Followup after January 2023 Knowledge Sharing Event

After our January 2023 Knowledge Sharing Event, we mentioned that we have totally 15 sample questions from CCSK, CCSP and CCAK examinations for participants, members and any interested parties to explore.

As part of the requirement for “Special discount” to participants, you can click to the link and answer the questions here.

You will have to answer the questions with valid email account. After we collect your attempts and email account and preference in which certificate/certification training, we will select lucky winner(s) and contact you directly. You can only perform one attempt the questions.

We will complete the challenge by 15 Feb 2023. Happy attempt.

CSA HKM Knowledge Sharing Event – January 2023

Chinese New Year is coming and it is a good time to plan your learning process and schedule.

In this year the Cloud Security Alliance Hong Kong & Macau Chapter will continue to lead and conduct more cloud security and audit training. In February and March 2023, CSA HKM and Hatter Company Limited jointly organized two RTTP supported Cloud Security Training courses.

How to prepare, understand and get the best training that drives your career plan. In this Knowledge Sharing Event, Ricci Ieong, Vice-Chairman of Cloud Security Alliance (HK & Macau) chapter will share different context and direction of different cloud security trainings (such as CCSK, CCAK, CCSP).

Participants will claim 1 CPE.

DATE: January 31, 2023 (Tuesday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Plan your Cloud Security Training for this year
LANGUAGE: Cantonese
SPEAKER: Ricci IEONG, Vice Chairman of Cloud Security Alliance (HK & Macau Chapter)

AGENDA:

  • Comparison of different cloud security certificate/certification courses
  • Highlights about the different certificate examinations and preparation for examinations
  • Understand other Cloud Computing Training by Cloud Security Alliance
  • Special discount will be given to (selected) participants.

THE SPEAKER:

Dr. Ricci Ieong is one of the course developers and one of the four pioneer trainers of the CCAK course worldwide. Dr. Ieong is a qualified Certificate of Cloud Security Knowledge (CCSK) instructor and grandfathered to teach the Certificate of Cloud Auditing Knowledge (CCAK). He is also an authorized ISC2 Certified Cloud Security Professional (CCSP).

Apart from running his consulting business, Dr. Ieong delivers lectures in local universities. He is both an Adjunct Assistant Professor teaching Cybersecurity courses and an authorized trainer in AWS Academy in Hong Kong University of Science and Technology (HKUST). He teaches Applied Blockchain and Cryptocurrencies course at Chinese University of Hong Kong (CUHK).

Dr. Ieong is the Vice Chairman of professional development of Cloud Security Alliance (HK & Macau Chapter) and has served on CSA Cloud Incident Response Working Group and Certificate of Cloud Auditing Knowledge (CCAK) Working Group. He is an active speaker at numerous security events, including CSA summits, in Hong Kong and throughout APAC. He is one of the recipients of 2021 Ron Knode Service Award awarded by CSA.

REGISTRATION: https://csahkmkse2301.eventbrite.hk

Followup links to 15 sample questions from CCSK, CCSP and CCAK exam.

CSA HKM Knowledge Sharing Event – December 2022

It is coming to the end of 2022. In this year, the Cloud Security Alliance Hong Kong & Macau Chapter has organized a number of knowledge sharing events on various topics and in December, we will discuss how to enhance the security posture of cloud nature environment.

In the December event, we will hear from China based software security vendor Beijing Anpro Information Technology Co., Ltd. (北京安普諾資訊技術有限公司) on how they look at CyberSecurity and how they develop their products. Their co-founder 李浩 will share with us about how to secure Cloud Native Environment through DevSecOps environment. This will be our first event conducted in Putonghua.

DATE: December 22, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: 雲原生場景下軟體供應鏈風險治理技術淺談
LANGUAGE: Putonghua
SPEAKER: 李浩,懸鏡安全技術合夥人

Participants will claim 1 CPE.

