CSA HKM Supports the 7th Cloud Forum

Cloud Security Alliance Hong Kong & Macau Chapter is pleased to support the the 7th Cloud Forum, which will be held on October 25, 2022.

With a theme of “Cloudnovating the future!”, the event will highlights:

  • Cloud Strategic Positioning and Adaptation for FSI in the Next 5 Years
  • Expedite Business Innovation by Using AI, Blockchain and Cloud
  • Digital Transformation: Efficient and Effective Cross-border Cloud Integration
  • AWS Machine Learning and Serverless Solutions
  • Azure Arc – Innovation Across Multi-cloud

Details of the event:

Date: October 25, 2022 (Tuesday)
Time: 09:00-12:30 – Executive Conference
14:30-17:30 – Cloud Tech Workshop
Venue: Hong Kong Convention & Exhibition Center
Details: https://www.cloudforum.hk/

Cyber-Dependent Crimes and Jurisdictional Issues (HKLRC Consultation Paper) Discussion Forum

The consultation paper on Cyber-Dependent Crimes and Jurisdictional Issues was published by the Cybercrime Sub-committee of the Law Reform Commission on July 20, 2022.  

https://www.hkreform.gov.hk/en/publications/cybercrime.htm

The purpose of the consultation paper is to make preliminary proposals for law reform on addressing the issues of the protection of individuals’ rights as well as the criminal activities carried out by the rapid developments of information technology, the computer and the internet.

This consultation is affecting our future view in CyberSecurity area. The proposed five cyber-dependent crimes mentioned in the paper will definitely impacts all of us including CyberSecurity practitioners and even IT practitioners.

Thus, Cloud Security Alliance Hong Kong & Macau Chapter is working with HKU Computer Science Department, as well as Information Security and Forensics Society (https://www.isfs.org.hk), Hong Kong Computer Society (https://www.hkcs.org.hk) and other IT organisations to jointly organise a Tech Forum to discuss on the topic.

Online Discussion will be held on September 14, 2022:

DATE: September 14, 2022 (Wednesday)
TIME: 18:30 – 20:30 (HK Time)
FORMAT: Online Zoom
TOPIC: HKU-CS Online Tech Forum and Discussion:  the Consultation Paper on Cyber-Dependent Crimes and Jurisdictional Issues

Agenda

  • Opening Remarks
  • Brief Introduction – The Purpose Of This Forum
  • Brief Introduction – The Consultation Paper
  • Q&A Session
  • Closing Remarks

Free registration at https://forms.gle/eJtEsxGZkrMPFQ5HA

[CSA Report] Sensitive Data in the Cloud

The Cloud Security Alliance was commissioned by Anjuna to develop a survey and report to better understand the industry’s knowledge, attitudes, and opinions regarding sensitive data in the cloud. Anjuna financed the project and co-developed the questionnaire by participating with CSA research analysts. The survey was conducted online by CSA in April 2022 and received 452 responses from IT and security professionals from various organization sizes and locations. CSA’s research team performed the data analysis and interpretation for this report.

Goals of the Study The goal of this survey was to understand the following:

• Cloud use and data security needs
• Security priorities and challenges for the next year
• Approach to hosting sensitive data and workloads in the cloud
• Familiarity with cloud and data security technologies

Download the report: https://cloudsecurityalliance.org/artifacts/sensitive-data-in-the-cloud/

CSA HKM Supports Information Security Summit 2022

Cloud Security Alliance Hong Kong & Macau Chapter is a proud supporter of the Information Security Summit 2022.

Jointly organised by the Hong Kong Productivity Council and leading information security organisations in Hong Kong, the Summit is the flagship cyber security summit in Hong Kong, with the aim to provide participants with the latest information security trends and developments.

This year, themed “Security Transformation for the Next Normal – Evolution of Risk Management and Data Protection in a Post Pandemic World”, the 2-day Summit will focus on how the enterprises can transform their security successfully under the cyber security challenges and the escalating cyber threats for the next normal. The topic will cover emerging cyber attacks and technologies, new security defence framework and risk management methodologies.

