CSA HKM Knowledge Sharing Event – July 2024 – Discussion Forum

It’s an exciting month for cybersecurity professionals in Hong Kong. Earlier this month, the HKSAR Government initiated a public consultation on a proposed legislative framework to enhance the protection of computer systems for critical infrastructure (CI) in Hong Kong.

The framework, outlined in the document [https://www.legco.gov.hk/yr2024/english/panels/se/papers/se20240702cb2-930-3-e.pdf], aims to establish a set of statutory obligations and security measures for operators of critical infrastructures. This is in response to the growing reliance of essential services on computer systems and the increasing threat of cyberattacks that could disrupt Hong Kong’s economy, public safety, and national security. By introducing this new legislation, the government seeks to strengthen the cybersecurity posture of Hong Kong’s critical infrastructure, ensuring the reliable and uninterrupted provision of vital services to the community

Last Friday, July 19, we encountered another massive incident – massive failure of Microsoft Windows with CrowdStrike Falcon Agent (EDR) installed. How should we proceed and how should we react to this? Should we reconsider before installing EDR to the computer systems in Critical Infrastructure environment.

Cloud Security Alliance Hong Kong & Macau Chapter considered that it is time that we should gather our brain and mindset together to determine what should we prepare for the CyberSecurity Law? How should we make use of the framework to enhance the security posture of Hong Kong Critical Infrastructure?

CSA HKM arrange an online forum on July 26, 2024 (Friday) during our knowledge sharing session at 12:30 – 13:30. We have invited our council member and some other practitioners to give their comments. We also wish to gather the comments from you as well.

DETAILS:

DATE: July 26, 2024 (Friday)

TIME: 12:30 – 13:30 pm

FORMAT: Online Zoom Session.

TOPIC: How should “WE” make the CyberSecurity Framework to enhance the Critical Infrastructure protection?

LANGUAGE: English
PANELIST:
– Terry Cheung, Kevin Liu, Otto Lee, Ricci Ieong [Board Members of Cloud Security Alliance (HK & Macau)]
– Wilson Tang [Vice Chairman of HKCNSA]
– Billy Fung [Deputy Director of Financial Services Committee, HKCNSA]
– Representatives from some Cloud Service Providers

LISTEN to the FORUM: https://www.youtube.com/watch?v=rrbtnIoSkWg

This discussion forum is organized by Cloud Security Alliance HK & Macau Chapter (CSA HKM) and supported by Hong Kong China Network Security Association (HKCNSA) and Information Security and Forensics Society (ISFS).

CCSK v5 Now Available


CSA is thrilled to announce the release of the Certificate of Cloud Security Knowledge (CCSK) v5, the mark of the modern cybersecurity professional. This latest version of our vendor-neutral cloud security training is designed to help you demonstrate mastery of essential and up-to-date cloud security knowledge.

CCSK v5 builds upon the strong foundation of CCSK v4, offering substantial updates that provide a detailed understanding of modern cloud components and state-of-the-art security best practices. Key enhancements include:

  • Increased and Refined Focus Areas: Expanded coverage on Cloud Workloads, Serverless/FaaS, Application Security, CI/CD, DevSecOps, and Automation.
  • Strengthening Core Areas: Improved content across Governance,
    Auditing, Compliance, Organizational Security, IAM, and Incident Response.
  • New Additions: Integration of Artificial Intelligence
    (AI) and Generative AI, Zero Trust strategy, and explicit references to Data Lakes.

With CCSK v5, you gain access to the groundbreaking CCSK Orb chatbot, an interactive tool designed to help you master the body of knowledge and provide ongoing assistance in your daily challenges managing the roadblocks of a cloud security professional. This certificate remains the benchmark for cloud security expertise, equipping you to tackle both current and emerging security threats.

Explore CCSK v5

CSA HKM Supports the BUSINESS GOVirtual Tech Conference 2024 

The Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organsation of the BUSINESS GOVirtual Tech Conference 2024 is a premier event for business leaders, entrepreneurs, enterprises, innovators, IT experts, solution providers, marketers, and anyone who want to stay ahead of the curve in the fast-changing world of technology, and empower their business through digital transformation.

The two-day conference will take place on 11-12 July 2024 at Hong Kong Convention & Exhibition Centre, featuring inspiring keynote speeches, engaging discussions, successful case sharing, interactive workshops, networking opportunities, and live demos of the latest technologies and solutions that can elevate your business. 

DATE: July 11-12, 2024

TIME: 10:30 am – 5:00 pm

PLACE: 3FG, Hong Kong Convention & Exhibition Center

DETAILS: https://www.govirtualexpohk.com/

CSA HKM Knowledge Sharing Event – June 2024 (Extension)

In addition to our original CSA HKM first physical knowledge sharing event after 5 years of webinar in virtual world by Dr. KANG Meng-Chow in AWS office. He will cover the topic – Pull up your SOC – thoughts on logging strategy in a heterogeneous network environment.

