CSA HKM Supports “Be Smart Online, Stay Away from Pitfalls” GIF Graphic Design Contest

Cloud Security Alliance Hong Kong & Macau Chapter is proud to support the Build a Secure Cyberspace 2021 – “Be Smart Online, Stay Away from Pitfalls” GIF Graphic Design Contest.

Organised by the GovCert.hk, the Hong Kong Computer Emergency Response Team Co-ordination Center and the Hong Kong Police Force, the Contest aims to arouse the awareness of public on Internet safety and etiquette.

A webinar cum GIF Graphic Design Contest Award Ceremony will be held on September 24 to conclude the contest.  In this webinar, cyber security experts will introduce cyber security best practices and share their insights on defending against cyber attacks and the enhancement of cyber security postures of enterprises.  The expert speakers will also share their experiences in staying away from cyber pitfalls and offer advice for being an ethical Internet user.  

DATE: September 24, 2021, Friday
TIME: AM Session – 9:30am – 12:15pm / PM Session 2:30pm – 5:00pm
DETAILS and REGISTRATION: https://www.cybersecurity.hk/en/event20210924.php

CSA HKM Announces 2021/2022 Management Team

Cloud Security Alliance Hong Kong & Macau Chapter announced a new management team for 2021/2022 after their AGM on July 13, 2021.

PositionName
ChairmanClaudius Lam
Deputy Chairman (Hong Kong)Harry Pun
Deputy Chairman (Macau)Terry Cheung
Vice Chairman – Secretarial & TreasurerOtto Lee
Vice Chairman – Membership & External AffairsVince Wan
–      Government Relationship Development DirectorSC Leung
–      Membership (Events & Activities) DirectorHenry Ng
Vice Chairman – Programs & ResearchSamuel Ng
–      Research DirectorFrank Chow
Vice Chairman – Professional DevelopmentRicci Ieong
–      Education Director (Hong Kong)Kevin Liu
–      Education Director (Macau)Kevin Lam
–      Certification Coordination DirectorTBD

The team will work together to further the development of CSA HKM in the year to come.

New updates about AWS Security events this week

This week is definitely an AWS Security Knowledge Sharing week. Just notice that there are actually 3 instead of just 2 knowledge sharing events as I mentioned in an earlier post.

There is another Cloud Security Series talk with AWS on 25 Mar 2021 at 5 – 6:30pm. The topic is Well-Architected for Security. You can register in this link.

Don’t miss that.

Two AWS Security Knowledge Sharing in a week

As updated in our previous post, CSA HKM chapter is going to organize our March Knowledge Sharing with AWS team on AWS Cloud Security Tips. If you have not register yet, remember to go to register that.

Besides, just knowing that CSA APAC is also going to organize a Cloud Security Series talk with AWS on 22 Mar 2021 at 5 – 7pm. The topic is Continuous Auditing and Compliance with AWS. You can register in this link.

Really fruitful AWS security week.

March Event Updates

Knowledge Sharing Event for Mar 2021 is on its way. AWS team will talk about tips in AWS security. It should be interesting. If you wish to listen to the AWS speakers’ previous talk, you can go to the TechConnect Series – Cloud Security. More cloud security talk can be found in the link. So don’t miss our technical in-depth talk by AWS.

Another important updates are the recent documents available for Peer-Review. CCM v4.0 has been published. That is just the first updates from CCM working group. In fact, some more useful and down to earth guidelines are on their way – Such as the CCM v4.0 Implementation Guidelines, CAIQ v4.0. These Guidelines are all available for Peer Review. Peer review will be opened until 14 Apr 2021. If you are interested, remember to start your review.

Other than that, there are more open peer reviews articles available from the link, your participations would definitely help.

Certificate of Cloud Auditing Knowledge (CCAK) Updates

Many of you may have heard that CCAK – a certificate on Cloud Auditing that jointly developed by Cloud Security Alliance (CSA) and ISACA are readily available now and the examination will be available on 22 March 2021.

Study guide are already available in ISACA bookstore.

Live events about CCAK were conducted in LinkedIn Live by Daniele Catteddu, CTO at Cloud Security Alliance and Paul Philips, Technical Research Manager, ISACA.

For more details about CCAK, please check here in the link. You can also get more information from CSA’s Circle, in the CCAK community after you register to the CSA’s Circle.

Later CCAK Training will be conducted in Hong Kong and Macau Chapter too. Stay Tune.

Upcoming Events in February and March 2021

After Chinese New Year, many exciting activities and events are coming.

Firstly, on this coming Thursday (25 Feb 2021), we will have our knowledge sharing session by Zscaler on SASE and Zero Trust Model. Remember to register and join. More details can be found here.

Secondly, Information Security Summit – one of the most attractive, non-vendor driven, local Cybersecurity event will be held on March 9 – 10, 2021. This year, the Conference will be organised quite different from previous years due to the New Norm after Covid-19 virus. All the events will be organised online. Events and talks will be more interesting. Speakers from other countries will be conducting from other time zone to support us this year. For interactive panel discussion, some of the panelist will be discussing through the webinar from their home town on the topic – Challenge of Securing the New Norm – the Remote, Mobile, Decentralised and Virtual Business. Do register the conference and workshops. Do visit the link about the IS Summit 2021.

