Cloud Security Alliance Announces Industry’s First Credential for Cloud Auditing

The Cloud Security Alliance (CSA) has announced the Certificate of Cloud Auditing Knowledge (CCAK), the only credential for industry professionals that demonstrates expertise in the essential principles of auditing cloud computing systems. Set to be released in the second half of 2020, the CCAK aims to solve the current industry knowledge gap for IT audit and security professionals trained and certified for traditional on-premise IT auditing and assurance.

Designed to provide CISOs, security and compliance managers, internal and external auditors, and practitioners of tomorrow with the proven skillset to address the specific concerns that arise from the use of various forms of cloud services, the CCAK will provide a common baseline of expertise and shared nomenclature to ensure that IT auditors and other related stakeholders are communicating appropriately and accurately regarding the effectiveness of cloud security controls.

With its focus on cloud computing, the CCAK differs from traditional IT audit certification programs, which have many excellent elements, but were not developed with an understanding of cloud computing and its many nuances. An audited organization using cloud computing, for instance, will have a very different approach to satisfying control objectives, and a cloud tenant will certainly not have the same administrative access as in a legacy IT system and will employ a wide range of security controls that will be foreign to an audit and assurance professional grounded in traditional IT audit practices.

“Cloud computing represents a radical departure from legacy IT in virtually every respect. The new technology architecture, the nature of how cloud is provisioned, and the new shared responsibility model means that IT audits must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure,” said Jim Reavis, co-founder and CEO, Cloud Security Alliance. “Because CSA already has developed the most widely adopted cloud security audit criteria and organizational certification, we are uniquely positioned to lead efforts to ensure industry professionals have the requisite skill set for auditing cloud environments.”

The CCAK’s holistic body of knowledge will be composed of the CSA’s Cloud Controls Matrix (CCM), the fundamental framework of cloud control objectives; its companion Consensus Assessments Initiative Questionnaire (CAIQ), the primary means for assessing a cloud provider’s adherence to CCM; and the Security, Trust, Assurance & Risk (STAR) program, the global leader in cloud security audits and self-assessments, in addition to new material.

For more than 10 years, CSA has led the development of the trusted cloud ecosystem, which notably includes the STAR program and the Certificate of Cloud Security Knowledge (CCSK), the gold standard for measuring professional competency in cloud security. The CCAK and the CCSK will complement one another in that the CCSK provides the knowledge that enables an expert to secure cloud systems that will, in turn, be successfully scrutinized by an expert holding the CCAK. In many cases, an industry professional will be well served by obtaining both certificates.

Because the CCAK is intended to create a common cloud audit understanding, it’s expected to become a mandatory requirement for IT auditors and highly recommended for IT managers and professionals, especially governance, risk management, compliance, and vendor/supply chain management.

Several opportunities exist for those looking to participate in the CCAK’s development. Individuals can volunteer to provide subject matter expertise or peer review, while organizations with a vested interest in cloud security can become a founding sponsor. Learn more about the Certificate for Cloud Auditing Knowledge and how to get involved.

CSA HKM Education Director Talks at Cloud Asia Expo 2018

Cloud Expo Asia is an unrivalled, multi-awarding winning event platform. For technology professionals it is a place to learn from world leading experts and source best-of-breed cloud technology and services. For technology vendors it offers 2 unmissable days of networking, lead and business generation. It is held in 16 – 17 May 2018 in HKCEC, Hong Kong.

Cloud Security Alliance is a supporting organisation of this event.

This year, our newly elected Education Director – Kelvin Wong will be giving a speech during the expo.

Please feel free to come and discuss about the “hot” Cloud Security certificate.

CSA HKM supports PISA Security Jam 2018

PISA JAM 2018 is a full day information security conference to provide a platform to InfoSec practitioners and students to chat and exchanges their ideas.

CSA (HK & Macau Chapter) jointly organise and support the PISA JAM 2018. CSA Professional Development team worked with PISA JAM 2018 OC to organise and align a Cloud Application Security Broker (CASB) – Symantec and a Docker Security company – Aqua to send their representatives to conduct half day demo workshop on 26 May 2018 (Sat) afternoon.

During the workshop, audience and participants will be able to participate in the lab and demo exercise in the afternoon for 3 hours. Please feel free to join. CSA (HK & Macau Chapter) members can join as supporting organization member without charge.

Please feel free to go to this link to get more details and register.

