After announcing our first local class on Certificate of Cloud Auditing Knowledge (CCAK) class in Hong Kong, we received more official supports from VTC that more of our CCAK class are now officially accepted RTTP approved training programs (That is, 66% off from the listed price of the course).
In the coming 2 months, we will have 4 available CCAK classes that available for interested parties at different pace. 2 days, 3 days and weekly evening classes are available for different participants to take the class online.
In order to catch this training opportunity for yourself or your company offered by Cloud Security Alliance (HK & Macau) chapter and Hatter Company Limited, you can check the list of courses within the schedule CCAK class schedule.
The purpose of the consultation paper is to make preliminary proposals for law reform on addressing the issues of the protection of individuals’ rights as well as the criminal activities carried out by the rapid developments of information technology, the computer and the internet.
This consultation is affecting our future view in CyberSecurity area. The proposed five cyber-dependent crimes mentioned in the paper will definitely impacts all of us including CyberSecurity practitioners and even IT practitioners.
Thus, Cloud Security Alliance Hong Kong & Macau Chapter is working with HKU Computer Science Department, as well as Information Security and Forensics Society (https://www.isfs.org.hk), Hong Kong Computer Society (https://www.hkcs.org.hk) and other IT organisations to jointly organise a Tech Forum to discuss on the topic.
Online Discussion will be held on September 14, 2022:
DATE: September 14, 2022 (Wednesday) TIME: 18:30 – 20:30 (HK Time) FORMAT: Online Zoom TOPIC: HKU-CS Online Tech Forum and Discussion: the Consultation Paper on Cyber-Dependent Crimes and Jurisdictional Issues
In this month, after we got the confirmation from VTC for the RTTP approval, we can start to offer our first CCAK class in Hong Kong locally. In order to catch this training for yourself or your company, Cloud Security Alliance (HK & Macau) chapter and Hatter Company Limited offer this CCAK evening (Hybrid Class) from 23 August 2022 to 20 Sep 2022 on every Tuesday from 19:00 – 22:00.
If you are interested in registering the first ever CCAK class, you can register and check the link in RTTP web site and apply directly.
CSA (HK and Macau) Chapter members will be entitled to membership discount. For non-CSA (HK&M) Chapter member, you will also be granted with the CSA (HK and Macau) Chapter membership, after taking the class.
Cloud Security Alliance’s Top Threats reports have traditionally aimed to raise awareness of threats, risks, and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing.
In this sixth installment, CSA surveyed 703 industry experts on security issues in the cloud industry. This year the respondents identified eleven salient threats, risks, and vulnerabilities in their cloud environments. The Top Threats Working Group used the survey results and its expertise to create the 2022 Top Cloud Threats report – the ‘Pandemic Eleven’.
Log4j exploit is definitely the hottest topic over this week. Many of the IT company or IT support person said it is the Log4j week. We definitely do not want to be inert or reactive about this hot topic, but we should also not be over reactive by the incident.
So on top of our scheduled regular monthly knowledge sharing session event on this week 17 Dec 2021, CSA (HK & Macau Chapter) consider that it would be a good time that we squeeze 20 minutes from our sharing session and seize this time to pull in a panel to talk about this Log4j exploit attack method, defense mechanism, solutions by cloud service provider for cloud users and current trend detected about the attack in the wild and next step that we could do.
So we will have the following speakers in the panel this friday 17 Dec 2021. You just need join in the event by registering at the same knowledge sharing session link, https://csahkmkse2112.eventbrite.hk
Samuel NG (ASTRI and CSA HKM Vice Chairman of Programs & Research) will cover the attack method of Log4j exploits.
Otto LEE (HKCERT and CSA HKM Vice Chairman – Secretarial & Treasurer) will highlight the alerts and updates about the Log4j vulnerability.
Pike WONG (Data Voyager) will cover the observed current and changes of attack pattern of Log4j related attack in this week.
Vincent IP (PISA, Hon. Secretary & Treasurer) will share the mitigation solutions that corporate and SME can use to reduce the attack currently.
Harry PUN (Microsoft and Deputy Chairman) will give us some input and advises how cloud service provider did to manage the incident and what solutions they provide to cloud user.
Also join our organisation CSA HKM for more benefits and more event in the coming year. You can have discount in our CCSK, CCAK and CCSP training.
Cloud Security Alliance Hong Kong & Macau Chapter is proud to support the Build a Secure Cyberspace 2021 – “Be Smart Online, Stay Away from Pitfalls” GIF Graphic Design Contest.
Organised by the GovCert.hk, the Hong Kong Computer Emergency Response Team Co-ordination Center and the Hong Kong Police Force, the Contest aims to arouse the awareness of public on Internet safety and etiquette.
A webinar cum GIF Graphic Design Contest Award Ceremony will be held on September 24 to conclude the contest. In this webinar, cyber security experts will introduce cyber security best practices and share their insights on defending against cyber attacks and the enhancement of cyber security postures of enterprises. The expert speakers will also share their experiences in staying away from cyber pitfalls and offer advice for being an ethical Internet user.
As updated in our previous post, CSA HKM chapter is going to organize our March Knowledge Sharing with AWS team on AWS Cloud Security Tips. If you have not register yet, remember to go to register that.
Besides, just knowing that CSA APAC is also going to organize a Cloud Security Series talk with AWS on 22 Mar 2021 at 5 – 7pm. The topic is Continuous Auditing and Compliance with AWS. You can register in this link.
Another important updates are the recent documents available for Peer-Review. CCM v4.0 has been published. That is just the first updates from CCM working group. In fact, some more useful and down to earth guidelines are on their way – Such as the CCM v4.0 Implementation Guidelines, CAIQ v4.0. These Guidelines are all available for Peer Review. Peer review will be opened until 14 Apr 2021. If you are interested, remember to start your review.
Other than that, there are more open peer reviews articles available from the link, your participations would definitely help.