Post Lockdown: There’s much work to do
In the era of the coronavirus pandemic, digital transformation and cloud security are the chart-topping topics enterprises want to know more about. The results are unsurprising to an extent, given how many companies have accelerated their digital transformation projects and migration to the cloud, while the pandemic continues to wield debilitating influence over workplace collaboration, productivity, and the bottom line across many industries.
This one-day program organised by CSA APAC will provide insight and provide a perspective on critical strategic cloud and cybersecurity concerns. Join the leading experts with domain proficiency and expertise to discuss the key issues and trends facing cloud security and cybersecurity today at this virtual Summit on 30 June 2021.
The event is free to attend. To register for the sessions, log in using your BrightTalk account. If you do not have an existing account, please sign up here https://www.brighttalk.com/login/. Once the account is created visit https://www.csaapac.org/csamalaysiavirtualsummit2021.html and register for sessions you would want to attend under the 'schedule' tab.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
This one-day program organised by CSA APAC will provide insight and provide a perspective on critical strategic cloud and cybersecurity concerns. Join the leading experts with domain proficiency and expertise to discuss the key issues and trends facing cloud security and cybersecurity today at this virtual Summit on 30 June 2021.
The event is free to attend. To register for the sessions, log in using your BrightTalk account. If you do not have an existing account, please sign up here https://www.brighttalk.com/login/. Once the account is created visit https://www.csaapac.org/csamalaysiavirtualsummit2021.html and register for sessions you would want to attend under the 'schedule' tab.
Earn CPE Credits: To download your viewing certificate, navigate to the “Viewing History” section of your BrightTALK Account. You can find more information about this here: https://support.brighttalk.com/hc/en-us/articles/204280700-Can-I-have-a-list-of-all-the-webinars-I-ve-attended-
Organized by
Supporting Organizations
|
|
|
Speakers & Panelists
Aiza Azreen AHMAD
CDBO, Digital Adoption Ecosystem, MDEC
|
Aiza Azreen Ahmad is Malaysia Digital Economy Corporation (MDEC’s) Chief Digital Business Officer (CDBO) and brings well over 20 years’ worth of experience and expertise, to further strengthen MDEC’s resolve in leading Malaysia’s digital economy forward.
She will oversee and steer the Digital Adoption Ecosystem in E-Commerce, Business Digital Adoption, Data Ecosystem Development and Digital Infrastructure. Aiza will also lead external innovation opportunities to expand commercial strategies and build corporate business and innovations for MDEC. |
Madhav CHABLANI
Co-Chair, Data Sovereignty WG & CIO, TippingEdge Consulting
|
He engages in consulting assignments, developing, managing and advising global enterprise clients to succeed on IT Governance, Strategy, Enterprise IT Performance, Risk Management, Compliance & Sustainability, Audits and Assurance, Strategic IT Outsourcing, Distilling Digital Strategies and Transformation in enterprises, Cyber Security & Privacy, Cloud Strategy, Migration, Governance and Security, in Organizational Change Management programs & Transformations initiatives, enriched outsourced delivery capabilities, Practice-level competency requirements, build and delivered Center of Competence for Technology Solutions, Enterprise Information Architectures & Integration, that minimizes risks in an enterprise and align in creating business value.
