The Cloud Security Alliance Hong Kong & Macau Chapter is pleased to support the Hack A Day 2024, hosted by PwC Hong Kong.
This year’s theme, “Securing Identity”, focuses on the critical importance of protecting personal and digital identities in our interconnected world. Get ready for insightful presentations from industry experts, hands-on workshops on identity governance and data privacy, and plenty of networking opportunities.
DATE: 11 November 2024 (Monday) TIME: 9:00 am – 6:00 pm VENUE: M+, West Kowloon Cultural District, 38 Museum Drive, Kowloon
Register nowto secure your spot and join us in making the digital world a safer place.
The Cloud Security Alliance Hong Kong & Macau Chapter is proud to announce the upcoming 21st anniversary of the annual Cyber Security Summit (CS Summit). The CS Summit will bring together renowned cybersecurity experts from both local and international backgrounds, as well as representatives from globally recognized companies. Over the course of two days, attendees can expect captivating keynote speeches, thought-provoking panel discussions, and interactive workshops.
The theme for this year’s summit is “Cyber Security Fortification – The AI Paradox,” with a subtheme focusing on “Emerging Technologies, Legislation, Regulations, Privacy, and Compliance.”
Jointly organising the event with a number of prestigious industrial organisations, CSA HKM is dedicated to providing an exceptional event that fosters learning, collaboration, and networking opportunities. This summit offers a unique chance to gain valuable insights from industry leaders in the cybersecurity field. Join us as we work towards creating a safer digital landscape. We eagerly anticipate your participation in this exciting event.
Details of the event:
Date: 23 – 24 October 2024 (Wednesday – Thursday) Time: 08:30 – 18:00 Venue: 2/F, Old Wing, HKCEC, Wanchai, Hong Kong Details and Registration: https://www.cssummit.hk/
In recent years, cybersecurity has become one of the most prominent and talent-scarce fields in the information technology sector. Offensive and defensive cybersecurity, in particular, will be a key future demand for industry professionals. This has led to the rise of positions such as “Penetration Tester,” “Ethical Hacker,” and “Red Team Operator.” These roles require a deep understanding of programming, cryptography, application systems and etc. The mindset and techniques akin to those of hackers will also be the elements in order to quickly identify and patch security vulnerabilities.
Capture The Flag (CTF) competitions are designed to train these specific skills and mindsets. Participants must find hidden vulnerabilities in a simulated environment based on real systems to break through security defenses. Upon success, they capture “flags” and earn points. Such competitions are held worldwide to enhance security techniques, with some even featuring global rankings to compete for the title of the best in the world.
“HKCERT Capture The Flag 2024” is organised by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) and the Hong Kong Productivity Council (HKPC), and is supported by the Cloud Security Alliance Hong Kong & Macau Chapter. At its fifth edition, it is one of the largest cybersecurity competitions in Hong Kong, featuring four categories: Secondary School, Tertiary, Open, and International.
In today’s high-speed digital landscape, cyber risks continually surge across expansive attack surfaces, putting organizations in a restless race to defend against threats.
In the Knowledge Sharing Event organised by Cloud Security Alliance Hong Kong & Macau Chapter on August 22, our guest speaker, Tony Lee, Head of Consulting at Trend Micro, will explore the impact of real-time attack surface risk management to optimize operational strategies and address modern cyber risks. Learn how critical components of exposure management, from initial attack surface discovery to the deployment of virtual patching and the pivotal role of next-gen endpoint protection can work together to shrink your attack surface, pre-emptively strengthen defences and reduce the likelihood of a breach.
Please do not miss this opportunity to learn from the expert and get connected with your peers.
Participants may claim 1 CPE
DATE: August 22, 2024 (Thursday) TIME: 12:30 – 01:30 pm FORMAT: Webinar (in Cantonese) SPEAKER: Tony Lee, Head of Consulting, Trend Micro TOPIC: Resilience in the Modern Threat Landscape CONTENT: From this session, cybersecurity leaders and defenders will gain insights into the adversary’s playbook, learning about novel vectors such as AI-driven attacks and evolutions in ransomware. The session is designed to empower cybersecurity professionals with knowledge to anticipate and meet the challenge of these advanced threats. REGISTRATION: https://www.eventbrite.hk/e/csa-hkm-knowledge-sharing-event-august-2024-tickets-977856794997
It’s an exciting month for cybersecurity professionals in Hong Kong. Earlier this month, the HKSAR Government initiated a public consultation on a proposed legislative framework to enhance the protection of computer systems for critical infrastructure (CI) in Hong Kong.