Periodically, CSA will have new publications. Recently CSA published the new report on Blockchains – Blockchains in the Quantum Era and report on IoT – CSA IoT Security Controls Framework v2. Stay tune with research from CSA.

Finally, Certificate of Cloud Auditing Knowledge (CCAK) is coming. More information about the joint certification program with ISACA will be clarified soon. At this stage, 400+ pages study guide are available in ISACA store. Stay tune with CCAK site from CSA.

Cloud Controls Matrix v4 part 1 published in Q1 2021

Cloud Control Matrix is the core component used in providing the cloud security compliance check.

CCM v3.0.1 was initially released 6 years ago. CSA determined that it is time to revise and provide the community with vendor-neutral security and privacy control framework.

More controls are added and more guidelines will be extended from the CCM v4.

CCM v4 can be downloaded from https://cloudsecurityalliance.org/research/cloud-controls-matrix/

CCM Implementation Guidelines will be published Q2, 2021

CCM Auditing Guidelines will be published Q3, 2021

Refer to the blog in CSA, https://cloudsecurityalliance.org/blog/2021/01/21/the-csa-cloud-controls-matrix-ccm-v4-raising-the-cloud-security-bar-to-the-next-level/

CSA大中華區發佈《軟體定義邊界(SDP)和零信任》白皮書

CSA大中華區已發佈《軟體定義邊界(SDP)和零信任》白皮書,對如何使用SDP來實現零信任網絡(ZTN),為什麼將SDP應用於網絡連接,以及甚麼是最先進的ZTN實現等問題進行了分析解答。

軟體定義邊界(Software Defined Perimeter, SDP)是一個能夠為OSI七層協定棧提供安全防護的網絡安全架構,實現資產隱藏,並在允許連接到隱藏資產之前使用單個數據包通過單獨的控制和數據平面建立信任連接。 使用SDP實現的零信任網絡使組織能夠更好防禦新變種攻擊方法,以及改善企業所面臨攻擊面日益複雜和擴大的安全困境。

從本質上講,零信任是一種網絡安全概念,其核心思想是組織不應自動信任傳統邊界內外的任何事物,並旨在捍衛企業資產。 實施零信任需要在授予訪問許可權之前驗證所有嘗試連接到資產的事物,並在整個連接期間對會話進行持續評估。

軟體定義邊界(SDP)是零信任策略的最高級實現方案。 CSA已採用並宣導將以下結構應用於網絡連接:

  • 將建立信任的控制平面與傳輸實際數據的數據平面分開。
  • 使用動態全部拒絕(deny-all)防火牆(不是完全deny-all,而是允許例外)來隱藏基礎架構(例如,使伺服器變”黑”,不可見)
  • 丟棄所有未經授權的數據包並將它們用於記錄和分析流量。
  • 訪問受保護的服務之前,通過單包授權(SPA)協定來認證和授權使用者以及驗證設備。
  • 最小授權在此協定中是自帶的。

在該白皮書中,CSA全球SDP工作組和CSA大中華區SDP工作組的多位專家們對SDP如何實現零信任的戰略、價值、實施等內容做了原創和翻譯,相信對廣大的安全專家、CIO、CISO和公司業務高管在考慮企業的零信任落地時會有啟示和説明。

下載《軟體定義邊界(SDP)和零信任》白皮書

CSA HKM Knowledge Sharing Event – October 2020

Container environment is a hot topic in cloud environment especially cloud security area. So after previous two rounds of cloud usage and SaaS cloud security talk, we now start another interesting series of cloud security talk – Cloud Container security talk. We will start our talk from OpenShift and DevSecOps. That are two hot topics in Cloud Computing and Cloud Security Area.

This month we invited William Lok, CTO and Co-founder of TechNet HK to lead us through “Transforming DevOps to DevSecOps with Redhat OpenShift“.

Today, DevOps is an inevitable way to transform the enterprise into digital era and innovate into software company. William will prepare a demo on how a container application governed by series of tool chains and deploy on RedHat OpenShift.

On top of tool chains, William will share how the security perspectives can be fulfilled by transforming DevOps to DevSecOps Journey.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants can claim 1 CPE.

DATE: October 08, 2020 (Thursday)

TIME: 12:30 – 01:30 pm

VENUE: Webinar

SPEAKER: William Lok, CTO and Co-founder of TechNet HK

TOPIC: Transforming DevOps to DevSecOps with Redhat OpenShift

THE SPEAKER:

William Lok, CTO and co-founder of TechNet HK (http://www.technet-asia.com). He leads the company technology visions and directions. He is a frequent speaker on DevOps seminars. He plays an active role in evangelizing opensource, multi-cloud and DevSecOps adoption for Hong Kong, Macau and Taiwan enterprises.

WATCH NOW: https://vimeo.com/466411506