refer to the blog in CSA, https://cloudsecurityalliance.org/blog/2021/01/21/the-csa-cloud-controls-matrix-ccm-v4-raising-the-cloud-security-bar-to-the-next-level/

CSA HKM Knowledge Sharing Event – January 2021

Year 2020 is over. Welcome 2021.

In this year Cloud Security Alliance Hong Kong & Macau Chapter will continue to adopt the “New Normal” arrangement for our activities. In fact, with all your support in the last few months, it seems that with the new method, communication channel and sharing session time, more members and participants can enjoy the power of cloud computing. This year we will arrange more sharing both from cloud customers, cloud service providers and other experts.

“Start Big is always better to start with Big CSP player”. As you all know, Azure Cloud is one of the largest Cloud Service Providers, we have arranged the first sharing event with Microsoft Cloud Solution Architect in Hong Kong to cover DevOps Security Best Practices in Microsoft Azure.

Ms. Wai Man HUI, cloud solution architect will lead us through Azure’s DevOps Security Best Practices. During the talk, Wai Man will tell us more about DevOps with GitHub and Azure, how to protect secrets properly in Azure cloud environment. She will also tell us how to enhance security in Azure environment through demonstration in real life too.

The topics include :

– DevOps with GitHub And Azure
– Best practices for strong secret management
– How Key Vault can be used to enhance the security of your Azure environment

Please do not miss this opportunity to learn from the expert and get connected with your peers.

This is just the beginning of our cloud security journey in 2021. More sharing and event will be coming.

Participants will claim 1 CPE.

DATE: 28 January, 2021 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar (in Cantonese)

SPEAKER: Wai Man HUI, Cloud Solution Architect, Microsoft, Hong Kong

TOPIC: DevOps Security Best Practices with Microsoft Azure 

THE SPEAKER:

Wai Man HUI is a Cloud Solution Architect in Microsoft (Hong Kong) team that specialised in DevOps area. She worked on development and implementing business solution for company size from 50+ employees to 50,000+ employees. She also helps company in transforming their development and development workflow from traditional environment to cloud platform.

PRESENTATION FILE

CSA HKM Knowledge Sharing Event – December 2020

Christmas is coming and we all wish Covid-19 will be over soon. Cloud Security Alliance Hong Kong & Macau Chapter is arranging another Knowledge Sharing Event on December 17, 2020, a week before Christmas.

As a continuation of the last two Knowledge Sharing Event, we continue to focus on hot cloud security topic – PaaS and Microservices Security topics.

Security microservices provide security functionality, such as encryption and authentication, to calling applications. As microservices (e.g. ‘serverless’ RESTful JSON APIs) become more common in both the cloud and internal architectures, there is a trend towards including hardware security module (HSM) based services, making strong security functionality readily available to applications. In this session, you will learn:

* Why microservices are becoming fashionable
* How security microservices make security easier
* Examples of security microservices

This talk will be delivered by Ian Christofis, Principal Managing Consultant, nCipher Security (an Entrust company).

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: December 17, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Ian Christofis, Principal Managing Consultant, nCipher Security (an Entrust company)

TOPIC: Security Microservices – A New Trend

THE SPEAKER:

Ian Christofis is a specialist in information security, including cryptographic security, Public Key Infrastructure (PKI) and identity & access management. He combines a strong understanding of the commercial and strategic business issues with a detailed knowledge of the technology.

He is a Certified Information System Security Professional (CISSP), a Founding Board Member of the Cloud Security Alliance (CSA) Hong Kong & Macau Chapter, sits on the Editorial Board of the Professional Information Security Association (PISA) Journal, and a member of the International Association for Cryptologic Research (IACR).

WATCH PRESENTATION: https://youtu.be/dga_gxwfftQ

PRESENTATION FILE: https://bit.ly/2KvbKM2

CSA HKM Knowledge Sharing Event – November 2020

In last month’s knowledge sharing event, we focused in the methodology to develop and secure our PaaS environment. Do we still need to secure the cloud stem? Do we still need to secure the cloud architecture? How to secure that environment?

The common security challenges faced in the cloud stem from misconfiguration, compliance, and an exploding set of cloud infrastructure services. This session will cover how to combat these challenges and gain visibility into security, compliance, and governance vulnerabilities on your public cloud infrastructure.

