Cyber security is essential to any organisation, yet many are still struggling with establishing an effective cyber security protection model to protect their critical and sensitive assets. Migration to cloud and working from anywhere are adding more complexity and uncertainty.
Is there a standard cyber security model organisations can take reference to? How can the model be implemented in a pragmatic way to balance security protection versus business agility?
The answers are all in this workshop!
Security Frameworks Covered
NIST has published a cyber security framework (CSF) a few years back. It consists of 5 functions and 23 categories. It is now regarded as a matured framework which can be adopted and implemented by different types of organisations in order to build a sound cyber security protection framework.
CSA has also published a cloud control matrix (CCM) which describes a set of control objectives to governance secured usage and implementation of cloud services. It consists of 16 control domains with over hundreds of detailed control specifications.
This training will explain in detail what CSF & CCM frameworks are and how they can be applied to protect an organisation’s critical assets and cloud usage. Practical examples will be shared to illustrate the best practices and tips of adopting these two frameworks.
After the training, the audience will acquire deeper knowledge about NIST CSF and CSA CCM and the practical side of applying these frameworks to implement cyber security and cloud protection.
The training will be classroom based led by instructors who will teach the content based on slides with practical experience sharing. The outline of the training is as follows:
- Evolution of Cybersecurity
- Different Standards and Frameworks
- NIST Cyber Security Framework
– What is CSF
– CSF functions and categories
– Detailed walkthrough of each of the subcategories or control sets
- CSA Cloud Control Matrix
– What is CSA CCM
– 16 control domains
– Detailed walkthrough of each of the control specifications
- Examples of Framework Implementation
- Practical Implementation Guidelines and Tips
- What Other Frameworks and Standards Are Expected to Come
Individual who are interested in cloud deployment and familiar with network architecture and management, such as:
- System Integrators
- System Administrators / Engineers / Analysts
- Technical Engineers / Managers
- Information Security Analysts / Managers
18 May 2021 (Tue)
09:30 – 17:00 (Total 6.5 hours)
Medium of Instruction
Cantonese with English terminology
Early bird price on or before 19 Apr 2021
Non-member: HK$3,300 per person
Member of Organiser / Supporting Organisation: HK$3,200 per person
Non-member: HK$3,400 per person
Member of Organiser / Supporting Organisation: HK$3,300 per person
Mr Henry NG
Principal Consultant, eWalker Consulting (HK) Limited
Henry NG has been an IT and cyber security veteran for 30 years. He has held various senior management positions managing and growing cyber security businesses in the APAC region.
His last position was managing director of Thales Critical Information Systems and Cyber Security business line which he worked for 9 years. While working with Thales, Henry built up the cyber security business from scratch to managing a team of 30 security professionals. He oversaw the regional team to help APAC customers to address cybers security issues by protecting against cyber security threats and managing IT security risks. Projects include conducting cyber security maturity assessment, strategy studies, security assessment and audit, PCI and other regularly security engagements, penetration testing and ethnical hacking. Customers came from different industries and sectors including banking and finance, insurance, telecommunications, transportation and utilities, manufacturing and higher education institutes. Prior to joining Thales, Henry also held senior positions at Verizon Business and HP consulting security practice team.
Henry was appointed as the adjunct professor for University Malaysia of Computer Science and Engineering, and served in a different cyber security professional bodies including the director of CSA Hong Kong and Macau Chapter and member of the Hong Kong Expert Group on Cloud Security and Privacy. He has been invited frequently as speakers and panelists in many cyber security and risk seminars in the region. He also teaches IT security courses and helps promote security awareness to the local community by speaking in schools and the public.
Henry is a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and a certified Information Systems Security Architecture Professional (ISSAP). He holds a Bachelor degree in Computer Engineering from University of Michigan, Ann Arbor, USA.
Certificate of Training
Participants who have attained at least 75% attendance of lecture will be awarded a Training Attendance Certificate.