In addition, recently, we know that a number of organizations and HKSAR government departments and/or HKSAR government related organizations encountered various levels of cyberattack or data leakage. Some are related to improper configurations in the Cloud Access Control. But that is not just issues to HKSAR Government, but to other countries as well.

As reported by TechNewsDay.com, Four Cloud-Related Data Breaches were reported just recently. In that case, Snowflake which is an AI services provider in the Cloud may be related.

However, is that meaning we should not use cloud or should move away from the trend of Cloud Computing?

Cloud Security Alliance (HK&Macau Chapter) considered that it would be the perfect time for CSAHKM to bring up this topics to the fireside discussion after the knowledge sharing by Meng-Chow. Representative from AWS, CSA HKM and guests will discuss together – Cloud is really NOT secure?

Let’s join our discussion together.

REGISTRATION: https://csahkmkse2406.eventbrite.hk/

CSA HKM to support BIM Forum 2024

Cloud Security Alliance Hong Kong & Macau Chapter is proud to support the BIM Forum 2024, an event organized by the Informatics and Control Technologies(ICT) Section of the IET Hong Kong.

The BIM technology has brought significant changes to the construction industry, improving building quality, project effectiveness, and offering solutions to environmental issues.

With a theme of “Riding on the Wave of Intelligent BIM“. This event aims to provide a platform for key professionals from government, industry, and university researchers to share the latest developments and applications of BIM technologies, and discuss government policies related to this field.

EVENT: IET Hong Kong BIM Forum 2024
THEME: Riding on the Wave of Intelligent BIM
DATE: June 22, 2024 (Saturday) 
TIME: 9:00am – 2:00pm
VENUE: H6 Conet, G/F, The Center, 99 Queen’s Road Central
DETAILS: http://bimforum.ictconference.hk/

CSA HKM Knowledge Sharing Event – June 2024

In the past few months, a number of high-profile data breaches and ransomware attacks have been reported in the news. It seems that cyber criminals are becoming increasingly active, launching more incidents targeting various organizations in Hong Kong. Cybersecurity has once again emerged as a hot topic in the media, drawing significant attention.

As more computing environments have migrated to the cloud, cloud-based cybersecurity solutions have become increasingly crucial. In response to these evolving threats and the growing importance of cloud security, the Cloud Security Alliance is finalizing the latest version of its Security Guidance document (v5) as well as the CCSK (Certificate of Cloud Security Knowledge) certification program (v5).

To ensure the security of cloud computing environments, it is essential to enrich the cloud security checklist for cloud service customers (CSCs). This will help CSCs implement robust security measures and mitigate the risks associated with cloud adoption.

To keep pace with the shift towards cloud computing, security defense platforms need to evolve into a hybrid model that covers both cloud and on-premises environments. Dr. Kang Meng Chow will be introducing a logging strategy for this hybrid network environment during an upcoming in-person event.

After more than 5 years of virtual-only events, the Cloud Security Alliance Hong Kong & Macau Chapter is excited to organize a physical event at the AWS Office, located at 20/F, Tower 535, 535 Jaffe Road, Hong Kong. . This event will provide a valuable opportunity for industry professionals to connect, collaborate, and stay abreast of the latest developments in cloud security.

DETAILS:

DATE: June 6, 2024 (Thursday)

TIME: 7:00 – 8:30 pm

VENUE: 20/F, Tower 535, 535 Jaffe Road, Hong Kong. AWS Office.

TOPIC: Pull up your SOC – thoughts on logging strategy in a heterogeneous network environment 

LANGUAGE: English
SPEAKER: Dr. KANG Meng Chow, Director of Averitus Pte, Ltd.

THE SPEAKER:

Meng-Chow is a practicing professional for over 30 years in various cyber security roles across different industries, including the Singapore government, major multi-national financial institutions, and global security and technology providers including Amazon Web Services (AWS), Cisco and Microsoft.

He  has held various standards chair and co-chair positions in Singapore, ISO, and ITU-T, and founded the RAISE Forum in 2004. He was Board Director for ISC2 in 2015-2017.

He published a book, “Responsive Security” in 2013, and has been an Adjunct Associate Professor with NTU, a member of MAS CSAP, and a Govtech Smart Nation Fellow.

ABSTRACT:

This talk discusses the challenges and best practices for developing an effective logging strategy within a security operations center (SOC) managing a heterogeneous network including cloud and on premises infrastructures.

