Category: News

CSA HKM Knowledge Sharing Event – July 2024 – Discussion Forum

It’s an exciting month for cybersecurity professionals in Hong Kong. Earlier this month, the HKSAR Government initiated a public consultation on a proposed legislative framework to enhance the protection of computer systems for critical infrastructure (CI) in Hong Kong.

The framework, outlined in the document [https://www.legco.gov.hk/yr2024/english/panels/se/papers/se20240702cb2-930-3-e.pdf], aims to establish a set of statutory obligations and security measures for operators of critical infrastructures. This is in response to the growing reliance of essential services on computer systems and the increasing threat of cyberattacks that could disrupt Hong Kong’s economy, public safety, and national security. By introducing this new legislation, the government seeks to strengthen the cybersecurity posture of Hong Kong’s critical infrastructure, ensuring the reliable and uninterrupted provision of vital services to the community

Last Friday, July 19, we encountered another massive incident – massive failure of Microsoft Windows with CrowdStrike Falcon Agent (EDR) installed. How should we proceed and how should we react to this? Should we reconsider before installing EDR to the computer systems in Critical Infrastructure environment.

Cloud Security Alliance Hong Kong & Macau Chapter considered that it is time that we should gather our brain and mindset together to determine what should we prepare for the CyberSecurity Law? How should we make use of the framework to enhance the security posture of Hong Kong Critical Infrastructure?

CSA HKM arrange an online forum on July 26, 2024 (Friday) during our knowledge sharing session at 12:30 – 13:30. We have invited our council member and some other practitioners to give their comments. We also wish to gather the comments from you as well.

DETAILS:

DATE: July 26, 2024 (Friday)

TIME: 12:30 – 13:30 pm

FORMAT: Online Zoom Session.

TOPIC: How should “WE” make the CyberSecurity Framework to enhance the Critical Infrastructure protection?

LANGUAGE: English
PANELIST:
– Terry Cheung, Kevin Liu, Otto Lee, Ricci Ieong [Board Members of Cloud Security Alliance (HK & Macau)]
– Wilson Tang [Vice Chairman of HKCNSA]
– Billy Fung [Deputy Director of Financial Services Committee, HKCNSA]
– Representatives from some Cloud Service Providers

LISTEN to the FORUM: https://www.youtube.com/watch?v=rrbtnIoSkWg

This discussion forum is organized by Cloud Security Alliance HK & Macau Chapter (CSA HKM) and supported by Hong Kong China Network Security Association (HKCNSA) and Information Security and Forensics Society (ISFS).

CSA HKM Supports Tram Body Design Contest

To prevent the general public from falling into online traps, and strengthen city-wide defence against cyberattacks, the Office of the Government Chief Information Officer (OGCIO), the Hong Kong Police Force (HKPF) and the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) have jointly organised a Tram Body Design Contest “Together, We Create a Safe Cyberworld” to arouse public awareness of cybersecurity. The Contest is now open for application!

Cloud Security Alliance Hong Kong & Macau Chapter is a Supporting Organisation of this contest.

Details of the Contest are shown below:

CATEGORIES: Primary School, Secondary School, Open
CHARGE: Free
DETAILS: https://www.hkcert.org/event/build-a-secure-cyberspace-2024-together-we-create-a-safe-cyberworld-tram-body-design-contest
SUBMISSION: Submission by Post or in Person / Online Submission
DEADLINE: April 15, 2024

Cyber Security Professional Awards (CSPA) 2023


The Cyber Security and Technology Crime Bureau of Hong Kong Police Force, the Government Computer Emergency Response Team Hong Kong and the Hong Kong Computer Emergency Response Team Coordination Centre are going to co-organise the Cyber Security Professional Awards (CSPA) 2023

The CSPA 2023 aims to foster collaboration and exchange of cyber security expertise and best practices among various prominent sectors in Hong Kong.  This unique platform allows cyber security personnel to showcase their achievement, while also recognising their remarkable contributions to the field.

This year, the CSPA 2023 extends its invitation to all personnel working in organisation belonging to the designated sectors listed below in Hong Kong:

1. Internet & Cloud Services
2. Telecommunication Services
3. Government Departments & Public Bodies
4. Transportation & Public Utilities
5. Banking & Finance
6. Cyber Security Audit & Consulting
7. Cyber Security Education & Training
8. Cyber Security Startups & SMEs

The judging panel, hailing from diverse prominent sectors, will evaluate and select the best participants for the gold, silver, bronze and merit awards for each of the eight designated sectors. 

