Category: Events

CSA HKM Knowledge Sharing Event – June 2022

Securing cloud computing environment is more than just protecting data and workloads in the cloud and cloud management platform. When more and more cloud-based applications were developed in shared model, vulnerabilities in shared environment could fall between the cracks. Thus, supply chain risk already become a serious issue to many companies.

In the Knowledge Sharing Event organised by Cloud Security Alliance Hong Kong & Macau Chapter on June 9, we will look into how to detect and mitigate supply chain risks.

Checkmarx Engineer, Richard Lee, will bring us to the practice world of security review through demonstration. He will cover:

  • The types of risks associated with open source libraries  
  • How to test the libraries you’re using for safety 
  • Tools you can use to protect your business
  • New reputational and behavioral analysis techniques to overcome obfuscation attempts

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: June 9, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Open Source Software Supply Chain: Risks and Mitigation
SPEAKER: Richard Lee, APAC Channel Sales Engineer, Checkmarx

CONTENT:

Open source libraries have become an essential part of almost all modern applications.  Without open source, software development would be stuck in the slow lane. Not “reinventing the wheel” each time you need a certain functionality in an app saves time and effort, and as a result, open source isn’t going away anytime soon. If anything, it’s becoming more and more widespread.     

But there’s a certain amount of risk that comes with using open source components, modules, and libraries. Today, it’s increasingly important to protect yourself from these risks.

In this session, we discussed the importance and prevalence of open source software as well as the ways you can protect yourself from its attendant risks and licensing issues. The goal is to catch issues early, before they can become a problem or a liability. We’ll cover best practices to secure the software supply chain against errors and bad actors, along with what steps to avoid.

THE SPEAKER:
Richard Lee is currently the Checkmarx Channel Sales Engineer for the Asia Pacific Region with over 10 years’ experience in the IT, IT security and Application Security industry. He has held various positions in manufacturing, software companies and information security companies.

Richard is currently responsible for AST Platform, SAST (Static Application Security Testing), IAST (Interactive Application Security Testing), SCA (Software Composition Analysis) and CodeBashing technologies. Prior to joining Checkmarx he held various positions at Intel, Microsoft, HP and SafeNet.

Richard holds a bachelor’s degree in Computer Science from the University of Kansas, USA.

Registration: https://csakse2206.eventbrite.hk

CSA HKM Supports Digital Practice Summit Asia

Cloud Security Alliance Hong Kong & Macau Chapter is elated to be an Association Partner of Digital Practice Summit Asia, part of AF Show Asia series taking place LIVE on June 15!

Digital Practice Summit Asia is the online technology event of the year for accountants in practice. With 20+ LIVE sessions across 2 Channels, it’ll offer the audience the greatest insights to help growing the accounting practice post pandemic in 2022 and beyond.

DATE: June 15, 2022, Wednesday

TIME: From 9:00 am

FORMAT: Online

Get your FREE virtual pass now: https://bit.ly/3MWr9Qf

CSA HKM Knowledge Sharing Event – May 2022

Covid-19 situation is less severe these days. Work from home is not strictly required now. Life is now back to normal. Under the new normal situation, Cloud Computing become a critical component in our daily work. One of the main concern in using Cloud Computing environment is the security.

How can we store secret across multiple cloud environment for secure cloud workflow? In this knowledge sharing session, we invited HashiCorp Cloud Platform to provide us with some insights.

Shohei Maeda, Developer Advocate for HashiCorp APJ will share with us how secret could be and should be stored in cloud and container environment. He will also bring us to the Zero Trust Security model to secure our workflow environment.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: May 19, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Managing Secrets at scale for a Secure Cloud workflow
SPEAKER: Shohei Maeda, Developer Advocate for HashiCorp APJ

CONTENT:
Traditionally, people, applications, and services with access to resources are given their own set of long-lived, scoped credentials.  As your organization, teams, and systems scale, the number of these credentials and the access to them will only increase over time, and are used everywhere which causes what is called “Secret Sprawl”.  Static credentials that exist in your workflows are always at risk of leakage and introduce a large attack surface.

This session will show you how you can apply a Zero Trust Security model that secures your workflows by leveraging dynamic and short-lived credentials.
With this, you are able to avoid managing static, long-lived secrets across systems, and giving direct access to these secrets is no longer required.

THE SPEAKER:
Shohei is a developer advocate at HashiCorp who loves learning new technologies. He lives in Tokyo, Japan.

With his broad experience in Infrastructure, security, and web engineering, he focuses on building new tools and tackling complex problems that developer communities run into to make their life easy and happy.