AGENDA:

隨著容器、微服務等新技術的快速反覆運算,開源軟體已成為業界主流形態,開源和雲原生時代的到來導致軟體供應鏈越來越趨於複雜化和多樣化,網路攻擊者開始採用軟體供應鏈攻擊作為擊破關鍵基礎設施的的重要突破口,從而導致軟體供應鏈的安全風險日益增加。本次分享將包含如下內容:雲原生時代面臨的應用安全風險、軟體供應鏈源頭開源風險治理實踐、新一代代碼疫苗技術進化之路及 DevSecOps 敏捷安全技術演進趨勢。

THE SPEAKER:

李浩,懸鏡安全技術合夥人,擁有 10 年多的網路安全應用全棧技術開發、應用逆向、安全開發諮詢及安全培訓經驗。已獲得 CISP 註冊資訊安全工程師、等保建設專業人員等資質,並擁有多項原創發明專利授權,曾獲得「2020 安在網安強中強大賽」冠軍榮譽。長期深度參與懸鏡 DevSecOps 智適應威脅管理解決方案的研究工作。目前,主要負責懸鏡安全華南區全線產品解決方案諮詢、售前支援、產品交付及專案管理等工作。

VIEW THE PRESENTATION: https://youtu.be/UwdYvXSMqAU

CSA HKM Knowledge Sharing Event – November 2022

After the successful staging of the Cloud Security Alliance Hong Kong & Macau Summit on October 12, it is time to go back to the regular CSA Knowledge Sharing Event in November.

This month we will look into cloud security from an attacker’s viewpoint. As we mentioned before, despite the fact that cloud environment is quite secure after many years of enhancement, attacks still happen.

In our next Knowledge Sharing Event, we invited Boris So, a technical professional, to bring us into the cloud security from the “dark side”. Boris is a technical expert and has in-depth knowledge in hacking and security attack. He will be showing us more information about common attack to cloud workloads with demonstration.

Participants will claim 1 CPE.

DATE: November 24, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Attacks on Cloud Workloads
Media of Language: Cantonese
SPEAKER: Boris So, OWASP HK Chapter Lead,  Cloud Service Provider Technical Expert

AGENDA:

  • Address common attacks targeting cloud workloads, with demonstration simulating a major incident hitting the global news headline as well as other complicated attack vectors discovered in red team exercises.
  • From the attack paths identified in these scenarios we are able to draw an abstract pattern of how attackers find a way in and escalate privilege.
  • Finally we will try to go back to answer the fundamental question: is the cloud secure?

THE SPEAKER: 

Boris is a software security specialist specializing in software design and architecture, threat modeling, secure programming and static code analysis, penetration and simulation test, code obfuscation, steganography, as well as rootkit research.

Currently Boris is working in a major cloud service provider, where he joined from one of the world’s leading US financial services institutes.

He is also the OWASP HK chapter lead, and he holds 2 US patents, 2 bachelor degrees in computing and surveying, and 2 master degrees in computer forensics and applied psychology.

Boris is an enthusiast in aviation and he holds a private pilot license. During his free time, he is probably spending his time flying while not hacking.

VIEW THE PRESENTATION: https://youtu.be/W8-Ssmy_8lk

CSA HKM Supports PwC’s HackaDay 2022

The Cloud Security Alliance Hong Kong & Macau Chapter is excited to support #PwC ‘s annual #HackaDay #cybersecurity conference on 24 November! Find out more from the event official website https://www.pwchk.com/en/events/hackaday-2022-conference.html?icid=con-sp-csa!

* This event is by invitation only and seats are limited.

CSA Hong Kong & Macau Summit 2022

In a complex and hybrid world, enterprises must consider the challenges of increased real-time system complexity, the need for new cybersecurity policy and strong cultural support that is required to securely operate systems. As cyber risk has increased significantly across many organizations, the old adage of “trust, but verify” is no longer practical. The growing interest and movement toward Zero Trust architectures in the past few years has shifted this approach to the more accurate, “never trust, always verify”.

At the Cloud Security Alliance Hong Kong & Macau Summit 2022, the implications of an emerging, rich and diverse solutions landscape and the challenges to an organization’s ability to ultimately deliver a Zero Trust Architecture (ZTA) will be thoroughly discussed by expert speakers. Recommendations on how industry can improve collaboration among key stakeholder groups will also be offered to accelerate both enterprise leaders and security practitioners’ adoption of Zero Trust into their environments.

DATE: October 12, 2022 (Wednesday)

TIME: 10:00 am – 5:00 pm

FORMAT: Online event with live presentation

LANGUAGE: English / Cantonese / Mandarin (depends on speaker)

AGENDA:

10:00 Welcome Remarks
Claudius Lam, Chairman, Cloud Security Alliance Hong Kong & Macau Chapter

10:05 Opening Address – The Cloud Security Alliance Roadmap [English]
Jim Reavis, Co-founder and Chief Executive Officer, Cloud Security Alliance

10:25 Modernising Security and Enabling Cloud Journey [English]
Jason Pun, Assistant Government Chief Information Officer (Cyber Security and Digital Identity), Office of the Government Chief Information Officer

10:45 Cybersecurity Strategies on Incident Response to Protect your Organization [Cantonese]
Otto Lee, Deputy Head, HKCERT

11:15 Cybersecurity Laws in Macau [Cantonese]
Terry Cheung, Deputy Chairman – Macau, Cloud Security Alliance Hong Kong & Macau Chapter

11:45 探索雲中零信任、零摩擦、零損失的技術落地 – Explore technology practices with zero trust, zero friction and zero loss in the cloud [Mandarin]
Liso Lv, EVP – Research, Cloud Security Alliance Greater China Region

12:15 Enabling Data Privacy in the Cloud [English]
Dr Meng-Chow Kang, CISSP, Member, ISC2 Advisory Council – Asia Pacific

12:45 Break

14:00     Making Possible a Zero Trust World You Can Always Trust [Cantonese]
Nick Ng, Head of Systems Engineering, Fortinet Hong Kong, Macau, Mongolia

14:30     Continuous Risk Assessment and Access Control with Zero Trust Secure Access [Cantonese]
Alan Leung, Consultant, Trend Micro

15:00 CSA as a guiding STAR to Cybersecurity [English]
Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance

15:30 Sangfor Hybrid Cloud – Your Cloud Transformer in Disguise [Cantonese]
David Chan, Systems Engineer Director, Sangfor

16:00 Security around sophisticated Multi-cloud and Hybrid-cloud Environment [Cantonese]
Matthew Wong, Senior Cloud Solution Architect, Microsoft

16:30 BeyondProd – A New Approach To Cloud Native Security [English]
Ken Zhang, Head of Security Greater China, Customer Engineering, Google Cloud

EVENT LINK: 

https://teams.microsoft.com/l/meetup-join/19%3ameeting_MmQ0YTUyMGItZTZkZC00MTVkLTgxMDEtMWFhYmI5ZmUyZmM0%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%22971a81aa-aa75-42b3-b2cc-262a2e1c92dd%22%7d

Cyber-Dependent Crimes and Jurisdictional Issues (HKLRC Consultation Paper) Follow-up Discussion

The consultation paper on Cyber-Dependent Crimes and Jurisdictional Issues was published by the Cybercrime Sub-committee of the Law Reform Commission on July 20, 2022.  

https://www.hkreform.gov.hk/en/publications/cybercrime.htm

We have a fruitful discussion at our forum on September 14, 2022 when we touched on the terms “to acquire certification” and “accrediting cybersecurity practitioners” in the consultation paper. As the paper referred to Cyber Security Agency (CSA) of Singapore, we believe it would be better for us to understand what is CSA of Singapore’s objectives and how they define the program before we define how our future direction to be.

Cloud Security Alliance Hong Kong & Macau Chapter has invited our CSA APAC ex-colleague Anthony Lim to share his view and provide highlights to us on the Cyber Security Agency (CSA) of Singapore accreditation program.

Participants will claim 1 CPE.

DATE: September 27, 2022 (Tuesday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Learn our way to accreditation and qualification of CyberSecurity Professions from Singapore CSA
SPEAKER: Anthony Lim, Fellow, Cybersecurity, Governance & FinTech, School of Business, Singapore University of Social Sciences 

AGENDA:

  • Objectives behind accreditation and qualification of CyberSecurity Professions in Singapore
  • What is the roles and authority of CSA?
  • What is the qualification and accreditation process and requirement?
  • What is the advantages and disadvantages of the qualification scheme?
  • How to align with existing international qualifications?
  • How to align with university CyberSecurity training program?
  • What is the current status of the accreditation program?
  • How to shape similar program in Hong Kong?

THE SPEAKER: 

Anthony is a pioneer and veteran in cybersecurity and governance in Singapore and the Asia Pacific region, with over 25 years’ professional experience, as consultant, advocate, instructor, auditor and business leader.  His current interests include application security, cloud security, GRC (governance, risk management & compliance), policy & audit, smart cities and operational technology (OT).

He has held key inaugural Asia Pacific cybersecurity business leadership roles, IBM, CA and Check Point, was regional principal consultant at Fortinet and project CISO at NCS.

Anthony is a long-time well-known speaker and content provider for many business, industry, government and academic conferences, workshops, committees, executive roundtables and media (print, broadcast, internet), and has been interviewed often on national news.  He has also been a judge at national and regional industry awards, and himself has won some industry awards, and also is charter member of a government cybersecurity committee.

He was a co-developer of an acclaimed international cloud security professional certification, and was a pioneer and advocate of application security certification in the region.  He has presented on matters of cyber-security and governance at seminars at Washington DC, NATO, Stanford University, Tsinghua University and RSA Asia Pacific.He is a guest and adjunct module developer and instructor at some universities (Master’s and adult-executive programs), professional training institutes and certification programs in the region, an ISO-27001 lead auditor, and life alumni member of the University of Illinois, Urbana-Champaign.    

REGISTRATION: https://CSAHKM-220927.eventbrite.hk

CSA HKM Supports the 7th Cloud Forum

Cloud Security Alliance Hong Kong & Macau Chapter is pleased to support the the 7th Cloud Forum, which will be held on October 25, 2022.

With a theme of “Cloudnovating the future!”, the event will highlights:

  • Cloud Strategic Positioning and Adaptation for FSI in the Next 5 Years
  • Expedite Business Innovation by Using AI, Blockchain and Cloud
  • Digital Transformation: Efficient and Effective Cross-border Cloud Integration
  • AWS Machine Learning and Serverless Solutions
  • Azure Arc – Innovation Across Multi-cloud

Details of the event:

Date: October 25, 2022 (Tuesday)
Time: 09:00-12:30 – Executive Conference
14:30-17:30 – Cloud Tech Workshop
Venue: Hong Kong Convention & Exhibition Center
Details: https://www.cloudforum.hk/

Cyber-Dependent Crimes and Jurisdictional Issues (HKLRC Consultation Paper) Discussion Forum

The consultation paper on Cyber-Dependent Crimes and Jurisdictional Issues was published by the Cybercrime Sub-committee of the Law Reform Commission on July 20, 2022.  

https://www.hkreform.gov.hk/en/publications/cybercrime.htm

The purpose of the consultation paper is to make preliminary proposals for law reform on addressing the issues of the protection of individuals’ rights as well as the criminal activities carried out by the rapid developments of information technology, the computer and the internet.

This consultation is affecting our future view in CyberSecurity area. The proposed five cyber-dependent crimes mentioned in the paper will definitely impacts all of us including CyberSecurity practitioners and even IT practitioners.

Thus, Cloud Security Alliance Hong Kong & Macau Chapter is working with HKU Computer Science Department, as well as Information Security and Forensics Society (https://www.isfs.org.hk), Hong Kong Computer Society (https://www.hkcs.org.hk) and other IT organisations to jointly organise a Tech Forum to discuss on the topic.

Online Discussion will be held on September 14, 2022:

DATE: September 14, 2022 (Wednesday)
TIME: 18:30 – 20:30 (HK Time)
FORMAT: Online Zoom
TOPIC: HKU-CS Online Tech Forum and Discussion:  the Consultation Paper on Cyber-Dependent Crimes and Jurisdictional Issues

Agenda

  • Opening Remarks
  • Brief Introduction – The Purpose Of This Forum
  • Brief Introduction – The Consultation Paper
  • Q&A Session
  • Closing Remarks

Free registration at https://forms.gle/eJtEsxGZkrMPFQ5HA

CSA HKM Supports Information Security Summit 2022

Cloud Security Alliance Hong Kong & Macau Chapter is a proud supporter of the Information Security Summit 2022.

Jointly organised by the Hong Kong Productivity Council and leading information security organisations in Hong Kong, the Summit is the flagship cyber security summit in Hong Kong, with the aim to provide participants with the latest information security trends and developments.

This year, themed “Security Transformation for the Next Normal – Evolution of Risk Management and Data Protection in a Post Pandemic World”, the 2-day Summit will focus on how the enterprises can transform their security successfully under the cyber security challenges and the escalating cyber threats for the next normal. The topic will cover emerging cyber attacks and technologies, new security defence framework and risk management methodologies.

Details:

Date:6-7 September 2022
Time:09:00 – 18:00
Venue:4th Floor, Hong Kong Convention and Exhibition Centre
Fee:Free (Registration is required)
Registration:https://www.issummit.org/registration/index.html
Details:https://www.issummit.org/