He is passionate, Innovative, being customer focused & committed for value delivery, a professional with over 30+ years of proven success, has worked in past with Big 4 Consulting firm as Partner (Advisory) - Protiviti, HP Consulting, NIIT Technologies, Agilent, Xansa (now Sopra Steria), PCS and WIPRO on both domestic and global offshore projects and consulting assignments. These include mentoring start-ups in APAC for product development/innovation, service delivery, business development, client relationship & P&L management – Fintech, Healthtech, Cloud Security and Smart Cities initiatives. He orchestrates with governments, industry and academia for building advocacy and thought alignment, for communities - CSA, CCICI, ISACA and IAMI. He is involved in Smart City ICT Standardization in India, ITU-T & NIST (Cyber Physical Systems). He has also been, involved in initiatives of "Thought Leadership" for technology strategies, investments and M&A, focused on building and enriching "business value" and "keeping stride in remaining competitive". He is engaged in working groups for thought aggregation and building knowledge components which could be adopted in Chairman of NCR Chapter | WG member of : Application Containers & Secure Microservices Architecture | Serverless Security | Cloud Control Matrix 4.0 | IOT4Healthcare – Connected Healthcare – Designing Secure IoT Devices | Enterprise Architecture | Blockchain and Distributed Ledger | Mobile Application Security Testing | Converged Vehicles Framework | SecaaS | TEC (DEITY) – m2m – Smart Cities Advisory | MEITY – Cloud Consultations; Governing Council Member – CCICI (Cloud Computing Innovation Council of India ) | an IEEE incubation initiative (WG : Interoperability | e-Gov Reference architecture | Framework for Multi-vendor Cloud Services | IOT4Smart Cities – Security Architecture| TRAI Cloud Computing Consultation | Cloud Management Office (MEITY). |
FONG Choong Fook
Director, LE Global Services, Malaysia
|
FONG Choong Fook is a 20-year veteran in the specialised and highly-demanding arena of information security. He was the 1s t Malaysian certified by International Register of Certificated Auditors (IRCA) as ISO 27001:2005 Provisional Auditor, and also the first batch of Malaysian who obtained CISSP international certifications. In addition, he was appointed by ISC2 to administer and proctor the CISSP/SSCP examinations in Malaysian and other Southeast Asian countries since 2004 and Co-Founded ISC2 Malaysia Chapter Board Member of CREST Malaysia Chapter Member of Vistage Malaysia. Fong had recently won the IDG – 2013 ASEAN Chief Security Officer (CSO) Of The Year award as well as the Cyber Security Malaysia – 2016 Cyber Security Professional Of The Year award. When it comes to the topics about Cyber Security, Fong is sought-after international speaker known for the enthusiasm, humor, dedication and passion with experience, and coverage in national television programs, magazines, radio broadcasts, conferences and webinars. He has also consulted with, and trained multiple government and multinational clients in the Asia Pacific, Eastern Europe and Africa regions on information system security, enterprise risk matrix design, policy review, policy implementation assurance, penetration testing, technical configuration evaluation, security procedures and disaster recovery/business continuity planning. Fong has strong working relationships with various law enforcement agencies worldwide, as a trusted figure in the information security arena; he is also the distinguished guest speaker for The Federal Bureau of Investigation (FBI) INFRAGARD event, Polis Diraja Malaysia (PDRM) Info Security trainings and various industry associations, governments and law enforcement agencies on Cyber Security Topics. Fong is the author of the “ Certified Lead Forensic Examiner ” (CLFE) courseware for Professional Evaluation and Certification Board (PECB www.pecb.org, USA). The CLFE course is currently distributed worldwide by PECB in training information technology professionals in conducting computer crime investigations and digital forensic. Fong also has had experience to be called as an Expert Witness to study, assess, evaluate and testify in the court of law.
|
Ferdinand FONG
Chair, Protem Committee, CSA Sarawak Chapter
|
Ferdinand is a certified instructor for Certificate of Cloud Security Knowledge (CCSK) and holds a Bachelor of Science degree (Physics) from the University of Auckland.
He started his career in the Flexible Printed Circuit industry in California. Later he moved back to South East Asia and headed the Business Development for a Flexible Printed Circuit and Assembly company based in Shanghai, Suzhou and later in Singapore. He brings with him 20 years of global experience in Engineering, Manufacturing, Project Management and Global Business Development. Leveraging on his experience, he made a move to the Fintech industry in 2019, managing the migration of payment platform for a client in Hong Kong. |
Stephanie King-Chung HUNG
Senior Vice President
Cloud Business, Mission Software and Services, Digital Systems, ST Engineering |
Stephanie is an innovative and dynamic leader. She has over many (30) years of working experience in Technology sector at IBM, HP, Microsoft, start-ups and ST Engineering servicing clients from airlines and airports, banking and financial services institutions, to manufacturing and consumer packaged goods industry, defence, education, healthcare, government and critical infrastructure sectors accumulated many years industry knowledge in the business and IT transformation journey. She has been business advisor in providing business and technology consultancy to companies and start-ups in striving for the digital transformation, innovation, industrial internet, connectivity, and sustainability.
