Chairperson: Mr. Frank Chow Vice-Chairperson: Mr. Frankie Wong (External Affairs) Vice-Chairperson: Mr. Thomas Kung (Internal Affairs) Vice-Chairperson: Mr. Otto Lee (Membership & Constitution) Hon. Secretary & Treasurer: Mr. Frankie Leung Program Director: Mr. Andy Ho Program Director: Mr. Mike Lo
(ISC)2 HK Chapter Executive Committee
President: Frank Chow * Secretary: Frankie Leung * Treasurer: Eric Moy Membership Chair: Otto Lee * Professional Development: Martin Chan Program Director: Andy Ho Program Director: Mike Lo Liaison: Thomas Kung * * Automatically transferred from PISA Exco
Honorary Advisors
Mr. Chester Soong Mr. Wilson Yuen Mr. Andrew Law
Joint AGMs 2020 and Committee Elections - Rescheduled to Sep 26 (Sat) afternoon
Dear PISA and (ISC)2 HK Chapter members,
The PISA Executive Committee has discussed and decided to reschedule the joint AGMs 2020 and Committee Elections to next Saturday, September 26.
This leaves more time for the election committee to fine tune the on-line voting system to allow a fair and smooth election. Eventbrite register link (bit.ly/pisa200926) is ready on our PISA website.
For your information, we will have 4 nominated candidates for PISA Exco (3 vacancies) and 5 nominated candidates for ISC2 HK Chapter Exco (4 vacancies). For detail, please refer to the PISAM distribution email.
The candidates will be given time slots to share with members about themselves during the election.
Date: 29 Sep 2020 (Tue) Time: 8:30pm – 9:30pm Venue: Webinar – Participant shall prepare his/her own electronic device (e.g. Desktop, Notebook or Mobile, etc.) with Internet access. Speaker: Mr. Mike Lo (Director, Cyber Security Services, wizlynx group) Language: Cantonese Fee: Free (Pre-registration is required.) Register: https://bit.ly/pisa200929
Highlight: – What is CBEST/CREST? – CREST Certification Sharing (Worldwide Statistics) – What is the core update about iCAST in C-RAF 2.0? – The future development of CBEST/CREST with Regulators – What is the benefit to be part of the CREST Family? How is this going to help your personal and company development?
Speaker Profile: Mike has been working in the IS/IT sectors for over 15 years. He actively involves in Cyber Security and Risk Management projects and researches, which include HKMA C-RAF Compliance Practice, Security Assessment on Web and Mobile Applications, Secure Source Code Review, Enterprise Security Maturity Gap Analysis, Global Systems Security Role Review, and Ransomware Incident Handling for AP regions, especially in HK and Taiwan. Mike had stationed at Taiwan and Geneva as a Security Consultant delivering Information Security assessment services to government sectors, public utilities, and banks. Mike is currently working for a Swiss-based CREST certified security assessment company helping Hong Kong, Macau, Taiwan regions business development and Alliance partnership, he also supports CREST Asia to promote the CREST standard in HK and Taiwan. For more: https://hk.linkedin.com/in/hkmikelo
The Webinar is conducted in Cantonese with English Presentation Material. Please install Zoom software/app for your PC, Mobile or Tablet. For the Meeting ID and Passcode, it will be sent via the event reminder one day before the event. Please send message via m.me/pisahkg.
Agenda: 2:00 pm to 2:30 pm : Online Admission and Networking 2:30 pm to 4:30 pm : PISA/(ISC)2 Joint AGMs & Exco Elections
Please join the meeting on time 2:00pm for earlier admission (to verify your membership). The AGMs will start sharply at 2:30pm.
You are recommended to join Zoom Meeting using a Desktop version. Please be informed that the Exco elections will be conducted on the webpage. Switching between Zoom Meeting and Browser is required. Please prepare the machine well for the above requirement.
NOTE: Only valid members can join the AGM. No “membership renewal” will be processed on the AGM date. (i.e. Please complete renewal on or before 25-SEP, if your membership is expired.)
For any question, please send an email to info@pisa.org.hk / send a message via m.me/pisahkg to seek our support, thanks.
Highlight: 1) How Hacker make the damage ? – Understand MITRE ATT&CK, why it is important to Cybersecurity Training – Where is the skill gap? 2) Leverage NICE framework as guideline of training objectives – Cyberbit Cloud Range Platform 3) Architecture – Differences between Legacy Training and Range-based Training? – Doing Drill Test on Cybersecurity Scenario
Date: 28 Aug 2020 (Fri) / 11 Sep 2020 (Fri) Time: 8:45am – 1:15pm Venue: Virtual Language: English Fee: Complimentary registration is only applicable to first 400 Senior Executives from end user side. A fee of USD850 would be charged otherwise. Register: https://www.mighkevents.com/infosec2020
Highlight: Carrying the theme of “Redefining Cyber Security in The Age of Insecurity”, the 12th Annual InfoSecurity Summit 2020, as the industry’s most important annual meeting for Information Security leaders and professionals, will bring together a galaxy of influential and disruptive Cyber Security Experts and thought leaders to share the latest information security trends and emerging technologies to thwart cyber attacks. Specially designed for Information Security Decision Makers & Professionals Across All Industries, this summit will unveil effective approaches to defense and lay out a roadmap for enterprise to prepare for tomorrow’s New Forms of Attack.
Date: 10 Aug 2020 (Mon) Time: 8:30pm – 9:30pm Venue: Webinar – Participant shall prepare his/her own electronic device (e.g. Desktop, Notebook or Mobile, etc.) with Internet access. Speaker: Mr. Chris Yau (CISA, CISM, CDPSE) Language: Cantonese Fee: Free (Pre-registration is required.) Register: https://bit.ly/pisa200810
Highlight: – Data privacy is more than just information security – A brief introduction to ISO/IEC 27701 – The relationship between ISO/IEC 27701 and GDPR (and other privacy regulations) – Establishing a Privacy Information Management System
Speaker Profile: Chris is currently the Deputy Director of Products and Services Development at the Certifications and Business Enhancement Division of SGS Hong Kong Limited, responsible for business development and execution of ICT related assessments. He has over 20 years of supply chain security-related audit and teaching experience in both manufacturing and IT sectors, cargo and freight security, covering over 1200 man-days of audits and over 300 companies. He is a qualified lead auditor in ISO 9001, ISO 14001, ISO/IEC 27001, ISO/IEC 20000, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701, CSA-STAR, EuroCloud-Star, and ISO 28000. Recently, his focus is on data privacy assessment against GDPR and ISO/IEC 27701.
The Webinar is conducted in Cantonese with English Presentation Material. Please install Zoom software/app for your PC, Mobile or Tablet. For the Meeting ID and Passcode, it will be sent by a separated email after the registration.
Highlight: Is Virtual Bank one of the services you would like to try? But is that secure enough? How to use that securely? This month we invited Captain (Rtd) Samuel NG of Welab Bank to give an interesting and technical topic on “Secure your virtual banking on the Cloud”.
Exciting times for Hong Kong in the realm of Fintech. With 8 bold challengers given the honor of virtual bank licenses, innovative digital banking services are coming real soon and definitely here to stay in the pearl of oriental. Virtual banks are expected to bring new dynamics to the traditional bricks-and-mortar banking sector and enable the city to align with the world’s market in Fintech development.
Upcoming debut of Virtual Banking services packaged with innovative and creativity by riding the cloud computing to the bank of the future, this excitement, however, leads to a higher controversially dynamic cybersecurity risks. VBs offering data-centric banking services with operations heavily rely on the cloud & internet are vulnerable to malicious attacks with various intentions.
Arguably virtual banks come with less physical and legacy trails offers better security, a new sets of challenges arise in cloud security. Fuel with “Go Big or Go Home” and “Do 10x better” mindset, Welab Bank’s Cybersecurity Team always walk the extra mile out of the comfort zone enforcing trust and security while deliver customer-centric services, aiming high to be the winner in Fintech Era.
Highlight: In the ever-changing world of the cloud computing, you will face unique security challenges every day – from new threats, sensitive data to unskilled internal team members. Take command of the Certified Cloud Security Professional (CCSP®), the premier cloud security certification, in order to address these challenges. The CCSP is a global credential representing the highest standard of cloud security expertise. It was co-established by (ISC)² and Cloud Security Alliance – the leading stewards for information security and cloud computing security.
Highlight: Prove you have what it takes to protect your organisation from malicious hackers and threats with the Certified Information Systems Security Professional (CISSP®) certification. Demonstrate your knowledge, advance your career and become a member of a 130,000-strong community of cybersecurity leaders setting the bar for professionals across the information security workforce.
Date: 12 May 2020 (Tue) Time: 8:30pm – 9:30pm Venue: Webinar – Participant shall prepare his/her own electronic device (e.g. Desktop, Notebook or Mobile, etc.) with Internet access. Speaker: Mr. Mike Lo (CCSK, CISSP, CISA, CISM, PMP, Certified SAP Consultant, MCSE) Language: Cantonese Fee: Free (Pre-registration is required.) Register: https://bit.ly/pisa200512
Highlight: As an IT professional, how do you deal with the pandemic situation while you are Work-From-Home (WFH)? Have you tried using Video Conference?