The presentation outlines key logging strategy objectives, including comprehensive incident data, data-driven decision making, and regulatory compliance. It also explores unique obstacles in heterogeneous environments, such as disparate log formats, and centralized management difficulties, and suggests several options for discussion and considerations for designing an effective logging strategy to meet the challenges of complex, heterogeneous networks.

Extended Fireside Chat

CSA HKM Knowledge Sharing Event – June 2024 (Extension)

REGISTRATION: https://csahkmkse2406.eventbrite.hk/

CSA HKM supports the Cyber Security Staff Awareness Recognition Scheme

The Hong Kong Internet Registration Corporation Limited and ISACA China Hong Kong Chapter co-organise the first-ever cyber security staff awareness related organisation recognition scheme in Hong Kong – the “Cyber Security Staff Awareness Recognition Scheme”. The scheme currently open for application until August 31, 2024.

Cloud Security Alliance Hong Kong & Macau Chapter is a supporter of the scheme.

Assessment criteria include:

– Cyber Security Training
– Phishing Drill Participation
– Comprehensive Cyber Security Policy
– Reporting Channels for Cyber Security Issues
– Dissemination of Cyber Security Information

The organisers also provide free resources and assistance to help businesses and organisations achieve a higher level of recognition, thereby fostering cybersecurity protection within their entities and ultimately benefiting entire business environment.

Please visit the scheme website for details: https://cyberhub.hk/#/en/recognition-scheme

CSA HKM supports the 9th Cloud Forum

The Cloud Forum, the 9th in the popular series, is back delivering updated and inspiring news, technology and practices in the cloud and business community. With the advent of GenAI and its omnipotent influence, the cloud is undergoing significant changes in all levels to accommodate, to take advantage of and to protect its integrity from this influence.

At this event, we are examining the business impacts GenAI has induced, the strategies cloud practitioners should employ to navigate the cloudscape, as well as the responsibilities of leaders who must keep the business’ integrity intact. On the individual level, how should we humans collaborate with GenAI? Will it be our greatest friend or our worst foe? Above all, there are the networking opportunities at the Cloud Forum, an integral part of all our events, that create new and  consolidate existing relationships. These relationship building is one of the core drivers for the continued success and growth in the industry

Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organisation of the event.

Date: June 13, 2024 (Thursday) 
Time: 8:30am – 17:30pm
Venue: Hong Kong Convention and Exhibition Centre
Website: https://www.cloudforum.hk

CSA HKM supports the 2024 Hong Kong Cloud & Datacenter Convention

As one of the most developed data center and cloud computing markets in Asia, Hong Kong is very likely to witness the growth of data center investment. The region has also witnessed the deployment of 5G technology, which may increase the number of interconnected devices in China. Mainland China’s demand for cross-border overseas business is also stimulating the growth of cloud computing service industries such as Hong Kong cloud servers. Hong Kong companies have a high level of service awareness and are more willing to adopt the latest industry trends, such as virtualization and cloud computing. Virtualization has become the key to data center consolidation, which can compress more virtual machines into physical servers and significantly increase server utilization.

Diving deep into these transformative trends, exploring the latest in hypergrowth and investment, securing the connected enterprise, and the role of AI, automation, and the intelligent edge. The 2024 Hong Kong Cloud & Datacenter Convention help industry leaders and experts navigate the challenges and opportunities in the evolving landscape of cloud and data centers, with a focus on building trust and resilience in the age of AI, unlocking the power of 5G and edge computing, and shaping the future workforce.

Cloud Security Alliance Hong Kong & Macau Chapter is a supporting organisation of the event.  Details of the event are:

DATE: April 18, 2024 (Thursday)
TIME: 9:00 am – 5:00 pm
VENUE: Kowloon Shangri-La, 64 Mody Road, Tsimshatsui
DETAILS: https://clouddatacenter.events/events/hong-kong-cloud-datacenter-convention-2024/

CSA HKM Supports Tram Body Design Contest

To prevent the general public from falling into online traps, and strengthen city-wide defence against cyberattacks, the Office of the Government Chief Information Officer (OGCIO), the Hong Kong Police Force (HKPF) and the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) have jointly organised a Tram Body Design Contest “Together, We Create a Safe Cyberworld” to arouse public awareness of cybersecurity. The Contest is now open for application!

Cloud Security Alliance Hong Kong & Macau Chapter is a Supporting Organisation of this contest.

Details of the Contest are shown below:

CATEGORIES: Primary School, Secondary School, Open
CHARGE: Free
DETAILS: https://www.hkcert.org/event/build-a-secure-cyberspace-2024-together-we-create-a-safe-cyberworld-tram-body-design-contest
SUBMISSION: Submission by Post or in Person / Online Submission
DEADLINE: April 15, 2024