Stephanie leads the Cloud Business at ST Engineering, responsible to build the organization capabilities and provide cloud adoption and transformation services to our customers in the new digital 5.0 with the use of cloud & edge computing, analytics & A.I. and lean & agile approach. She joined ST Engineering (Electronics) in early 2018 to lead the Singapore Business driving strategic customers engagement and experience, develop organizational capabilities in design thinking, lean and agile methods to envisioning the future use of technology and co-create innovative ideas, and strengthen strategic alliances in the digitalization and business transformation. She is also the Chairperson for Women@STEngineering council committee. She was selected as SG 100 IT Women in 2020. She also championed cross companies MentorConnect Program in 2019-2021. She is a member of The Cloud Security Alliance APAC Research Advisory Council (APRAC). She is also council member of the Chinese University of Hong Kong Vice-Chancellor’s Global Alumni Advisory Board (GAAB) (2021-2022). She served as a member of the Media Literacy Council (2016-2018) under the Ministry of Communications and Information, Singapore to develop public awareness and education on cyber wellness, and advise trends and development pertaining to the Internet and media. She was among the early batch of certified Client Executives that completed IBM Cohort Client Executive Certification program at Harvard Business School, Boston USA. She led the Global Client Management Practice development in HP. She designed and conducts Insight Selling and Envisioning & Co-creation workshops at ST Engineering. She developed her passion for coaching and advocates as a coach for others in excelling in client relationship and business management. She holds a Master Degree in Business Administration with High Honors from the University of Chicago Booth School of Business. She is esteemed with the Amy and Richard Wallman Scholar at the Chicago Booth School of Business. She holds a Bachelor Degree in Business Administration from the Chinese University of Hong Kong. She is fluent in both English and Chinese (Mandarin and Cantonese). |
Dr. Hing-Yan LEE
EVP APAC, CSA
|
Hing Yan LEE is Executive Vice President, APAC at the Cloud Security Alliance (CSA). He has over 30 years of ICT working experience in both the public and private sectors. He was global director of the CSA STAR program for 6 months in 2017. Prior to that, he was Director of National Cloud Computing Office at the Infocomm Development Authority (IDA) for 9+ years, where he was responsible for the national program for, inter alia, developing the cloud ecosystem, promoting cloud adoption by government agencies and private enterprises, and building a trusted environment (which included developing the Multi-Tier Cloud Security (MTCS) standards and Cloud Outage Incident Response guidelines).
He was previously Deputy Director of National Grid Office at the Agency for Science, Technology & Research (A*STAR), Principal Scientist at the Institute for Infocomm Research, Director of Knowledge Lab and Deputy Director of Japan-Singapore Artificial Intelligence Centre at the Kent Ridge Digital Labs as well as Deputy Director at Information Technology Institute (the applied R&D arm of the National Computer Board). He oversaw and managed industry collaborations and applied R&D in machine language translation, spoken language dialogue, expert systems, knowledge discovery, data mining, data visualization, and other knowledge-driven efforts. Hing Yan co-founded two high-tech companies in 2000 and is a technology advisor to a fintech start-up. He was an adjunct associate professor at the National University of Singapore, served on the School of Digital Media & Infocomm Technology Advisory Committee at the Singapore Polytechnic, Engineering Accreditation Board team member (2014), co-chair of the National Infocomm Competency Framework Technical Committee on Cloud Computing as well as a member of the Cloud Computing Standards Coordinating Task Force of the Singapore Infocomm Standards Committee (ITSC). He was also a member of the NatSteel Corporate R&D Advisory Panel, an advisor/member to the Singapore National Archives Board, and the Australia-Singapore Joint ICT Council. Hing Yan is a Fellow and former VP of the Cloud Chapter in Singapore Computer Society. He is active in the ITSC working group on MTCS revision, and SingAREN Lightwave Internet Exchange (SLIX 2.0) Steering Committee. He has also undertaken consultancy and research reviews for the governments of Finland, Israel, Malaysia and Singapore as well as cloud service providers. He graduated from the University of Illinois at Urbana-Champaign with PhD and MS degrees in Computer Science. He previously studied at Imperial College London in the UK where he obtained a BSc (Eng.) with 1st Class Honours in Computing and MSc in Management Science. |
Victor LO
Head of Cyber Security, Malaysia Digital Economy Corporation (MDEC)
|
Victor Lo is an experienced professional more than (20) years of information security and risk consulting experience in both enterprise information security solution and specialize on Cyber Threat Intelligence Framework.