The coronavirus pandemic situation hasn’t yet under controlled in recent weeks, video conferencing tools are more frequently used to communicate with your peers and clients, as a good security practice, have you ever evaluated the security level of video conferencing tools that are being used? Are there any default settings that are vulnerable and easily exploited by the attacker? Any possibility that your sensitive meeting conversation leaks owing to the misconfiguration or poor setup.
PISA has the honor to have Mike Lo share with our members, via Webinar, his invaluable advice for using Video Conferencing Tools as an IT professional during the pandemic situation.
During the webinar, Mike will talk about the security tips for using Video Conferencing (VC) tools, there is a number of suggested rules and best practices stated in the material, as well as screen capture of different VC tools’ setting, these settings are also mentioned in the latest Securities and Futures Commission (SFC) Work-From-Home Guideline released on Apr 29th, 2020.
The Webinar is conducted in Cantonese with English Presentation Material. Please install Zoom software/app for your PC, Mobile or Tablet. For the Meeting ID and Passcode, it will be sent by a separated email after the registration.
BIO Data of Mike Mike is currently working for a Swiss-based CREST Certified Cyber Security Assessment company “wizlynx group” with the role of “Director, Cyber Security Services” looking after Hong Kong and Taiwan Markets, he is also the Program Director of PISA, Founder and Chairman of HK CTF Association, Convener of Car Hacking Village HK, frequent SSO Trainer for ISC2 HK Chapter and Founder of HITCONxCHANGE.
Mike holds professional qualifications such as CCSK, IPv6 Sage, CISSP, CISA, CISM, PMP, SAP Certified Consultant, MCSE, and MCNE.
Date: 8 May 2020 (Fri) Time: 2:30pm – 5:30pm Venue: Webinar – Participant shall prepare his/her own electronic device (e.g. Desktop, Notebook or Mobile, etc.) with Internet access. Language: Cantonese Fee: Free (Pre-registration is required.) Register: https://www.hkcert.org/my_url/en/event/20050801
Highlight: This seminar is jointly organized by the Hong Kong Computer Emergency Response Team Coordination Centre, the Office of the Government Chief Information Officer and the Hong Kong Police Force. In order to prevent the spread of coronavirus, organisations including government, enterprises and schools, ramp up remote working and e-learning. While remote working and e-learning may bring you much convenience, you should stay vigilant to prevent the risk of personal data leakage and cyber attacks by malicious attackers. The webinar will invite information security experts to share their experiences on this subject.
Date: 6 Apr 2020 (Mon) Time: 8:30pm – 9:30pm Venue: Webinar by Zoom. Participant shall prepare his/her own electronic device (e.g. Desktop, Notebook or Mobile, etc.) with Internet access. Speaker: Mr. Young Wo Sang (CISSP CISA CEI ECSA CHFI CIFI CEH ITIL(v3)F ISO/IEC 20000 Auditor) Language: Cantonese Fee: Free (Pre-registration is required.) Register: https://bit.ly/pisa200406
Highlight: Perhaps the most popular global topic nowadays is COVID-19…. You may have learned from TV News that one of our PISA veterans, Mr. Young Wo Sang, who was forced to stay in the cruise ship in Japan for few weeks due to other COVIN-19 infected passengers. Even returned to HK, Sang and other passengers were also required to stay in the quarantine camp for two weeks…. Started with a happy cruise trip with family but turned out with an unexpected quarantine camping, it was not an enjoyable experience. However, something’s lost but something’s gained. It gives Sang new idea on how to face with unexpected situation, continue with his connections with other people or even work remotely in the ship. PISA has the honor to have Sang to share with our members, via Webinar, his invaluable experiences and challenges as a traveler and an IT professional during such unexpected adverse situation.
BIO Data of Sang Mr. Young Wo Sang is an information security specialist with expertise in information security consultation and training. He is one of the Elected Members of the Information Technology Subsector, Election Committee of HKSAR Government receiving a high vote among all candidates in the 2006 & 2011 election. In 2008, he was elected as a Director, Hong Kong Internet Registration Corporation Limited, serviced till 2016.
Education Background Higher Diploma in Computer Engineering (CityU) Professional Qualifications CISSP, CCSP, CISA, CWSP, CWNA, CIFI Industry or Public Services Convener, Information Security and Privacy Working Group, Internet Society Hong Kong
(ISC)² offers several events throughout the year for information security professionals to advance their knowledge of emerging and current information security issues. These events are available online or in-person. Visit https://www.isc2.org/events to learn more!
The (ISC)² Think Tank is a 60-minute roundtable webinar where influential security experts present and debate on a range of thought-leadership topics surrounding today’s most pressing security challenges and take a deeper look at how they relate to a particular industry or region.
Below is a searchable library of recorded (ISC)² Think Tanks on a variety of hot topics within information security. To view the webinar, click on the PLAY button and you will receive instructions on how to activate the player.
