Certificate of Cloud Auditing Knowledge (CCAK) – More classes in Hong Kong and Macau

After announcing our first local class on Certificate of Cloud Auditing Knowledge (CCAK) class in Hong Kong, we received more official supports from VTC that more of our CCAK class are now officially accepted RTTP approved training programs (That is, 66% off from the listed price of the course).

In the coming 2 months, we will have 4 available CCAK classes that available for interested parties at different pace. 2 days, 3 days and weekly evening classes are available for different participants to take the class online.

In order to catch this training opportunity for yourself or your company offered by Cloud Security Alliance (HK & Macau) chapter and Hatter Company Limited, you can check the list of courses within the schedule CCAK class schedule.

If you are interested in registering the class, you can register in the RTTP web site or in Hatter Company CCAK class site.

More cloud security and audit class will be available soon.

Happy Learning.

Cyber-Dependent Crimes and Jurisdictional Issues (HKLRC Consultation Paper) Discussion Forum

The consultation paper on Cyber-Dependent Crimes and Jurisdictional Issues was published by the Cybercrime Sub-committee of the Law Reform Commission on July 20, 2022.  

https://www.hkreform.gov.hk/en/publications/cybercrime.htm

The purpose of the consultation paper is to make preliminary proposals for law reform on addressing the issues of the protection of individuals’ rights as well as the criminal activities carried out by the rapid developments of information technology, the computer and the internet.

This consultation is affecting our future view in CyberSecurity area. The proposed five cyber-dependent crimes mentioned in the paper will definitely impacts all of us including CyberSecurity practitioners and even IT practitioners.

Thus, Cloud Security Alliance Hong Kong & Macau Chapter is working with HKU Computer Science Department, as well as Information Security and Forensics Society (https://www.isfs.org.hk), Hong Kong Computer Society (https://www.hkcs.org.hk) and other IT organisations to jointly organise a Tech Forum to discuss on the topic.

Online Discussion will be held on September 14, 2022:

DATE: September 14, 2022 (Wednesday)
TIME: 18:30 – 20:30 (HK Time)
FORMAT: Online Zoom
TOPIC: HKU-CS Online Tech Forum and Discussion:  the Consultation Paper on Cyber-Dependent Crimes and Jurisdictional Issues

Agenda

  • Opening Remarks
  • Brief Introduction – The Purpose Of This Forum
  • Brief Introduction – The Consultation Paper
  • Q&A Session
  • Closing Remarks

Free registration at https://forms.gle/eJtEsxGZkrMPFQ5HA

Certificate of Cloud Auditing Knowledge (CCAK) – First local class in Hong Kong and Macau

Auditing of Cloud Computing Environment is getting more important than ever. More application and infrastructure already implemented in the Cloud Environment.

In last month, Cloud Security Alliance and ISACA jointly promoted the Certificate of Cloud Auditing Knowledge (CCAK) virtual class with discount.

In this month, after we got the confirmation from VTC for the RTTP approval, we can start to offer our first CCAK class in Hong Kong locally. In order to catch this training for yourself or your company, Cloud Security Alliance (HK & Macau) chapter and Hatter Company Limited offer this CCAK evening (Hybrid Class) from 23 August 2022 to 20 Sep 2022 on every Tuesday from 19:00 – 22:00.

If you are interested in registering the first ever CCAK class, you can register and check the link in RTTP web site and apply directly.

CSA (HK and Macau) Chapter members will be entitled to membership discount. For non-CSA (HK&M) Chapter member, you will also be granted with the CSA (HK and Macau) Chapter membership, after taking the class.

[CSA Research] – Top Threats to Cloud Computing Pandemic Eleven

Cloud Security Alliance’s Top Threats reports have traditionally aimed to raise awareness of threats, risks, and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing.

In this sixth installment, CSA surveyed 703 industry experts on security issues in the cloud industry. This year the respondents identified eleven salient threats, risks, and vulnerabilities in their cloud environments. The Top Threats Working Group used the survey results and its expertise to create the 2022 Top Cloud Threats report – the ‘Pandemic Eleven’.

Download it here: https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-pandemic-eleven/

CSAHKM Additional Sharing on Log4j on 17 December 2021

Log4j exploit is definitely the hottest topic over this week. Many of the IT company or IT support person said it is the Log4j week. We definitely do not want to be inert or reactive about this hot topic, but we should also not be over reactive by the incident.

So on top of our scheduled regular monthly knowledge sharing session event on this week 17 Dec 2021, CSA (HK & Macau Chapter) consider that it would be a good time that we squeeze 20 minutes from our sharing session and seize this time to pull in a panel to talk about this Log4j exploit attack method, defense mechanism, solutions by cloud service provider for cloud users and current trend detected about the attack in the wild and next step that we could do.

So we will have the following speakers in the panel this friday 17 Dec 2021. You just need join in the event by registering at the same knowledge sharing session link, https://csahkmkse2112.eventbrite.hk

Samuel NG (ASTRI and CSA HKM Vice Chairman of Programs & Research) will cover the attack method of Log4j exploits.

Otto LEE (HKCERT and CSA HKM Vice Chairman – Secretarial & Treasurer) will highlight the alerts and updates about the Log4j vulnerability.

Pike WONG (Data Voyager) will cover the observed current and changes of attack pattern of Log4j related attack in this week.

Vincent IP (PISA, Hon. Secretary & Treasurer) will share the mitigation solutions that corporate and SME can use to reduce the attack currently.

Harry PUN (Microsoft and Deputy Chairman) will give us some input and advises how cloud service provider did to manage the incident and what solutions they provide to cloud user.

Also join our organisation CSA HKM for more benefits and more event in the coming year. You can have discount in our CCSK, CCAK and CCSP training.

DATE: December 17, 2021 (Friday)

TIME: (New time) 13:15 – 13:45 pm

VENUE: Webinar

View the presentation: https://youtu.be/FuFB13MgXX4

(start from 00:47:46)

CSA HKM Supports “Be Smart Online, Stay Away from Pitfalls” GIF Graphic Design Contest

Cloud Security Alliance Hong Kong & Macau Chapter is proud to support the Build a Secure Cyberspace 2021 – “Be Smart Online, Stay Away from Pitfalls” GIF Graphic Design Contest.

Organised by the GovCert.hk, the Hong Kong Computer Emergency Response Team Co-ordination Center and the Hong Kong Police Force, the Contest aims to arouse the awareness of public on Internet safety and etiquette.

A webinar cum GIF Graphic Design Contest Award Ceremony will be held on September 24 to conclude the contest.  In this webinar, cyber security experts will introduce cyber security best practices and share their insights on defending against cyber attacks and the enhancement of cyber security postures of enterprises.  The expert speakers will also share their experiences in staying away from cyber pitfalls and offer advice for being an ethical Internet user.  

DATE: September 24, 2021, Friday
TIME: AM Session – 9:30am – 12:15pm / PM Session 2:30pm – 5:00pm
DETAILS and REGISTRATION: https://www.cybersecurity.hk/en/event20210924.php

CSA HKM Announces 2021/2022 Management Team

Cloud Security Alliance Hong Kong & Macau Chapter announced a new management team for 2021/2022 after their AGM on July 13, 2021.

PositionName
ChairmanClaudius Lam
Deputy Chairman (Hong Kong)Harry Pun
Deputy Chairman (Macau)Terry Cheung
Vice Chairman – Secretarial & TreasurerOtto Lee
Vice Chairman – Membership & External AffairsVince Wan
–      Government Relationship Development DirectorSC Leung
–      Membership (Events & Activities) DirectorHenry Ng
Vice Chairman – Programs & ResearchSamuel Ng
–      Research DirectorFrank Chow
Vice Chairman – Professional DevelopmentRicci Ieong
–      Education Director (Hong Kong)Kevin Liu
–      Education Director (Macau)Kevin Lam
–      Certification Coordination DirectorTBD

The team will work together to further the development of CSA HKM in the year to come.

New updates about AWS Security events this week

This week is definitely an AWS Security Knowledge Sharing week. Just notice that there are actually 3 instead of just 2 knowledge sharing events as I mentioned in an earlier post.

There is another Cloud Security Series talk with AWS on 25 Mar 2021 at 5 – 6:30pm. The topic is Well-Architected for Security. You can register in this link.

Don’t miss that.

Two AWS Security Knowledge Sharing in a week

As updated in our previous post, CSA HKM chapter is going to organize our March Knowledge Sharing with AWS team on AWS Cloud Security Tips. If you have not register yet, remember to go to register that.

Besides, just knowing that CSA APAC is also going to organize a Cloud Security Series talk with AWS on 22 Mar 2021 at 5 – 7pm. The topic is Continuous Auditing and Compliance with AWS. You can register in this link.

Really fruitful AWS security week.

March Event Updates

Knowledge Sharing Event for Mar 2021 is on its way. AWS team will talk about tips in AWS security. It should be interesting. If you wish to listen to the AWS speakers’ previous talk, you can go to the TechConnect Series – Cloud Security. More cloud security talk can be found in the link. So don’t miss our technical in-depth talk by AWS.

Another important updates are the recent documents available for Peer-Review. CCM v4.0 has been published. That is just the first updates from CCM working group. In fact, some more useful and down to earth guidelines are on their way – Such as the CCM v4.0 Implementation Guidelines, CAIQ v4.0. These Guidelines are all available for Peer Review. Peer review will be opened until 14 Apr 2021. If you are interested, remember to start your review.

Other than that, there are more open peer reviews articles available from the link, your participations would definitely help.