Over the years, he has served businesses Across the region of the Asia South countries such as India, Turkey, Thailand, Vietnam, Philippines, Indonesia, Malaysia, and Singapore. Experience dealing with vertical industry primarily in South East Asia market and including Fortune 500 companies. Victor currently attach with MDEC heading the Cyber Security industry development. His key role will be driving Cyber Security as Catalyst for Digital Economy and promote collaboration among Cyber security industry Partner and innovation for cyber security ecosystem. |
Ian LOE
CTO, NE Digital
|
Ian has more than 20 years of experience in the IT industry with wide industry experience spanning public sector to financial services. He has deep knowledge in both infrastructure and application security with deep expertise in governance and security technologies. Today Ian is the SVP of Cybersecurity in a large conglomerate and responsible for the management of cybersecurity in the group. He has held other senior appointments such as Director, Government Cybersecurity Operations and was responsible for managing cybersecurity operations for the whole of government in Singapore, which includes the monitoring of and response to cybersecurity incidents.
|
Ekta MISHRA
Country Manager, India, CSA
|
Ekta has been with CSA for over six years. As APAC Membership Director, she is responsible for customer relations with APAC corporate members, assuring that members understand and utilize their membership benefits. As India Country Manager, she is responsible for managing CSA’s business within India. She also looks after the engagement with members, partners, chapters and other strategic alliances in country. She strengthens CSA influence and presence in APAC through managing over 30 Chapters in the region primarily focusing on providing the various support system and tools for strengthing the Chapters engagement. Ekta also manages the CCSK Training in the APAC region and has been actively leading various regional events in India.
Ekta has completed her MBA in marketing from S.P Jain School of Global Management- Singapore and Dubai. |
Ts. Saiful Bakhtiar OSMAN
Head of IT, APAC, ASCENT Fund Services
|
Being ranked as one of Top 50 Chief Information Officer (CIO50) for ASEAN in 2019 by the International Data Group (IDG), he brings with him a solid 20 years of experience in diverse industries such as Fund Management, Oil & Gas, Financial Institution and Regulatory Body.
He currently serves as the Head of IT, APAC, ASCENT Fund Services. He is also a registered Professional Technologist (Ts.) under the Malaysian Act 768 which is governed by the Malaysian Board of Technologists. As an IT professional with an MBA, he has broad experience in IT Strategy, IT Security, Digital Transformation, Project Management, and IT Infrastructure Operations. He is also certified in Agile Project Management (Scrum Master), PRINCE2 project management, ISACA’s CISM, ITIL Practitioner and Intermediate (v2 & v3), Microsoft’s MCSA, IATA’s Aviation Cyber Security and IBM’s Lotus Notes. |
Jim REAVIS
Co-Founder & CEO, CSA
|
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.
Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as Cloud, Mobility, Internet of Things and how to take advantage of them. Jim founded SecurityPortal, the Internet’s largest website devoted to information security in 1998, and guided it until a successful exit in 2000. Jim has been an advisor on the launch of many industry ventures that have achieved a successful M&A exit or IPO. Jim is widely quoted in the press and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim has a background in networking technologies, marketing, product management and systems integration. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and formerly served on WWU’s alumni board. Jim was recognized as a WWU Distinguished Alumnus in 2015. In 2016, Jim was inducted into the Information Systems Security Association (ISSA) Hall of Fame. |
Narudom ROONGSIRIWONG
Head of Information Security, Thai Union Group PCL & Co-chair, CSA Hybrid Cloud Security WG
|
Narudom Roongsiriwong is a Certified Information Systems Security Professional with more than 20 years of experience. His primary areas of information security are in solution designing, data analytics and application security.
Narudom works for Thai Union Group PCL. His role is to to support the strategic decision-making, system implementations, and the adoption of new processes and procedures improving the security and robustness of Thai Union Group’s infrastructure, IT projects and associated systems. Narudom is a co-chair of CSA Hybrid Cloud Security Working Group, CSA APAC Research Advisory Council Member, consultant to the Open Web Application Security Project (OWASP) Thailand Chapter. He is also on the Security and Risk Committee at Thailand’s National Digital ID. |
Divakaren SIVAGURUNATHAN
BOD, ISACA Malaysia, Chapter
|
Divakaren Sivagurunathan (Diva) has 15 years of experience in IT auditing covering all aspects of application and infrastructure auditing.