Date:  26 May 2018 (Sat)
Target Audience:  PISA members, members of supporting organizations, full-time students in InfoSec relevant course
Venue:  HK PolyU, Hung Hom
Language:  Cantonese, with English terminology
Admission Fee:  FREE

CSA HKM Announces 2018/2019 Management Team

Cloud Security Alliance Hong Kong & Macau Chapter announced a new management team for 2018/2019 after their elections on March 22, 2018.

Position Name
Chairman Claudius Lam
Deputy Chairman (Hong Kong) Fred Sheu
Deputy Chairman (Macau) Terry Cheung
Vice Chairman – Secretarial & Treasurer Otto Lee
Vice Chairman – Membership & External Affairs SC Leung
–      Government Relationship Development Director Vince Wan
–      Membership (Events & Activities) Director Henry Ng
Vice Chairman – Programs & Research Joe Chan
–      Research Director Frank Chow
Vice Chairman – Professional Development Ricci Ieong
–      Education Director (Hong Kong) Kelvin Wong
–      Education Director (Macau) Victor Cheong
–      Certification Coordination Director Vincent Ip

The team will work together to further the development of CSA HKM in the years to come.

CSA HKM Councilors 2018

Hong Kong ICT Awards 2018

The Hong Kong ICT Awards aims at recognising and promoting outstanding information and communications technology (ICT) inventions and applications, thereby encouraging innovation and excellence among Hong Kong’s ICT talents and enterprises in their constant pursuit of creative and better solutions to meet business and social needs.

As a supporting organization of the Hong Kong ICT Awards 2018, Cloud Security Alliance Hong Kong & Macau Chapter encourages the active participation of our members and the general public to the eight categories under the Award.

Details of the Awards can be found at

ICT Awards 2018

Cloud Security Alliance Announces Launch of CCSK v4

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the general availability of its latest industry leading Certificate of Cloud Security Knowledge exam, version 4 (CCSK v4). The new exam has been significantly updated to reflect changes in the cloud and security landscape and features new content that aligns with this year’s earlier release of Guidance for Critical Areas of Focus in Cloud Computing 4.0.

“Since its launch, the CCSK has been recognized and widely accepted as the gold standard by a broad coalition of experts and organizations for demonstrating cloud security competency,” said Jim Reavis, CEO, CSA. “With this update, the CCSK is again proving to be the definitive resource for anyone in IT and information security who is looking to declare their understanding of key cloud security issues.”

Version four content represents more clarity, accuracy and better alignment with the recently published Guidance for Critical Areas of Focus in Cloud Computing 4.0 document, to better reflect current operational realities in cloud. Some key updates to note in the new version are reflected in the rebuilding of the introductory, infrastructure, and governance/legal/risk sections. Additionally, the materials covering data security includes an expanded coverage of Cloud Access Security Broker (CASB) technologies and business continuity/disaster recovery. Also, the Related Technologies sections now covers how IoT, mobile, serverless computing, and Big Data technologies are connected to cloud computing. A detailed list of changes between the CCSK v3 and v4 can be found at

Launched in 2010, the CCSK emerged as the industry’s first benchmark for measuring cloud security skillsets. The body of knowledge is constituted by Guidance for Critical Areas of Focus in Cloud Computing 4.0, the CSA Cloud Control Matrix (CCM) and the European Cyber Security Agency (ENISA) Cloud Computing Risk Assessment report. Information technology and security professionals interested in studying for the CCSK v4 exam can prepare through CSA’s self-study preparation kitor through their network of training partners offering instructor-led and online classes.

Approximately 86 percent of the exam questions will be related to the content of the Guidance for Critical Areas of Focus in Cloud Computing 4.0.  The CCSK v4 exam is now available for $395.  For more information or to take the exam visit

中國雲安全聯盟正式成立 (C-CSA formed in China)

(2017年11月1日 = China) 在廣東惠州舉行的中國物聯網雲計算應用技術博覽會上,中國雲安全與新興技術安全創新聯盟(以下簡稱「中國雲安全聯盟」或 「 C-CSA」)聯合中國雲體系產業創新戰略聯盟(以下簡稱「中國雲體系聯盟」)共同主辦2017中國雲安全與新興技術安全創新論壇,並為中國雲安全與新興技術安全創新聯盟舉行成立揭牌儀式,參加論壇的領導有中國科協原黨組副書記、副主席張勤院士,中國產學研合作促進會執行副會長、秘書長王建華,惠州市副市長劉小軍,中國雲安全聯盟常務副理事長李雨航,以及 雲安全的政產學研各界代表。 中國雲體系聯盟和中國雲安全聯盟秘書長沈寓實主持了論壇,專家們圍繞網路空間、雲計算、物聯網等領域分享了雲計算2.0時代的新興技術安全創新。