The framework, outlined in the document [https://www.legco.gov.hk/yr2024/english/panels/se/papers/se20240702cb2-930-3-e.pdf], aims to establish a set of statutory obligations and security measures for operators of critical infrastructures. This is in response to the growing reliance of essential services on computer systems and the increasing threat of cyberattacks that could disrupt Hong Kong’s economy, public safety, and national security. By introducing this new legislation, the government seeks to strengthen the cybersecurity posture of Hong Kong’s critical infrastructure, ensuring the reliable and uninterrupted provision of vital services to the community
Last Friday, July 19, we encountered another massive incident – massive failure of Microsoft Windows with CrowdStrike Falcon Agent (EDR) installed. How should we proceed and how should we react to this? Should we reconsider before installing EDR to the computer systems in Critical Infrastructure environment.
Cloud Security Alliance Hong Kong & Macau Chapter considered that it is time that we should gather our brain and mindset together to determine what should we prepare for the CyberSecurity Law? How should we make use of the framework to enhance the security posture of Hong Kong Critical Infrastructure?
CSA HKM arrange an online forum on July 26, 2024 (Friday) during our knowledge sharing session at 12:30 – 13:30. We have invited our council member and some other practitioners to give their comments. We also wish to gather the comments from you as well.
DETAILS:
DATE: July 26, 2024 (Friday)
TIME: 12:30 – 13:30 pm
FORMAT: Online Zoom Session.
TOPIC: How should “WE” make the CyberSecurity Framework to enhance the Critical Infrastructure protection?
LANGUAGE: English PANELIST: – Terry Cheung, Kevin Liu, Otto Lee, Ricci Ieong [Board Members of Cloud Security Alliance (HK & Macau)] – Wilson Tang [Vice Chairman of HKCNSA] – Billy Fung [Deputy Director of Financial Services Committee, HKCNSA] – Representatives from some Cloud Service Providers
CSA is thrilled to announce the release of the Certificate of Cloud Security Knowledge (CCSK) v5, the mark of the modern cybersecurity professional. This latest version of our vendor-neutral cloud security training is designed to help you demonstrate mastery of essential and up-to-date cloud security knowledge.
CCSK v5 builds upon the strong foundation of CCSK v4, offering substantial updates that provide a detailed understanding of modern cloud components and state-of-the-art security best practices. Key enhancements include:
Increased and Refined Focus Areas: Expanded coverage on Cloud Workloads, Serverless/FaaS, Application Security, CI/CD, DevSecOps, and Automation.
Strengthening Core Areas: Improved content across Governance, Auditing, Compliance, Organizational Security, IAM, and Incident Response.
New Additions: Integration of Artificial Intelligence (AI) and Generative AI, Zero Trust strategy, and explicit references to Data Lakes.
With CCSK v5, you gain access to the groundbreaking CCSK Orb chatbot, an interactive tool designed to help you master the body of knowledge and provide ongoing assistance in your daily challenges managing the roadblocks of a cloud security professional. This certificate remains the benchmark for cloud security expertise, equipping you to tackle both current and emerging security threats.
The Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organsation of the BUSINESS GOVirtual Tech Conference 2024 is a premier event for business leaders, entrepreneurs, enterprises, innovators, IT experts, solution providers, marketers, and anyone who want to stay ahead of the curve in the fast-changing world of technology, and empower their business through digital transformation.
The two-day conference will take place on 11-12 July 2024 at Hong Kong Convention & Exhibition Centre, featuring inspiring keynote speeches, engaging discussions, successful case sharing, interactive workshops, networking opportunities, and live demos of the latest technologies and solutions that can elevate your business.