He is the Head of Internal Audit for a telecommunications company. He obtained his CISA certification in 2009 and Cybersecurity Audit Certificate recently in 2020. |
Philip
VICTOR Managing Director, Welchman Keen, Malaysia
|
An award-winning cybersecurity advocate with over 26 years in the field of information technology, Philip Victor has served more than a decade in the cybersecurity domain. A recipient of the Senior Information Security Leadership Award from (ISC)2 for outstanding contribution in enhancing public-private partnerships globally, his role includes, spearheading Cyber Risk for Critical Infrastructure practice and engagement with the International Telecommunication Union (ITU) and governments. In his previous role working with the United Nations’ (UN) specialized agency, the International Telecommunication Union (ITU), Philip was instrumental in assisting governments globally in enhancing their cybersecurity posture through various initiatives and projects including National Cybersecurity Strategy, Child Online Protection, National Computer Emergency Response Team, Capacity Building and International Cooperation. He is a regular speaker at numerous international conferences, forums and seminars in cybersecurity and has published articles for publications both locally and internationally. He has also been featured and interviewed in international media as a cybersecurity expert and advocate on global issues. Philip was a former board member of Cloud Security Alliance Malaysia Chapter and currently sits on the Taylor’s University Industry Advisory Panel. He also serves on the Board of Study for the International Business School at University Technology Malaysia.
|
Faisal YAHYA
Chairman, CSA Indonesia Chapter
|
Faisal has two decades of progressive leadership experience in Cyber Security and Enterprise Architecture. Selected as Top 50 CIO in Southeast Asia, according to CIO[dot]com and IBM in 2019. Playing an integral role in spearheading all Integration of IS/IT, Cloud Security, IT Infosec Strategy, Security Technology Roadmaps, Cyber Security Architecture, Incident Response Team, and Red/Blue Teaming (cross functional team leadership). Proven role model, Virtual CISO, and an engineering mentor, including university postgraduate lecturer. Faisal is an official Certified EC-Council and Cloud Security Alliance instructor.
Apart of his role as Cloud Security Alliance Indonesia Chapter leader, Faisal engaged with the Asian IT communities by actively researching, speaking as keynote at public conferences, and advocating for better Cybersecurity. Experience in white paper development, capability briefings, technical presentations to clients and technical writing. He also a contributor for InfoKomputer magazine, APACCIOOutlook, and Peerlyst - an online cybersecurity wiki. He is passionate about applying the latest technology securely and efficiently. |
John YEOH
Global Vice President of Research, CSA
|
John Yeoh is currently working in the capacity of Global Vice President at Cloud Security Alliance (CSA). He has previously held the profiles of Director of Research, Senior Research Analyst and Acting Research Director at the firm. John is also a Technical Advisory Council Member for the Federation Communications Commission. He is an alumnus of the prestigious Massachusetts Institute of Technology (MIT) and University of Washington.
|
Feng ZOU
Director of Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG, CSA
|
Zou Feng (CISSP-ISSAP, CISA) has been working in IT for 20+ years with strong technical background and broad experience in heterogeneous system and multi-culture environment. Starting as Communication Engineer in ICBC, Feng had taken different roles including Support Supervisor, Regional Network Manager, Senior Security Manager in different industry.
His main responsibilities are including designing, engineering, and implementing security technologies, providing security strategic input, design and vision for board and so on. Since 2017, Feng has been working with Huawei Cloud to provide management oversight for the all the aspects of maintain cloud service security and continuously evaluate cloud security capability to cope with the new emerging threat. Feng’s specialty: Cloud Security Design, Operation and Troubleshooting; Develop Information Security Policy, Standard and Procedure; Information Security Audit; Network, Remote Access, Web and Email Security; Security incident Investigation and Forensics and Risk Management. |
Time |
Activity |
Session Link |
9:00 am |
Introduction & Welcome Remarks Dr. Hing-Yan LEE (EVP APAC, CSA) Opening Address Jim REAVIS (Co-Founder & CEO, CSA) |
|
9:45 am |
Keynote : New normal: Accelerating Business Digital Adoption Aiza Azreen AHMAD (CDBO, Digital Adoption Ecosystem, MDEC) Acceleration of digital during new normal by catalysing digital business adoption with greater flexibility, productivity, improving customer experience and staying ahead with more innovative solutions. |
|
10:30 am |
Hybrid Cloud and Its Associated Risks Narudom ROONSIRIWONG (Head of Information Security, Thai Union Group PCL & Co-chair, CSA Hybrid Cloud Security WG) As businesses are developing rapidly, many cloud consumers find that a single public/private cloud or traditional on-premises data center is no longer able to meet service requirements. Organizations are increasingly choosing hybrid cloud environments and services to meet their needs. However, hybrid clouds pose different risks and thus bring on a different set of challenges to security.This presentation will provide the overview of Hybrid Cloud, demonstrate its risks, threats and vulnerabilities, and give examples of Hybrid Cloud use cases. |