For further details of the CSPA 2023, please visit https://cyberdefender.hk/en-us/cspa2023/.  Should you have any queries, please feel free to contact 3660 4367 or email to cspa@police.gov.hk.

CSA HKM Supports CS Summit 2023

The Cloud Security Alliance Hong Kong & Macau Chapter continues to collaborate with the Hong Kong Productivity Council and other prominent information security organizations in Hong Kong to organize the Cyber Security Summit Hong Kong 2023, which is one of the largest local cybersecurity events in the region. Previously known as the IS Summit, the event has been renamed the CS Summit to reflect a sharper focus on cyber security.

The summit’s main goal remains unchanged: to provide participants with the latest insights into information security trends and developments. Theme of this year is “Securing Enterprises to Prepare for the Pos Quantum & AI World“.

Attendees can expect a more concentrated program that delves deeper into various aspects of cyber security, addressing emerging threats, industry best practices, and innovative solutions especially related to Post Quantum and AI related topics.

Details:

Date:11 – 12 September 2023
Time:09:00 – 18:00
Venue:Room N201-N212, 2/F, New Wing, HKCEC, 1 Expo Drive, Wanchai, Hong Kong
Fee:Free (Registration is required)
Registration: https://www.cssummit.hk/registration/
Details:https://www.cssummit.hk/
Home

CSA HKM Knowledge Sharing Event – June 2023

In the past “Knowledge Sharing Session“, our focus has been on examining cloud computing and cybersecurity in the context of solution providers, cloud service providers, and vendors. However, we have not yet explored the usage of cloud computing by enterprises as cloud users.

Cloud service providers often try to persuade users to transition to a cloud environment, but is it truly convincing to adopt a cloud-first or cloud-native strategy?

In this knowledge sharing session, we are excited to welcome our new council member, Dicky Wong from New World Corporate Services Limited (New World Group Member), to guide us through his company’s cloud journey. He will discuss the nature of cloud environments, use cases for cloud computing, and best practices for security. Additionally, he will highlight the benefits and efficiency gains that can be achieved through the use of cloud technology.

Mr. Wong will also address security concerns when transitioning to a serverless PaaS cloud environment and discuss the appropriate security posture for cloud computing.

Participants will claim 1 CPE

DATE: June 29, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar (in Cantonese)
TOPIC: How can the efficiency of an organization’s operations be optimized while also enhancing cybersecurity through the use of cloud technology?
LANGUAGE: Cantonese
SPEAKER: Dicky WONG, Head of Technology Risk, New World Corporate Services Limited and Director of Cloud Security Alliance (HK & Macau) Chapter

AGENDA:

  • What is the efficiency that will create to a corporate?
  • Nature of cloud environment, use case, security setting?
  • Why we need to concern about security going serverless?
  • What security should you be concern on?
  • How to set up a suitable security posture?

THE SPEAKER:

Mr. Wong is currently the Head of Technology Risk for New World Corporate Services, a New World Group Member. He is responsible for oversight and governance for all technology and cyber related compliance, risk management, and security within the group. One of the major tasks of Mr. Wong is to define, design and implement a comprehensive and robust risk framework & protection for the group that applies to all Business Units.


Prior to that, Mr. Wong was with the Hong Kong Police Force for over 10 years and he has held several cyber crime related management positions including being in charge of the Technology Crime investigation team, took up the role of Head of the Cyber Security Centre and the lead of the Collaboration team of the Cyber Security and Technology Crime Bureau (CSTCB), Mr. WONG has gained tremendous amount of experience in technology crime investigation, setting up cyber security framework and handling cyber attacks including the large scaled cyber attacks occurred in Hong Kong.


Mr. Wong is currently volunteering as the Director of Government Relationship Development for Cloud Security Alliance (CSA HK & Macau Chapter) and also a Member of the HKSTP Data Governance Think Tank Group.


Mr. Wong is an INTERPOL accredited trainer in Computer Forensics, Certified Ethical Hacker, Certified Penetration Tester and obtained a Bachelor’s Degree in Management Economics from University of Essex, United Kingdom

VIEW THE PRESENTATION: https://youtu.be/RBGL5wnXrXo

CSA HKM Knowledge Sharing Event – March 2023

Cybersecurity in Cloud Computing is always changing. In this ever-changing world we have a lot of things happening. Our Council member – Samuel NG is a definitely a pioneer in this industry. He would like to bring in a hot topic in IT world – ChatGPT.

The rise of cyber threats in recent years has made cybersecurity an increasingly critical concern for individuals and organizations alike especially organization utilizing cloud infrastructures.