DATE: July 11-12, 2024
TIME: 10:30 am – 5:00 pm
PLACE: 3FG, Hong Kong Convention & Exhibition Center
In addition, recently, we know that a number of organizations and HKSAR government departments and/or HKSAR government related organizations encountered various levels of cyberattack or data leakage. Some are related to improper configurations in the Cloud Access Control. But that is not just issues to HKSAR Government, but to other countries as well.
However, is that meaning we should not use cloud or should move away from the trend of Cloud Computing?
Cloud Security Alliance (HK&Macau Chapter) considered that it would be the perfect time for CSAHKM to bring up this topics to the fireside discussion after the knowledge sharing by Meng-Chow. Representative from AWS, CSA HKM and guests will discuss together – Cloud is really NOT secure?
Cloud Security Alliance Hong Kong & Macau Chapter is proud to support the BIM Forum 2024, an event organized by the Informatics and Control Technologies(ICT) Section of the IET Hong Kong.
The BIM technology has brought significant changes to the construction industry, improving building quality, project effectiveness, and offering solutions to environmental issues.
With a theme of “Riding on the Wave of Intelligent BIM“. This event aims to provide a platform for key professionals from government, industry, and university researchers to share the latest developments and applications of BIM technologies, and discuss government policies related to this field.
EVENT: IET Hong Kong BIM Forum 2024 THEME: Riding on the Wave of Intelligent BIM DATE: June 22, 2024 (Saturday) TIME: 9:00am – 2:00pm VENUE: H6 Conet, G/F, The Center, 99 Queen’s Road Central DETAILS:http://bimforum.ictconference.hk/
In the past few months, a number of high-profile data breaches and ransomware attacks have been reported in the news. It seems that cyber criminals are becoming increasingly active, launching more incidents targeting various organizations in Hong Kong. Cybersecurity has once again emerged as a hot topic in the media, drawing significant attention.
As more computing environments have migrated to the cloud, cloud-based cybersecurity solutions have become increasingly crucial. In response to these evolving threats and the growing importance of cloud security, the Cloud Security Alliance is finalizing the latest version of its Security Guidance document (v5) as well as the CCSK (Certificate of Cloud Security Knowledge) certification program (v5).
To ensure the security of cloud computing environments, it is essential to enrich the cloud security checklist for cloud service customers (CSCs). This will help CSCs implement robust security measures and mitigate the risks associated with cloud adoption.
To keep pace with the shift towards cloud computing, security defense platforms need to evolve into a hybrid model that covers both cloud and on-premises environments. Dr. Kang Meng Chow will be introducing a logging strategy for this hybrid network environment during an upcoming in-person event.
After more than 5 years of virtual-only events, the Cloud Security Alliance Hong Kong & Macau Chapter is excited to organize a physical event at the AWS Office, located at 20/F, Tower 535, 535 Jaffe Road, Hong Kong. . This event will provide a valuable opportunity for industry professionals to connect, collaborate, and stay abreast of the latest developments in cloud security.
TOPIC: Pull up your SOC – thoughts on logging strategy in a heterogeneous network environment
LANGUAGE: English SPEAKER: Dr. KANG Meng Chow, Director of Averitus Pte, Ltd.
THE SPEAKER:
Meng-Chow is a practicing professional for over 30 years in various cyber security roles across different industries, including the Singapore government, major multi-national financial institutions, and global security and technology providers including Amazon Web Services (AWS), Cisco and Microsoft.
He has held various standards chair and co-chair positions in Singapore, ISO, and ITU-T, and founded the RAISE Forum in 2004. He was Board Director for ISC2 in 2015-2017.
He published a book, “Responsive Security” in 2013, and has been an Adjunct Associate Professor with NTU, a member of MAS CSAP, and a Govtech Smart Nation Fellow.
ABSTRACT:
This talk discusses the challenges and best practices for developing an effective logging strategy within a security operations center (SOC) managing a heterogeneous network including cloud and on premises infrastructures.
The presentation outlines key logging strategy objectives, including comprehensive incident data, data-driven decision making, and regulatory compliance. It also explores unique obstacles in heterogeneous environments, such as disparate log formats, and centralized management difficulties, and suggests several options for discussion and considerations for designing an effective logging strategy to meet the challenges of complex, heterogeneous networks.
CSA Hong Kong and Macau Chapter 