Details:

Date:6-7 September 2022
Time:09:00 – 18:00
Venue:4th Floor, Hong Kong Convention and Exhibition Centre
Fee:Free (Registration is required)
Registration:https://www.issummit.org/registration/index.html
Details:https://www.issummit.org/

Certificate of Cloud Auditing Knowledge (CCAK) – First local class in Hong Kong and Macau

Auditing of Cloud Computing Environment is getting more important than ever. More application and infrastructure already implemented in the Cloud Environment.

In last month, Cloud Security Alliance and ISACA jointly promoted the Certificate of Cloud Auditing Knowledge (CCAK) virtual class with discount.

In this month, after we got the confirmation from VTC for the RTTP approval, we can start to offer our first CCAK class in Hong Kong locally. In order to catch this training for yourself or your company, Cloud Security Alliance (HK & Macau) chapter and Hatter Company Limited offer this CCAK evening (Hybrid Class) from 23 August 2022 to 20 Sep 2022 on every Tuesday from 19:00 – 22:00.

If you are interested in registering the first ever CCAK class, you can register and check the link in RTTP web site and apply directly.

CSA (HK and Macau) Chapter members will be entitled to membership discount. For non-CSA (HK&M) Chapter member, you will also be granted with the CSA (HK and Macau) Chapter membership, after taking the class.

CSA HKM Knowledge Sharing Event – August 2022

With an exploding set of cloud infrastructure services and an increasing number of stakeholders involved in infrastructure and security decisions, the cloud has formed the perfect storm for security. In the ever-evolving threat landscape, organisations need capabilities in place to help detect and respond rapidly to threats that may breach defenses. Today, many organizations use multiple, separate security layers to detect threats across their email, endpoints, servers, cloud infrastructure, and networks, leading to siloed threat information and an overload of uncorrelated alerts.

In the Knowledge Sharing Event organised by Cloud Security Alliance Hong Kong & Macau Chapter on August 11, our guest speaker, Alan Leung from Trend Micro will introduce ways to broaden an organisation’s scope of detection and response across endpoint, email, networks, servers, and cloud workloads; as well as collecting and analyzing diverse data quickly empowers teams to understand, mitigate, and respond to risk.

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: August 11, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar (in Cantonese)
TOPIC: Enhanced Visibility to Mitigate Risks on Cloud Workload
SPEAKER: Alan Leung, Consultant, Trend Micro

CONTENT:

As more organizations are moving their server workloads to the cloud to enjoy the many advantages of hybrid cloud computing, they also face more risks and threats. Organizations must ensure compliance requirements are met, and that they have unified security and visibility across all workloads such as physical servers, virtual, cloud, or containers. Join this session to understand the crucial elements of a comprehensive detection and protection and how to leverage enhanced visibility to complement the protection.

THE SPEAKER:
Alan is a Consultant at Trend Micro – a Global leader in Cyber Security solutions. He provides Security advise and Technical consultation to Enterprise Customers.

Prior to joining Trend Micro, Alan was a Technology Consultant with more than 10 years of IT experience. He has strong technical background in datacenter, cloud and network security.

He also obtained the CCIE and a number of certificates in cyber security from a number of vendors.

View the Presentation: https://youtu.be/AT9Q2MLxbhs

[CSA Report] SaaS Governance Best Practices for Cloud Customers

Prepared by the SaaS Governance Working Group under Cloud Security Alliance, the SaaS Governance Best Practices for Cloud Customers report provides a baseline set of SaaS governance best practices to help organizations leverage the full potential of SaaS environments. With the global SaaS industry estimated to reach 441 billion dollars* by 2027, a critical question grows: can organizations shift how they handle cybersecurity?

Adopting SaaS applications and solutions requires updated protocols for protecting data. This new publication provides guidance and defines three components for a cohesive strategy toward SaaS governance and security.

Organizations that fail to adopt an updated security governance mindset may experience: 

  • Breaches that disclose sensitive data 
  • Revenue loss
  • Tarnished reputation
  • Damaged customer trust
  • Regulatory consequences 

Learn how to implement practices that protect sensitive data throughout the entire SaaS lifecycle – evaluation, adoption, usage, and termination. 