中國產學研合作促進會執行副會長、秘書長王建華宣讀中國雲安全與新興技術安全創新聯盟成立批復函拉開論壇序幕。 王建華強調中國雲安全聯盟的成立旨在加強產學研用深度融合,整合行業內各方資源優勢,搭建創新平臺並引進國際雲安全聯盟CSA等國際最佳實踐,突破雲計算和新興技術領域瓶頸,並引導建立安全共性標準, 培養更多的具有核心競爭力的產業集群和優秀人才,為建設網路強國提供有力支撐。

惠州市副市長劉小軍表示,惠州一直以來致力於打造世界手機之都,橫向融合縱向升級,推動智慧終端機產業發展。 資訊安全網路安全雲安全必不可缺,近些年來惠州重點支援物聯網、雲計算等資訊產業,惠州市對中國雲安全聯盟的專業性和權威性高度認可。

中國科協原黨組副書記、副主席張勤院士指出,去年 11月國家出臺了《網路安全法》,確立了國家網路空間安全發展戰略等重要內容,明確了網路空間治理的規則以及國際參與,將網路安全上升為國家安全的高度。 科技部等國家部委也出臺相應政策,大力推動雲安全與新興技術安全領域發展,科技部連續兩年組織實施國家重點研發計畫「網路空間安全」重點專項。 習近平同志在十九大報告中指出,創新是引領發展的第一動力。 此次舉辦中國雲安全與新興技術安全創新論壇,圍繞著物聯網、雲計算、大資料等新興技術及其優秀應用實踐進行分享,就雲計算和新興技術領域新的安全解決方案共同探討交流,對於加快科技成果轉化為生產力,實施創新驅動發展戰略, 建設技術創新體系,推動社會經濟發展具有重大的現實意義。 會上特別會上特別祝賀中國雲安全聯盟正式成立和大會取得成功。

李雨航常務副理事長受在京參加院士大會的方濱興理事長委託做了題為「 CSA2.0」的揭幕主題演講,強調安全已成為網路強國的命脈,新興技術如大資料、物聯網、人工智慧等的安全,是雲安全的延伸,中國雲安全聯盟將在中國政府認可下規範運作,貫徹國家網路主權自主可控的方針政策, 充分發揮聯盟各成員的主人翁精神,與國際雲安全聯盟CSA等國際組織緊密對接,把先進安全實踐經驗帶到中國並完成當地語系化改進。 早在2010年,CSA就在中國開展起志願工作。 2014年在政產學研7家中國戰略合作夥伴的支援下,CSA大中華區落地中國並實現半職業化,此次中國雲安全聯盟的成立,是CSA2.0 時代的起航,標誌著CSA在中國職業化,邁向在華新階段。

論壇由沈寓實秘書長主持,國家資訊中心安全管理處處長邵國安、武漢大學教授陳晶、普華永道風險及控制服務部合夥人李睿、安恒資訊副總裁劉志樂、中科院雲計算中心電子政務事業部主任孫傲冰、平安科技技網路安全研究所所長王曉箴 、創元網路技術股份有限公司總經理張少華、安信科技總經理陳林、北京益安線上科技股份有限公司總監李岩共9位行業實戰專家就各自所擅長的領域進行了分享。

中國產學研促進會已經支援成立了包括中國雲體系聯盟、中國雲安全聯盟在內的上百個各領域的聯盟,並獲得党和國家領導人習近平、李克強、栗戰書、汪洋、王滬甯、趙樂際、韓正、劉延東、路甬祥等極大的關懷和支援。 新成立的中國雲安全聯盟,將在促進會的指導下,力爭成為國際雲安全聯盟和其它國際安全性群組織在華的管理和運營機構。

C-CSA formed in China

圖片說明:(左起)C-CSA秘書長沈寓實,惠州市政府副秘書長鄒平生,C-CSA常務副理事長李雨航,促進會執行秘書長王建華,中國科協原副主席張勤,惠州市副市長劉小軍,工信部信通院雲安全主任栗蔚, C-CSA分會會長劉志樂