Registration: https://csahkmkse2205.eventbrite.hk

CSA HKM Supports Hong Kong ICT Award 2022

The Hong Kong ICT Awards aims at recognising and promoting outstanding information and communications technology inventions and applications, thereby encouraging innovation and excellence among Hong Kong’s ICT talent and enterprises in their constant pursuit of creative and better solutions to meet business and social needs.

The Award was established in 2006 with the collaborative efforts of the industry, academia and the Government. Steered by the Office of the Government Chief Information Officer, and organised by Hong Kong ICT industry associations and professional bodies. The Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organisation this year.

There are eight categories under the Hong Kong ICT Awards 2022. There will be one Grand Award in each category, and an “Award of the Year” will be selected from the eight Grand Awards by the Grand Judging Panel. HKCS is officially appointed by OGCIO to be the Leading Organiser of the Hong Kong ICT Awards 2022 – Smart Business Award category. The Smart Business Award covers 3 streams, including Solution for Business and Public Sector Enterprise, Solution for SME as well as Emerging Technologies.

For details please visit: https://hkcs.org.hk/ictawards/

CSA HKM Knowledge Sharing Event – April 2022

Covid-19 brings us a lot of challenges but at the same time with Work / Study at Home opportunity. We have secure a number of new study opportunities and learning opportunities to our members.

Firstly, as a CSA HKM Chapter member, you can enjoy our knowledge sharing session and claim CPE. Besides, if you are our member and have attended 3 of our knowledge sharing event sessions, you can then entitle to register for our CCSK course and CCAK course with special member discount (Membership – Associate Member).

In April we invited Mr Ken Zhang, Head of Security Hong Kong, Google Cloud, to join us again to share the new topic on Security Framework SLSA for CI/CD pipeline. Ken has delivered a talk for us on Cloud Infrastructure Continuous Compliance in November last year.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: April 21, 2022 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Ken Zhang, Head of Security Hong Kong, Google Cloud

TOPIC: Supply chain Levels for Software Artifacts (SLSA) – Open-source Security framework for Serverless and CI/CD Pipeline.

CONTENT:

SLSA is a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises. The solution takes the conceptual framework and turns it into a reference architecture and actual implementation on GCP using native, serverless GCP CI/CD toolchain and Binary Authorisation.

You can directly borrow the solution demo setup & code to start their GCP based CI/CD pipeline design and build. You can also leverage the reference architecture to build out their own pipeline leveraging GCP Binary Authorisation and GKE, or your own pipeline on-premises or on other cloud.

THE SPEAKER:

Ken led multi-cloud security and transformation projects in Australia and the Greater China Region. He has experience helping organisations with their security and transformation journeys in banking, insurance, retail, health service and manufacturing industries

View the Presentation: https://youtu.be/C8h6mfM_VhY

CSA HKM Supports “Building a Cyber Security, Cloud Protection and Privacy Framework” Workshop

Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organisation of the “Building a Cyber Security, Cloud Protection and Privacy Framework” Workshop organised by the Hong Kong Productivity Council.

This workshop will explain in detail the CSF & CCM frameworks and how they can be applied to protect an organisation’s critical assets and cloud usage. Practical examples will be shared to illustrate the best practices and tips of adopting these two frameworks.

Date:                     11 May 2022

Time:                     09:30-17:00

Venue:                 HKPC Building, 78 Tat Chee Avenue, Kowloon Tong, Kowloon

Details and enrolment: http://u.hkpc.org/cloud-protection.

CSA HKM members will receive special discount on the workshop fee.

CSA HKM Knowledge Sharing Event – February 2022

Happy New Year. CSA Hong Kong and Macau Chapter wish all of you have a great year of Tiger.

This is the first knowledge sharing event this year. We have invited Alibaba Cloud to share their view on the China Security Compliance requirements.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: February 24, 2022 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: Sunny Guan, Regional Security Compliance Lead (Greater China and Philippines), Alibaba Cloud

TOPIC: China Security Compliance and Solutions

AGENDA:- Trend and Overview- Cybersecurity Compliance in China – Data Security and Privacy- Alibaba Cloud Solutions

THE SPEAKER:

Sunny Guan is the Regional Security Compliance Lead for Greater China and the Philippines in Alibaba Cloud with over 10 years extensive experience in technology risk management as well as the cybersecurity and privacy related compliance. She has helped many MNCs in APAC with the advice and the implementation of compliance solutions with reference to the applicable regulatory requirements and industry best practice. 

View the presentation : https://youtu.be/YbytxKCCKtI

CSAHKM Additional Sharing on Log4j on 17 December 2021

Log4j exploit is definitely the hottest topic over this week. Many of the IT company or IT support person said it is the Log4j week. We definitely do not want to be inert or reactive about this hot topic, but we should also not be over reactive by the incident.