Download the report: https://cloudsecurityalliance.org/artifacts/saas-governance-best-practices-for-cloud-customers/

CSA and Google Cloud Launch Survey Report on Measuring Risk and Risk Governance

In collaboration with Google Cloud, CSA released the new survey report Measuring Risk and Risk Governance to provide a deeper understanding of public cloud adoption and risk management practices within the enterprise.

The goal of this research is to assess the maturity of public cloud and risk management within enterprises. Among the survey’s key findings:

  • There is no consistency of data classification across the use of cloud platforms and services — only 21% of users are utilizing cloud service data classification.
  • More than half (52%) of organizations reported that they did not evaluate the risk of their cloud services being used after procurement as product features or business environments changed.

This study shines a light on the opportunity enterprises can take to manage and measure their risk, and will hopefully lead to improved risk management practices.

​​“Increasingly, cloud is becoming … more of a means to manage risks. Continuously evaluating your risk status allows enterprises to properly configure and maximize the effectiveness of [your] security solutions, which in turn, protects their assets and improves business productivity,” said Phil Venables, Chief Information Security Officer and Vice President of Google Cloud. 

This study confirms that IT modernization into the cloud is the best path toward viable risk management.

Download it here.

[CSA Research] – Top Threats to Cloud Computing Pandemic Eleven

Cloud Security Alliance’s Top Threats reports have traditionally aimed to raise awareness of threats, risks, and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing.

In this sixth installment, CSA surveyed 703 industry experts on security issues in the cloud industry. This year the respondents identified eleven salient threats, risks, and vulnerabilities in their cloud environments. The Top Threats Working Group used the survey results and its expertise to create the 2022 Top Cloud Threats report – the ‘Pandemic Eleven’.

Download it here: https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-pandemic-eleven/

CSA HKM Knowledge Sharing Event – June 2022

Securing cloud computing environment is more than just protecting data and workloads in the cloud and cloud management platform. When more and more cloud-based applications were developed in shared model, vulnerabilities in shared environment could fall between the cracks. Thus, supply chain risk already become a serious issue to many companies.

In the Knowledge Sharing Event organised by Cloud Security Alliance Hong Kong & Macau Chapter on June 9, we will look into how to detect and mitigate supply chain risks.

Checkmarx Engineer, Richard Lee, will bring us to the practice world of security review through demonstration. He will cover:

  • The types of risks associated with open source libraries  
  • How to test the libraries you’re using for safety 
  • Tools you can use to protect your business
  • New reputational and behavioral analysis techniques to overcome obfuscation attempts

Please do not miss this opportunity to learn from the expert and get connected with your peers.

Participants will claim 1 CPE.

DATE: June 9, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Open Source Software Supply Chain: Risks and Mitigation
SPEAKER: Richard Lee, APAC Channel Sales Engineer, Checkmarx

CONTENT:

Open source libraries have become an essential part of almost all modern applications.  Without open source, software development would be stuck in the slow lane. Not “reinventing the wheel” each time you need a certain functionality in an app saves time and effort, and as a result, open source isn’t going away anytime soon. If anything, it’s becoming more and more widespread.     

But there’s a certain amount of risk that comes with using open source components, modules, and libraries. Today, it’s increasingly important to protect yourself from these risks.

In this session, we discussed the importance and prevalence of open source software as well as the ways you can protect yourself from its attendant risks and licensing issues. The goal is to catch issues early, before they can become a problem or a liability. We’ll cover best practices to secure the software supply chain against errors and bad actors, along with what steps to avoid.

THE SPEAKER:
Richard Lee is currently the Checkmarx Channel Sales Engineer for the Asia Pacific Region with over 10 years’ experience in the IT, IT security and Application Security industry. He has held various positions in manufacturing, software companies and information security companies.

Richard is currently responsible for AST Platform, SAST (Static Application Security Testing), IAST (Interactive Application Security Testing), SCA (Software Composition Analysis) and CodeBashing technologies. Prior to joining Checkmarx he held various positions at Intel, Microsoft, HP and SafeNet.

Richard holds a bachelor’s degree in Computer Science from the University of Kansas, USA.

View the presentation: https://youtu.be/LY8Tkisq2Zs