To combat these threats, there is a growing need for advanced technologies that can help identify and mitigate risks in real-time. One such technology is ChatGPT, a large language model trained by OpenAI, that can be utilized in the field of cybersecurity to provide a range of benefits in both defensive & offensive operations.

ChatGPT has the capability to analyze and understand natural language, enabling it to identify potential threats and vulnerabilities in complex data sets, including network traffic, email communications, and social media posts.

Additionally, ChatGPT can assist in developing more effective security policies and protocols, as well as provide real-time threat intelligence and incident response. As a result, ChatGPT has the potential to greatly enhance the cybersecurity landscape and improve the overall safety and security of individuals and organizations.

Participants will claim 1 CPE.

DATE: March 2, 2023 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: ChatGPT/OpenAI for Cybersecurity and Cloud
LANGUAGE: Cantonese
SPEAKER: Samuel NG, Vice Chairman of Cloud Security Alliance (HK & Macau Chapter)

AGENDA:

  • Explain about the functions of ChatGPT with demonstration
  • Explain about its relationship with Cloud Computing and CyberSecurity area
  • Explore how ChatGPT can help our CyberSecurity industry.

THE SPEAKER:

Passion fuelled cybersecurity professional with leadership trained by armed forces, Capt. (R) Samuel has extensive experience in all cybersecurity domains from both technical and management perspectives balancing “getting-hands dirty” with technological matters & executive presence working with senior management in various corporate industries, government & military sectors.

He brought value to organisations by orientating governance, controls, risks and business strategies ultimately upholding the CIA Triad (Confidentiality, Integrity, Availability) at highest standards to risk appetite accordingly. As a 14-years Malaysian army veteran with master’s degree and multiple infosec-recognised certifications, he progressed his career to Hong Kong, contributing to various sectors including: banking, telecommunication, cloud, IT infrastructures, start-ups, Cybersecurity R&D etc.

Samuel is an active member of Cloud Security Alliance Hong Kong & Macau Chapter as Vice Chairman of Programs & Research, actively participating in various cybersecurity events as speaker, panelist and moderator. Besides, he is also a guest lecturer in Hong Kong University Space, teaching subjects such as network attacks & digital forensics. Currently exercising his expertise in the Hong Kong cybersecurity commercial community, making efforts to create value in every way possible with a never-stop-learning attitude.

VIEW THE PRESENTATION: https://youtu.be/u0hNrMacDno

Post event updates:

OrganizationDescriptionsURL Link
Cloud Security AllianceCybersecurity Implications of ChatGPThttps://bit.ly/3kQtFP8
Cloud Security AllianceChatGPT discussionhttps://circle.cloudsecurityalliance.org/discussion/chatgpt-research
HKCERTAdopt Good Cyber Security Practices to Make AI Your Friends not Foeshttps://www.hkcert.org/blog/adopt-good-cyber-security-practices-to-make-ai-your-friends-not-foes
HKCERTVerify from Various Sources to Ensure Security When Searching for Answers with AIhttps://www.hkcert.org/blog/verify-from-various-sources-to-ensure-security-when-searching-for-answers-with-ai
OGCIO of HKSAR GovernmentEthical Artificial Intelligence Frameworkhttps://www.ogcio.gov.hk/en/our_work/infrastructure/methodology/ethical_ai_framework/
PCPD of HKSARGuidance on Ethical Development and Use of AIhttps://www.pcpd.org.hk/english/news_events/media_statements/press_20210818.html

Followup after January 2023 Knowledge Sharing Event

After our January 2023 Knowledge Sharing Event, we mentioned that we have totally 15 sample questions from CCSK, CCSP and CCAK examinations for participants, members and any interested parties to explore.

As part of the requirement for “Special discount” to participants, you can click to the link and answer the questions here.

You will have to answer the questions with valid email account. After we collect your attempts and email account and preference in which certificate/certification training, we will select lucky winner(s) and contact you directly. You can only perform one attempt the questions.

We will complete the challenge by 15 Feb 2023. Happy attempt.

CSA HKM Knowledge Sharing Event – January 2023

Chinese New Year is coming and it is a good time to plan your learning process and schedule.

In this year the Cloud Security Alliance Hong Kong & Macau Chapter will continue to lead and conduct more cloud security and audit training. In February and March 2023, CSA HKM and Hatter Company Limited jointly organized two RTTP supported Cloud Security Training courses.

How to prepare, understand and get the best training that drives your career plan. In this Knowledge Sharing Event, Ricci Ieong, Vice-Chairman of Cloud Security Alliance (HK & Macau) chapter will share different context and direction of different cloud security trainings (such as CCSK, CCAK, CCSP).

Participants will claim 1 CPE.

DATE: January 31, 2023 (Tuesday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Plan your Cloud Security Training for this year
LANGUAGE: Cantonese
SPEAKER: Ricci IEONG, Vice Chairman of Cloud Security Alliance (HK & Macau Chapter)

AGENDA:

  • Comparison of different cloud security certificate/certification courses
  • Highlights about the different certificate examinations and preparation for examinations
  • Understand other Cloud Computing Training by Cloud Security Alliance
  • Special discount will be given to (selected) participants.

THE SPEAKER:

Dr. Ricci Ieong is one of the course developers and one of the four pioneer trainers of the CCAK course worldwide. Dr. Ieong is a qualified Certificate of Cloud Security Knowledge (CCSK) instructor and grandfathered to teach the Certificate of Cloud Auditing Knowledge (CCAK). He is also an authorized ISC2 Certified Cloud Security Professional (CCSP).

Apart from running his consulting business, Dr. Ieong delivers lectures in local universities. He is both an Adjunct Assistant Professor teaching Cybersecurity courses and an authorized trainer in AWS Academy in Hong Kong University of Science and Technology (HKUST). He teaches Applied Blockchain and Cryptocurrencies course at Chinese University of Hong Kong (CUHK).

Dr. Ieong is the Vice Chairman of professional development of Cloud Security Alliance (HK & Macau Chapter) and has served on CSA Cloud Incident Response Working Group and Certificate of Cloud Auditing Knowledge (CCAK) Working Group. He is an active speaker at numerous security events, including CSA summits, in Hong Kong and throughout APAC. He is one of the recipients of 2021 Ron Knode Service Award awarded by CSA.

REGISTRATION: https://csahkmkse2301.eventbrite.hk

Followup links to 15 sample questions from CCSK, CCSP and CCAK exam.

Christmas Gift for CSA HKM Members

World cup 2022 is completed and Christmas time is coming. Merry Christmas to all of you. We will have our knowledge sharing talk on 22 Dec 2022 (Thursday) as usual in lunch time. Don’t miss the opportunity to learn something from our China based Service Provider.

Other than knowledge sharing session, we would also like to announce some more Christmas gifts for all of you, our members, the CCAK and CCSK class discounts.

We will organize our second round CCAK training. Our CCAK 2 days training class will be conducted before end of this year on 28 – 29 Dec 2022. As a Christmas gift to our members, you can get 40% off Special Christmas discount for non-RTTP applicants.

There will be another CCAK 3 days training to be held on 3 – 5 Jan 2023 for more hands on training for Cloud Audit.

Besides, CSA (HK and Macau Chapter) together with Hatter Company Limited also achieved to get RTTP funding support for CCSK Training (with examination token). If you plan to take CCSK exam in the coming year, the actual amount you need to pay cover the examination token, course material and course lecture that you can learn more together. The CCSK training will be held on 20 – 21 Feb 2023 for CCSK Basic training (2 days) or 20 – 22 Feb 2023 CCSK Plus training (3 days).

You can always register through RTTP web site or contact the training vendor here.

More Trainings about Cloud Security in the Cloud Security Alliance

Last week, when I taught the CCSP class by ISC2 in Hong Kong Productivity Council, I discussed with the participants in our cloud journey about the upcoming trend in Cloud Security which are Cloud Data Security, Zero Trust and Cloud Audit.

Almost at the same time, Cloud Security Alliance published the new document about Cloud Data Security and Zero Trust Training.

Cloud Data Security is one of the most important elements within Cloud Security. So CSA published the Understanding Cloud Data Security and Priorities. This summarises what should be the priorities in defining cloud data security aspects. More details can be found in this link.

Zero Trust Technology is considered as one of the hot topics in this year. Many companies mentioned about their solutions related to Zero Trust. In fact, Zero Trust Technology is not just a specific product but a philosophy and mindset. CSA CTO Daniele Catteddu mentioned about this in both the ISSummit 2022 event and also in CSA HK & Macau Chapter Summit 2022 event that held this month. In the presentation, Daniele also mentioned that CSA is going to develop a micro training series which is open and free for everyone. So it is definitely a good time for us to learn online together.

In the event, Daniele also mentioned about Cloud Audit Training which is CCAK training. After some time, we (CSA and Hatter Company Limited) successfully get the CCAK and hopefully CCSK (another flagship training by Cloud Security Alliance) to be officially endorsed by VTC under the RTTP program. Our first public class will be held on 7 – 9 Nov, 2022 (virtually through zoom). Seats are still available for registration.

Lastly, CSA also prepared some Cloud Security for Financial Services webinar. So anyone can check in and join the webinar.

Happy Learning.