|
11:15 am |
Mitigation Measures for Risks, Threats, and Vulnerabilities in Hybrid Cloud Environment Feng ZOU (Director of Cybersecurity Planning and Compliance, Huawei & Co-chair, CSA Hybrid Cloud Security WG) Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its Hybrid Clouds and Its Associated Risks white paper. However, after this review of risks, threats, and vulnerabilities, it’s critical to identify adequate mitigation controls. This presentation will cover countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices. |
|
12:00 pm |
Panel discussion: "Cloud Security in the Age of Hybrid Clouds" Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? Is a hybrid cloud one or two clouds? How does a CSC manage two different clouds under different ownership? And ensure their different security compliance? What are the challenges in using hybrid clouds? MODERATOR: Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter) PANELISTS:
|
|
12:45 pm |
Lunch Break |
- |
1:15 pm |
Modeling Against the Top Threats in Cloud John Yeoh (Global Vice President of Research, CSA) Since 2010, the CSA Top Threats report has revealed major security concerns in cloud computing from top industry professionals. John shares how the report can be used to protect against the latest attacks and high profile breaches of the past year. Leveraging the latest Deep Dive attack model, popular breaches are broken down into the threats, risks, and vulnerabilities that were exposed. Critical mitigations and controls are also shared to make sure your organization is prepared for these types of attacks. |
|
2:00 pm |
Establishing Cloud Audit Expertise Ekta MISHRA (Country Manager, India, CSA) As the cloud becomes increasingly essential to organizational IT strategies, working knowledge of cloud security best practices is crucial. Cloud computing represents a radical departure from legacy IT which means that IT audits must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure. Traditional IT audit education and certification programs are not developed with an understanding of cloud computing and its many nuances. Developed by CSA and ISACA, the Certificate of Cloud Auditing Knowledge (CCAK) credential and training program fills the need for vendor-neutral, technical training and credentials in cloud auditing. Learn how CCAK prepares you to address the unique challenges of auditing the cloud, ensuring the right controls for confidentiality, integrity and accessibility, and mitigating risks and costs of audit management and non-compliance. |
|
2:45 pm |
Auditing the Cloud Divakaren SIVAGURUNATHAN (BOD, ISACA Malaysia, Chapter) 2020 was the year of cloud computing due to the COVID19 pandemic, which required more businesses to operate remotely, and the staff to Work From Home. Though it is the obligation of the cloud service provider to take responsibility for their infrastructure and ensure security and safety at all ends, sometimes it doesn’t quite happen. There have been several large-scale incidents this year, in some cases, stemming from a surge in usage. If there exists a gap between the requirements of the organization versus the capability of the cloud service provider, proper and formal steps must be put in place to successfully mitigate this risk to an acceptable level. The best method to identify these gaps and address them with stakeholders is via an audit of the cloud service provider. This presentation will briefly explain the controls which need to be audited, to provide the requisite assurance to the client organization and their stakeholders. Ignorance is not bliss when migrating to the cloud. " |
|
3:30 pm |
Panel discussion: “How Can We Grow the Pool of Cloud Security Professionals” According to one source, there are about 3 million cybersecurity professionals worldwide. And there we need an additional 4 million cybersecurity professionals. The question for the panelists today is what we can do to address the shortfall in such expertise in Malaysia. With the greater cloud usage and increased cloud adoption during the pandemic period, many enterprises have pivoted to the cloud, creating a dire demand for cloud security professionals. The job is definitely cut out for our panelists. MODERATOR: Dr. Hing-Yan LEE (EVP APAC, CSA) PANELISTS:
|
|
4:30 pm |
Panel discussion: “Data Sovereignty - What’s the Big Fuss About?" The term “data sovereignty” has often been used by stakeholders (including cloud service consumers, cloud service providers, sectoral regulators) to mean different things. Just like the term "cloud computing" in the initial years, there are no widely agreed definitions; so the question "What do you understand by this term ?" naturally arises. Is it about: (a) data residency; (b) data localization; (c) data protection; (d) ... etc. What do these other terms mean anyway? Some parties commented that the above measures are too prescriptive and hide the real motivations, there are indeed innovative solutions to address those motivations. The panel discussion will identify the real motivations for data sovereignty. Some regulated sectors (e.g., finance, healthcare & healthcare) seem most paranoid about data sovereignty; they must have good reasons. Join us as the panelists endeavour to help us to understand the downsides and upsides to data sovereignty. MODERATOR: Dr. Hing-Yan LEE (EVP APAC, CSA) PANELISTS:
|