We will go over the latest security offering that helps teams build a better cloud architecture. You can also look forward to hundreds of out-of-the-box, step-by-step remediation guides, enabling DevSecOps teams and cloud architects to quickly resolve vulnerabilities.

This upcoming knowledge sharing event, we invited Tony Lee, Head of Consulting of Trend Micro will lead us to the “Cloud operational excellence – Guardrails to build exceptional architecture & avoid misconfigurations“.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: November 05, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Tony Lee, Head of Consulting of Trend Micro

TOPIC: Cloud operational excellence – Guardrails to build exceptional architecture & avoid misconfigurations

THE SPEAKER:

Tony Lee is the Head of Consulting at Trend Micro – a global leader in cyber security solutions. He is responsible for the provision of security advice and solution consultation for large scale IT users and key channel partners in Hong Kong.

Tony has more than 13 years experiences in strategic planning and requirements analysis, with special focus on cloud security deployment, cyber threats response and emerging technologies analysis. As a technology evangelist for Trend Micro, he has been acting as a high profile speaker for major industry events in the region, specialized in evolving cyber threats such as ransomware and APT attacks.

Tony is a graduate of the Hong Kong Baptist University, where he received a Bachelor of Science degree in computer science.

REGISTATION: https://csakse2011.eventbrite.hk

CSA HKM Knowledge Sharing Event – October 2020

Container environment is a hot topic in cloud environment especially cloud security area. So after previous two rounds of cloud usage and SaaS cloud security talk, we now start another interesting series of cloud security talk – Cloud Container security talk. We will start our talk from OpenShift and DevSecOps. That are two hot topics in Cloud Computing and Cloud Security Area.

This month we invited William Lok, CTO and Co-founder of TechNet HK to lead us through “Transforming DevOps to DevSecOps with Redhat OpenShift“.

Today, DevOps is an inevitable way to transform the enterprise into digital era and innovate into software company. William will prepare a demo on how a container application governed by series of tool chains and deploy on RedHat OpenShift.

On top of tool chains, William will share how the security perspectives can be fulfilled by transforming DevOps to DevSecOps Journey.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: October 08, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: William Lok, CTO and Co-founder of TechNet HK

TOPIC: Transforming DevOps to DevSecOps with Redhat OpenShift

THE SPEAKER:

William Lok, CTO and co-founder of TechNet HK (http://www.technet-asia.com). He leads the company technology visions and directions. He is a frequent speaker on DevOps seminars. He plays an active role in evangelizing opensource, multi-cloud and DevSecOps adoption for Hong Kong, Macau and Taiwan enterprises.

WATCH NOW: https://vimeo.com/466411506

CSA HKM Knowledge Sharing Event – September 2020

Our knowledge-sharing session resumed since August 2020, more events will be coming. When we think about security, many of us would like to know how we train up our attack and defense skills through practice. One of the best methods is to perform a pre-defined exercise through CyberRange. But how can we ensure CyberRange is secure? So we can start to learn from one of the best CyberRange SaaS service providers – CyberBit.

This month we invited Mr. Ralph WU, Security Architect of Cyberbit – North East Asia to cover the topic: “Are you ready for Cyber War? – Training on Cloud Range Simulation platform”.

During the talk, Ralph to talk about:

  1. How Hacker make the damage ?
    1. Understand MITRE ATT&CK, why it is important to Cybersecurity Training
  2. Where is the skill gap?
    1. Leverage NICE framework as guideline of training objectives
  3. Cyberbit Cloud Range Platform
    1. Architecture
    2. Differences between Legacy Training and Range-based Training?
    3. Doing Drill Test on Cybersecurity Scenario

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: September 03, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER:

Ralph Wu, Security Architect of Cyberbit – North East Asia

TOPIC:

Are you ready for Cyber War? – Training on Cloud Range Simulation platform [Recorded Presentation]

THE SPEAKER:

Ralph Wu is the Security Architect of Cyberbit – North East Asia. He is helping different Enterprises to embraces Cyber Range platform to gear up Cyber Security Warriors get prepare for different potential outbreaks.   Ralph has more than 20 years in Infrastructure and Cybersecurity domain. Prior joining Cyberbit, he is Pre-Sales of another Israel security vendor – CyberArk which focused on Privileged Account Security on On-Prem and Cloud environment. Ralph has taken team manager role in HKT and lead a team of network and security professional to design network and security architecture for various enterprise customers in HK.