The EU GDPR: Hong Kong’s Road to Compliance Workshop – November 6, 2017


CSA HKM is proud to support a one-day workshop on “The EU GDPR: Hong Kong’s Road to Compliance” on November 6.

The workshop, which is hosted by the Internet Society Hong Kong, will map out the key changes to the EU data protection regime and their implications for key stakeholders in Hong Kong, notably regulatory authorities and organizations that handle personal data. Through a combination of panel and interactive discussions, it will provide more clarity on the applications of the GDPR for businesses, and guidance to help public and private entities adopt an action plan for compliance in preparation for the GDPR’s implementation in May 2018.

Date:    November 6, 2017 (Monday)
Time:   09:00 – 17:00
Venue: Ching Room, Sheraton Hotel, Hong Kong

EU GDPR 171106


Industry and University Collaboration Forum 2017 – November 14, 2017

CSA HKM is supporting the organisatin of the Industry and University Collaboration Forum (IUCF) to be held on 14th November, 2017 at Hong Kong Science Park, Shatin.

The theme this year is “Connecting the Dots for Reindustrialisation: The Greater Bay Area Landscape”.  The event will focus on innovation and technologies that can facilitate the next generation of industrial revolution for this region. It will be aligned with the national priorities for ‘Industry 4.0’ and ‘Made in China 2025’ as well as other national programmes such as the ‘South China Greater Bay Area’ or international mega-plans like the ‘Belt and Road’ initiative.

Mr Nicholas W. Yang, GBS, JP, Secretary for Innovation and Technology and Ms Annie Choi, JP, Commissioner for Innovation and Technology will officiate the opening ceremony of IUCF 2017.  In addition, Professor Tsui Lap-chee, Founding President of the Academy of Sciences of Hong Kong; Ms Wu Ling, Director of Ministry of Science and Technology Wide Band Gap Semiconductor Programme Office; and Professor Zexiang Li from the Hong Kong University of Science and Technology have agreed to deliver keynote speeches in the event.  Experts from the 3rd Generation of the Semiconductor Industry as well as eminent professionals from the fields of robotics, artificial intelligence and Internet of Things for intelligent manufacturing have also confirmed to share their thoughts and insights in the Forum.

DATE:  November 14, 2017 (Tuesday)
TIME:  9:30 – 17:30
Venue:  Charles K Kao Auditorium, Hong Kong Science Park, Shatin
Details and Registration:

Basic RGB

Hong Kong SMEs Cloud Adoption, Security & Privacy Readiness Survey Results Announced

October 25, 2017 – HONG KONG – Internet Society Hong Kong and Cloud Security Alliance – Hong Kong and Macau Chapter jointly announced the third annual report on “Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security & Privacy Readiness Survey” today. This survey is sponsored by Microsoft Hong Kong.

In the survey, 95% of the SMEs have already established policies towards data security after the launch of Personal Data (Privacy) Ordinance (the “Ordinance”), which is a leap of 40% as compared to that of two years ago. More than 50% of the SMEs believed that cloud security services provided by the Cloud Service Providers (“CSPs”) are reliable; Meanwhile, 45% of the SMEs claimed their CSPs are lacking transparency while handling customers data and information. It is not clear if the data kept on cloud could be deleted or returned after terminating the service contract with the providers. In terms of data privacy standard, 70% of the SMEs are not familiar with cloud security standards, such as ISO/IEC 27017 and ISO/IEC 27018, which reflects SMEs are not able to distinguish which CSPs follow the Ordinance or similar international legislation to protect their personal data.

The survey aims to understand Hong Kong SME’s readiness and application of cloud technologies. With the previous survey revealing the SMEs have already adopted cloud services to varying degrees, which brings to the focus of this year on analyzing SMEs understanding towards CSP’s handling on data and personal information.

Recommendations were made for SMEs to choose their CSPs. The survey was conducted in March 2017 and commissioned the Hong Kong Productivity Council to carry out telephone interviews to SMEs in Hong Kong (corporate size < 100 employees) over the course of three weeks and to review data from the Census and Statistics Bureau. The Council successfully collected 103 survey responses. The research covered major industry sectors in Hong Kong. The survey questionnaire was developed based on the Cloud Security Alliance Cloud Control Matrix international standard with questions adapted to local conditions.

