雲安全聯盟大中華區發佈 《雲計算的 11 類頂級威脅》

越來越多的企業正在將數據和應用程式遷移到雲中,這帶來了獨特的資訊安全挑戰。 保護企業在雲中數據的主要責任並不完全在於服務提供者,而主要在於客戶本身。 為了使組織對雲安全問題有新的瞭解,以便他們可以就雲採用策略做出有根據的決策,CSA 大中華區發佈了新版本的《雲計算的11類頂級威脅》(中文版),本報告主要關注11個與雲計算的共用、按需特性相關的問題。 以下是本報告關注的11個主要威脅:

1.資料洩漏。
2.配置錯誤與變更控制不足。
3.缺乏雲端安全架構與策略。
4.身份,憑證,存取和金鑰管理不足。
5.帳戶劫持。
6.內部威脅。
7.不安全的介面和 API 。
8.控制平面薄弱。
9.元結構與應用程式結構失效。
10.有限的雲使用可見度。
11.濫用及違法使用雲服務。

拒絕服務共享技術漏洞以及雲服務提供者數據丟失和系統漏洞之類的問題已不在本報告之列。 這表明由雲服務提供者負責的傳統安全問題似乎已經有效的緩解。 相反我們看到更多的是需要解決那些位於技術棧更高層次的安全問題這些問題是高級管理層決策的結果。

在調查中評分最高的新專案更加細微表明消費者對雲的理解日益成熟。 這些問題本質上是雲計算的固有特性表明消費者正在積極考慮向雲遷移的技術環境。 這些主題涉及潛在的控制平面缺陷元結構和應用結構故障以及有限的雲可見性。 這些新的重點與以前的《 關鍵威脅Top Threats》報告中更為突出的通用威脅風險和漏洞(即數據丟失拒絕服務)明顯不同。

CSA大中華區希望本報告能夠提高組織對最重要的安全問題及其應對措施的認識並在為雲遷移和安全性制定預算時將其考慮在內。 該報告提供了控制建議和參考示例旨在供合規風險和技術人員使用管理層也能夠從本報告的技術趨勢和概述中受益。

下載報告:雲計算的 11 類頂級威脅

CSA HK&M Event Resume on 6 Aug 2020

Dear members and fellow colleagues,

We have not met or arrange knowledge sharing last year. The Covid-19 virus created a long social distance for us to group together. But as we all know Cloud Environment is changing so fast, if we don’t keep up our knowledge together, we will be left behind.

In the past 6 months, I participated in a number of CCSP and CCSK training and coaching in Hong Kong and Asia Pacific region. We can see that more and more people are using cloud computing environment. Usually, security specialists will ask the following questions – How can we secure our applications and infrastructure in our cloud environment? How can we support the multi-cloud environment? How can we make use of container environment to build up a secure and portable application? Any standard that can we use in cloud security assessment and audit?

Definitely, as we get together we will have more and more questions, idea, and knowledge that we can share.

So CSA HK&M chapter after the formation of our new council and committee for 2020, we would like to bring our knowledge sharing to another new platform for the new normal environment.

In this series of coming activities, CSA HK&M knowledge sharing session will become monthly regular lunch time webinar mode. The first event will be on “Securing your Virtual Bank in the Cloud” by the Security team of Welab. They definitely will be able to share their experience and idea about the virtual bank.

Stay tune for new updates.

Ricci IEONG, Vice Chairman Professional Development
Kelvin WONG, Education Director (Hong Kong)
Kevin LAM, Education Director (Macau)

CSA HKM supports the Outstanding ICT Women Awards

hkcs_oictwa2020_home

To recognise and encourage female role models and to attract more females to join ICT industry, the FACE Club of Hong Kong Computer Society (HKCS) launched the first-ever “Outstanding ICT Women Awards” to reward the much praised female individuals in the ICT field and to showcase the impact that they have made to the local ICT industry and the community.

Cloud Security Alliance Hong Kong & Macau Chapter is proudly supporting the award.  Please visit http://www.hkcs.org.hk/oictwa/ for details.

CCSP Training Course in March 2020

In the ever-changing world of the cloud, you face unique security challenges every day — from new threats to sensitive data, to uneducated internal teams. The Certified Cloud Security Professional (CCSP) recognises IT and information security leaders who have the knowledge and competency to apply best practices to cloud security architecture, design, operations and service orchestration. It shows you’re on the forefront of cloud security.

The next CCSP course in Hong Kong will be organised in March 2020:

17-19 & 24-25 March 2020,
09:00-18:00
1/F, HKPC Building,
78 Tat Chee Avenue,
Kowloon, Hong Kong
Cantonese with handout in English For people who interested in cyber security

CSA HKM members are entitled to special discount for the course.  Click HERE for details.

CSA HKM Supports CLOUDSEC Hong Kong 2019

Code Blocks 1cs5
Cloud Security Alliance supports CLOUDSEC, the leading internet security conference in Asia Pacific and Europe, on a regional basis.  The Hong Kong event will be held on August 27, 2019 at the Hong Kong Convention & Exhibition Center.

CLOUDSEC Hong Kong 2019 gathers together renowned experts, industry thought leaders, businesses and organizations from across the globe to re-evaluate and redefine their understanding of threats, risks and solutions in a rapidly evolving threat landscape.

With a theme of “Picture This! See. Secure. Go further.”, CLOUDSEC Hong Kong 2019 provides an avenue for enterprises and organizations to discuss and collectively address issues such as the increasingly complex cyber-attacks, shifting IT environments, and the upcoming trends in the computing and threat landscape.

Katie Lewin, Federal Director of Cloud Security Alliance will present as a keynote speaker and Ian Christofis, founding board member of CSA HKM, will host a panel discussion entitlted “Seeing CyberSecurity” during the event.

Date:  August 27, 2019 (Tuesday)
Time: 8:45 – 17:00
Venue:  N201, Hong Kong Convention & Exhibition Center, Wanchai
Registrationwww.cloudsec.com/hk
Admission Fee:  FREE

Certification of Cloud Security Knowledge (CCSK v4) Course

Good chance to upgrade your skillsets and enhance your careers by obtaining the Certificate of Cloud Security Knowledge (CCSK v4). A 3-day training and hands-on workshop is scheduled on 12-14 Jun, 2019. Feel free to call HP (852.3070 5591) for further details.

CSA HKM members got 15% discount on the course.
CCSK course 1906

CSA HKM Supports the Hong Kong ICT Awards 2019: Smart Business Award

Smart Business Award 2019

The Hong Kong ICT (HKICT) Awards aims at recognising and promoting outstanding information and communications technology (ICT) inventions and applications, thereby encouraging innovation and excellence among Hong Kong’s ICT talents and enterprises in their constant pursuit of creative and better solutions to meet business and social needs.

There are eight categories under the Hong Kong ICT Awards 2019, with the Smart Business Award covers 4 streams, including Solutions for Business and Public Sector Enterprise, Solution for SME, Big Data and Open Data Applications as well as Information Security. There will be one Grand Award in each category, and an “Award of the Year” will be selected from the eight Grand Awards by the Grand Judging Panel.

Cloud Security Alliance Hong Kong & Macau Chapter is proud to support the initiative.  For further information of the award please visit: http://www.hkcs.org.hk/ictawards/.

 

CSA HKM to support Video Ad Contest

Video Ad Contest 2018Cloud Security Alliance Hong Kong & Macau Chapter is supporting the “Stay Smart, Keep Cyber Scam Away” Video Ad Contest which is jointly organised by the Office of the Government Chief Information Officer, the Hong Kong Police Force and the Hong Kong Computer Emergency Response Team Coordination Centre.

The objective of the Video Ad Contest is to raise public awareness of cyber security and to encourage the adoption of security best practices, with a view to enhancing public concern about cyber scam.  Through creative and compelling video ad (not longer than 1 minute), participants can demonstrate how to guard against the cyber security threats we are facing and promote the best practices and smart tips to keep cyber scam away.

The prizes of the contest include iPhone 8, Apple Watch Nike+ Series 3, Polaroid R360 Camera, DJI Spark Fly More Combo, Nintendo Switch, Sphero bb-8 app-enabled droid, Cash Coupon and Book Coupon.  To recognise the active participation of schools, a “Most Supportive School Award” is available in the Secondary School and Primary School categories respectively.

Interested parties may submit the entry by 13 July 2018.

Do not miss the chance to win the attractive prizes.  For more details, please visit www.cybersecurity.hk/en/contest-2018.php.

 

ISACA China HK Chapter Annual Conference 2017 – Inspiration and Challenges of IT Governance vs Cybersecurity – 2017 and Beyond

Cloud Security Alliance Hong Kong & Macau Chapter is proud to support the ISACA China HK Chapter Annual Conference 2017, an event which will be held on March 16 at Regal Hong Kong Hotel.

Carrying the theme of “Inspiration and Challenges of IT Governance vs Cybersecurity – 2017 and Beyond”, delegates joining the event will hear key IT executives and decision makers from both local and overseas to share their views on the topic.

Pre-Conference Workshop
Instructor: Hugh Penri-Williams (VP of Association of Certified Fraud Examiners France Chapter and Owner, Glaniad 1865, France)
Date: 15 March 2017 (Wednesday)

Annual Conference
Date: 16 March 2017 (Thursday)
Time: 9:00am – 5:00pm
Venue: Regal HK Hotel, Ballroom, Basement 1, 88 Yee Wo Street, Causeway Bay

Post-Conference Workshop
Instructor: Robert Clyde (ISACA International Board Director and Managing Director of Clyde Consulting LLC)
Date: 17 March 2017 (Friday)

 

For more details, please visit the event page: www.isaca.org.hk/conference2017/