So on top of our scheduled regular monthly knowledge sharing session event on this week 17 Dec 2021, CSA (HK & Macau Chapter) consider that it would be a good time that we squeeze 20 minutes from our sharing session and seize this time to pull in a panel to talk about this Log4j exploit attack method, defense mechanism, solutions by cloud service provider for cloud users and current trend detected about the attack in the wild and next step that we could do.

So we will have the following speakers in the panel this friday 17 Dec 2021. You just need join in the event by registering at the same knowledge sharing session link, https://csahkmkse2112.eventbrite.hk

Samuel NG (ASTRI and CSA HKM Vice Chairman of Programs & Research) will cover the attack method of Log4j exploits.

Otto LEE (HKCERT and CSA HKM Vice Chairman – Secretarial & Treasurer) will highlight the alerts and updates about the Log4j vulnerability.

Pike WONG (Data Voyager) will cover the observed current and changes of attack pattern of Log4j related attack in this week.

Vincent IP (PISA, Hon. Secretary & Treasurer) will share the mitigation solutions that corporate and SME can use to reduce the attack currently.

Harry PUN (Microsoft and Deputy Chairman) will give us some input and advises how cloud service provider did to manage the incident and what solutions they provide to cloud user.

Also join our organisation CSA HKM for more benefits and more event in the coming year. You can have discount in our CCSK, CCAK and CCSP training.

DATE: December 17, 2021 (Friday)

TIME: (New time) 13:15 – 13:45 pm

VENUE: Webinar

View the presentation: https://youtu.be/FuFB13MgXX4

(start from 00:47:46)

CSA HKM Knowledge Sharing Event – December 2021

It is coming to the end of 2021 and it is time for CSA HKM to organise the last knowledge sharing event for this year. Instead of technical hardcore topics, CSA HKM would like to hold a legal and compliance event hosted by our Macau Chapter.

The Macau Cyber Security Law was legislated since December 2019. In the past 2 years, how is this law affecting the security posture of Macau? How are the related organizations reacted to this law? In this seminar, Terry Cheung, Deputy Chairman – Macau of CSA HKM, will highlight the requirements of the law and the related guideline and review the work that the related organizations, the governing bodies have been contributed for compliance and the reduction of security risks and the privacy requirements will also be discussed. 

Participants will claim 1 CPE.

DATE: December 17, 2021 (Friday)

TIME: 12:30 – 01:15 pm (Updated)

VENUE: Webinar

SPEAKER: Mr. Terry CHEUNG, President of the ISACA Macao Chapter, the Deputy Chairman of Macau of CSA HKM Chapter and Managing Director of TopSOC Information Security Limited

TOPIC: Macau CyberSecurity in Action

LANGUAGE: Cantonese

THE SPEAKER:

Terry has been in IT and Information Security sectors for over 25 years. He has been working in various industries including banking, government, telecommunications, hospitality and gaming and cyber security consultancy. He has experiences in security policy development, forming new security team, design and deploy various security systems including two tiers DDoS protection service, central logging system and SIEM, ISO27001 implementation, etc. Heparticipated in the development and implementation of many systems including core banking systems, converged billing systems, ERP, HR, CRM, Call Center system, gaming and hospitality systems, etc. In the past few years, he has provided security professional services related to the Macau Cyber Security Law.

Apart from work, Terry is also the founder of the Information Systems Audit and Control Association (ISACA) Macao Chapter and the Cloud Security Alliance (CSA) Hong Kong & Macau Chapter. Currently, he is serving as the President of the ISACA Macao Chapter and the Deputy Chain of Macau of CSA HKM. He is working as the Managing Director of TopSOC Information Security Limited.

Terry holds professional qualifications such as CISP CISI CISSP CCSP CISM CISA CDPSE CITP CEng ACA MVP.

View the presentation: https://youtu.be/FuFB13MgXX4

CSA HKM Supports 3rd CXO Forum

The Cloud Security Alliance Hong Kong & Macau Chapter is pleased to support the 3rd CXO Forum organised by Kornerstone.

More than a year into the COVID era, there are too many businesses scorched by the impact of business + customer isolation. With the dying down of infection numbers and the advent of vaccines, the business community is ready to be reborn, rising out of the ashes. Can your business be the same?

With multiple themes include “Meeting Growth Challenges in a Digital Age”, “Think like a Technology Company – Innovation and Transformation”, “Reinvent the Organisational Model”, “Data-centric Business Strategies” and “Success in the Customer Experience Economy”, the speakers at the event will bring you all the insights for your success, or survival.

DATE: December 2, 2021 (Thursday)
TIME: 9:00 am – 12:30 pm
FORMAT: Physical event
VENUE: 7/F Cordis, Hong Kong, 555 Shanghai Street, Mongkok
DETAILS AND REGISTRATION: https://www.cxoforum.hk/