SMEs Has A Higher Level Security Readiness In Overall Data Management And Information Security Systems The survey shows an increase in SMEs overall acknowledgment on data management and information security systems, particularly in physical security management, data privacy management, and incident management. Nearly 70% of the SMEs manage their IT systems with proper access rights and password control, representing an 15% increase when compared to that of 2015.

In addition, over 70% of the SMEs have good understanding of or have implemented data encryption, and over 60% of the SMEs have established their data disposal policy, which is a big jump when compare to none in 2015. Moreover, over 70% of the SMEs have established an Incident Response Plan and Disaster Recovery Plan, with a distinctive growth of 39% and 25% respectively. On the contrary, there is little progress on SMEs system management, with only 30% SMEs implemented a security patch policy, a slightly increase at 7.5%; Meanwhile, it is recorded a 4% decrease in SMEs firewall devices installation to further improve the security.

Mr. Sang YOUNG, Convener, Internet Security and Privacy Working Group, Internet Society Hong Kong, commented, “Comparing the data against with that of the past 2 surveys, we are happy to witness more and more SMEs formulate their data privacy policy, hence demonstrate higher readiness to data security on cloud and are more prepared to handle incidents. However, we see an increasing dependence on third party service provider’s cloud security systems, while a vast amount of SMEs are poor in implementing their security patches policies. We believe the number of SMEs relying on third party service provider’s cloud security service will remain huge, therefore we suggest SMEs to choose cloud service providers based on their transparency, and companies should review their vendor’s security solutions to ensure they are updated from time to time.”

SMEs Could Not Determine Whether CSPs Are Up To International Standard Compared with last year, the survey revealed that SMEs are showing more concern on personal data protection, with most of the companies (95%) claimed they follow the Ordinance from PCPD. However, SMEs are still lacking awareness on how CSPs process with their data, nearly half of the companies (45%) uses CSPs which are not transparent to their users if and when their data would be deleted and returned, and one-fifth of them (20%) do not know if their CSPs will use their data for marketing purpose. In the meantime, 25% of the surveyed SMEs reflected that their CSPs do not follow the Ordinance which raises a significant concern as CSPs are also data processors of the companies.

“SMEs should be clear on the CSP’s policies for data retention and deletion, including when the SMEs unsubscribe from the Cloud services in question. The survey revealed that up to 70% of SMEs are unclear on the international standard of cloud security & privacy, It is recommended that SMEs should look for CSPs which comply with international standards like ISO/IEC 27017 and ISO/IEC 27018 that provide guidelines to CSPs for the protection of Personally Identifiable Information,” commented Mr. Claudius LAM, Chairman of Cloud Security Alliance Hong Kong and Macau Chapter.

“As SMEs may not have the manpower and professional technology knowledge to deal with information security & privacy. With the use of reliable enterprise level CSP which in line with international standard, not only can overcome the deficiency, SMEs can also enjoy an enterprise level data privacy protection which ensure compliance with all relevant regulations at an affordable price”, said Mr. Fred SHEU, National Technology Officer of Microsoft Hong Kong Limited. “Microsoft is dedicated to help SMEs to leverage IT and enhance their competitiveness. The survey showed that more than 40% of Hong Kong SMEs will give priority to Microsoft Azure as their CSP. We will continue to invest and provide a more flexible and comprehensive cloud services to help local enterprises protect their data and assets effectively.”

For the full report, click HERE

SME Survey 2017

Photo shows: (From left) Claudius LAM, Chairman of Cloud Security Alliance Hong Kong & Macau Chapter, Sang YOUNG, Convener, Internet Security and Privacy Working Group, Internet Society Hong Kong, and  Fred SHEU, National Technology Officer of Microsoft Hong Kong Limited, announces the results of the Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security & Privacy Readiness Survey.

Hong Kong International Computer Conference – November 1-2, 2017

The Hong Kong International Computer Conference (HKICC) has been organised by the Hong Kong Computer Society (HKCS) since 1978 to provide an open platform for IT professional in Hong Kong and the region to present their research papers and to share their experience. This annual flagship event is one of the best and most popular ICT conferences in Hong Kong. Near 500 delegates attended the conference of last year, representing a variety of local and overseas participants from public and private sector organisations, including renowned ICT professionals, academics, executives and senior government officers. The theme of the conference this year is “Capitalise on the Belt and Road Initiative through Digital Innovation”.

Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organizations this year.  Details of the event:

Technical Conference / Workshop
DATE:    November 1, 2017 (Wednesday)
TIME:    2:00pm – 5:30pm
VENUE: Meeting Room S227 & S228, Hong Kong Convention and Exhibition Centre

Main Conference
DATE:    November 2, 2017 (Thursday)
TIME:    9:00am – 5:50pm
VENUE: Theatre 2 & Meeting Room S227, Hong Kong Convention and Exhibition Centre

Information and registration:

HKICC 2017



本次研討會邀請到雲安全聯盟香港澳門分會會長林志堅先生、雲安全聯盟香港澳門分副主席 Mr. Otto Lee,以及香港順安達科技有限公司陳寶明先生,分享大數據及智能城市的資訊安全方面的知識及經驗,從而協助我們能在發展智能城市中作出一些準備。

有關研討會的最新資訊及報名,請掃瞄附件上的二維碼或登入網站。如有查詢請致電澳門生產力科技轉移中心 853.88980630 李先生,或 P&P IT 工作室有限公司 853.28333233 楊先生。


時間:下午 2:30 至 5:30
地點:澳門新口岸上海街中華總商會大廈七樓 CPTTM 演講廳

主辦機構:ISACA澳門分會、雲安全聯盟香港澳門分會、P&P IT工作室有限公司

Banner - 170929

CSA HKM Knowledge Sharing Event – September 2017

CSA Knowledge Sharing Event provides an excellent opportunity for cybersecurity professionals to discuss the latest trends and developments in IT and in the process build a close-knitted cybersecurity community in Hong Kong and Macau.

This month we have invited Mr Matthew Heap, Head of Solution Architecture, Asia Pacific, at Datapipe to deliver a talk entitled “Achieving PCI Compliance – Best Practices Working you’re your Cloud ProviderCloud Adoption at Governments – Building Public Cloud Policy” where he will share how you should engage with your cloud provider when it comes to your organization’s cloud security.

Details of the talk:

PCI compliance affects every organization within the credit card payment chain. Whether you are a merchant, a software company, or an independent sales organization (ISO), each has different needs and challenges, but all must abide by PCI Standards. Datapipe provides consulting, migration and management services for three of the largest public cloud platforms in the world and was one of the first hosting providers in the world to achieve PCI DSS Level 1 service provider status, which is the highest, most rigorous status in the industry. Learn from the best on how you should engage with your cloud provider when it comes to your organization’s cloud security.

The Speaker
Matthew Heap is the Head of Datapipe’s Solution Architecture in Asia Pacific. He manages a team of AWS Certified Solution Architects across the APAC region. Matt has over 10 years’ experience with a focus on public cloud, virtualization and server based computing. An AWS Certified Solutions Architect – Professional Level, Matt has over 6 years’ experience architecting solutions in AWS. Matt has been instrumental in developing strategic solutions for enterprise customers to accelerate their journey to the cloud.

Please do not miss this opportunity to learn from the expert and connect with your peers.

Participants can claim 1.5 CPE.

Event Details:

TOPIC: Achieving PCI Compliance – Best Practices Working with your Cloud Provider

DATE: September 21, 2017 (Thursday)

TIME: 4:30 – 6:00 pm

VENUE: Room Z414, Core Z, The Hong Kong Polytechnic University, Hung Hom


“Build a Secure Cyberspace 2017 – Smart Home, Safe Living” Security Seminar – September 20, 2017

Cloud Security Alliance Hong Kong & Macau Chapter is a supporter of the “Build a Secure Cyberspace 2017 – Smart Home, Safe Living” security seminar, an event jointly organised by the Office of the Government Chief Information Officer (OGCIO), the Hong Kong Police Force (HKPF) and the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT).  

In this seminar, information security experts will introduce security best practices and share their experience on how to protect information systems and assets, so that everyone can continue to enjoy the convenience and fun brought about by technology.

Details of the arrangement are as follows:

Date: September 20, 2017 (Wednesday)
Time: 09:30 – 17:30 (registration starts at 09:00)
Venue: Conference Hall, 4/F, HKPC Building, 78 Tat Chee Avenue, Kowloon Tong
Language: Cantonese
Target Audience:
AM Sessions: SMEs, Businesses, Management, IT Professionals
PM Sessions: SMEs, Schools, Students, General Public
Details and Registration: