WORKING GROUP ON CLOUD SECURITY AND PRIVACY



Similar documents
Present : Prof John LEONG Chi-yan, SBS, JP (Chairman) Mr Ricky FUNG Choi-cheung, SBS, JP. Mrs Margaret LEUNG KO May-yee, SBS, JP

Present: Community College of City University. In attendance: Hong Kong Federation of Social Work Students (HKFSWS)

DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Government s Cloud Computing Programme

立 法 會 Legislative Council

Head 47 GOVERNMENT SECRETARIAT: OFFICE OF THE GOVERNMENT CHIEF INFORMATION OFFICER

Information Security Seminar 2013

Present : Prof John LEONG Chi-yan, SBS, JP (Chairman) Ms Karyn CHAN Representing Deputy Secretary for Financial Services and the Treasury (Treasury)1

立 法 會 Legislative Council

立 法 會 Legislative Council

The 2 nd Hong Kong Public Relations Awards 2014 Now Calling For Entry

Expert Group on Cloud Computing Services and Standards ( EGCCSS ) Formation of Working Groups

立 法 會 Legislative Council

JOINT ANNOUNCEMENT CONNECTED TRANSACTION SALE AND PURCHASE OF THE ENTIRE ISSUED SHARE CAPITAL OF SOUTH CHINA ASSET MANAGEMENT LIMITED

Advisory Committees THE EXCHANGE FUND ADVISORY COMMITTEE. Chairman 29 February Members. 16 AnnuAl RepoRt 2015 Hong Kong MonetARy AutHoRity

An Overview of ISO/IEC family of Information Security Management System Standards

HKQAA Hong Kong Registration - Recycling Services Kicked off

Certificate Course in Palliative Medicine for Health Care Workers

立 法 會 Legislative Council

Seventh Meeting of the Awareness, Mainstreaming and Sustainability Working Group. Confirmed minutes of meeting

Minutes of the First Meeting of the Joint Committee on Information Technology for the Social Welfare Sector held at 9:30 a.m.

立 法 會 Legislative Council

SME Cloud Promotion Campaign Cloud Competition Document

Hospital Authority Hospital-based Patient Experience and Satisfaction Survey

Vice President Steven Chan Wilson Cheng Chairman of the Supervisory Committee Leo Siu

PROPOSED ISSUE OF EXCHANGEABLE BONDS GUARANTEED BY THE CONTROLLING SHAREHOLDER OF THE COMPANY

立 法 會 Legislative Council

Asia Smartphone Apps Contest 亞 洲 智 能 手 機 應 用 程 式 大 賽

Serving Hong Kong, Sharing Prosperity NWSH Photo Competition reveals diversified businesses of NWS Holdings

Hong Kong Computer Society Announces IT Industry Salary Trend Survey Results. HKCS Organizes IT Career Expo and Launches ICT Talent Cultivation Videos

Legislative Council Panel on Information Technology and Broadcasting. Hacking and Virus Activities and Preventive Measures

Security and privacy standardization for the SME community

The Accounting and Finance Graduates Association of The Hong Kong Polytechnic University Limited. NEWSLETTER January President s Message

立 法 會 Legislative Council

立 法 會 Legislative Council

ITJC H O N G K O N G I N F O R M A T I O N T E C H N O L O G Y J O I N T C O U N C I L 香 港 資 訊 科 技 聯 會

Executive Training. Mr. Antony Pang General Manager Dialogue in the Dark (HK) Limited

Hong Kong Computer Society Cloud Computing Special Interest Group Executive Cloud Forum 2015

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey

Business Internet Banking service application procedure

POTENTIAL CONTINUING CONNECTED TRANSACTION - INVESTMENT ADVISORY AND MANAGEMENT AGREEMENT

To learn more, visit us here:

2nd 2015 Quarterly e-newsletter

Cloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile

School Counseling: Current International Perspectives

Panel on Transport. Letter from Hon Charles Peter MOK on the Internet car calling service and hire car sharing service

THE UNIVERSITY OF WARWICK. Minutes of the meeting of the Information Policy and Strategy Committee held on 8 April 2011

The Value of E-Resources in the Cloud Era

Professional Services Development Assistance Scheme (PSDAS) Covering Period to

Cloud Channel Summit #RCCS15

Action Summary of the Fourth Strategy on Information Technology in Education Realising IT Potential Unleashing Learning Power A Holistic Approach

How To Learn Digital Marketing

立 法 會 Legislative Council

International Water Association Regional Committee of Hong Kong, China (IWAHK) Minutes of the 11th Executive Committee Meeting

HKIB Outstanding Financial Management Planner Awards 2008

Prof. Wendy Moyle is the academic mentor of Mr Patrick Kor. She shares her research experience with Patrick during the trip.

How to tax the provision of a place of residence to the employee

CLP s GREEN PLUS Symposium illustrates successful business case of energy saving among SMEs and NGOs Innovative, tailored EE&C solutions lead the way

COMPLETION OF THE REORGANISATION CONTINUING CONNECTED TRANSACTIONS BETWEEN NEW WORLD INFRASTRUCTURE LIMITED AND PACIFIC PORTS COMPANY LIMITED

Hong Kong Electronics and Technologies Association HKETA Symposium 2015 M2M in IoT: Impacts and Opportunities

Telecommunications Regulatory Affairs Advisory Committee

UNUSUAL SYNERGIS SHARE PRICE AND TRADING VOLUME MOVEMENTS

FACULTY OF MEDICINE. Division of Chinese Medicine

DEFINITIONS. In this prospectus, unless the context otherwise requires, the following expressions shall have the following meanings.

THE UNIVERSITY OF HONG KONG IMPACT CASE HISTORY. ebxml Message Gateway Hermes and B2B Connector Provide a Secure and Reliable Platform for E-Business

Legislative Council Panel on Financial Affairs. The Role and Operation of The Hong Kong Mortgage Corporation Limited

Enviro Energy International Holdings Limited 環 能 國 際 控 股 有 限 公 司 (Incorporated in the Cayman Islands with limited liability)

WORLD METEOROLOGICAL ORGANIZATION

Survey Result on Readiness for ehr Sharing

LEGISLATIVE COUNCIL MINUTES. No. 11. Minutes of the meeting held on Wednesday 7 January 2015 at 11:00 am

Chemistry Major / Minor Talk

City Telecom Group. Bank of America Tower ADMIRALTY. Entertainment Building CENTRAL. 8 Queen s Rd Central CENTRAL IFC CENTRAL CGC ADMIRALTY

Stand in the Spotlight for

Chairman s Report 2007/2008. By Francis Fong Chairman of HKAIM 2007 / 2008

Legislative Council Panel on Security Youth Drug Abuse. This paper briefs Members on the latest youth drug abuse

Asset Management Industry Development in Hong Kong, Singapore and China

Report on. Formation of Asia Pacific Paediatric Nurses Association

National Society leadership and management development (supporting National Society development) Executive summary This is one of four sub-plans of

Route Map for Year 1 Students Admitted through Non-JUPAS/Direct Admissions Scheme (student visa NOT required) 2015/16

CLP Kicks Off Hong Kong's First EV Parade and Exhibition CLP Leads the Way in Low Carbon Mobility with 50 EVs joining

For discussion on 17 January 2005 LC paper No. CB(1)684/04-05(04) LEGISLATIVE COUNCIL PANEL ON PUBLIC SERVICE

Consultation on Transition of Board Structure of HKIRC as Proposed by the HKSAR Government in the May 2007 Public Consultation

Contents MBA (INTERNATIONAL BUSINESS)

Transcription:

WORKING GROUP ON CLOUD SECURITY AND PRIVACY Notes of the Seventh Meeting held at 2:30 p.m. on 19 September 2013 in Communal Meeting Room 3, G/F, Central Government Offices, Tamar Present Mr Vincent CHAN Convenor (Ernst & Young Advisory Services Limited) Mr Paul FUNG Member (Photon Link Limited) Ms Clara HO Member (The Hongkong and Shanghai Banking Corporation Limited) Mr Dale JOHNSTONE Member (Vice-Convenor, ISO Working Group on Information Security Management Systems) Mr SC LEUNG Member (Hong Kong Productivity Council) Mr SH LIM Member (Hong Kong Jockey Club) Ms Winnie YEUNG Member (Microsoft Hong Kong Limited) Mr Owen WONG Member (OGCIO) Mr TS YU Member (OGCIO) Ms Donna CHAN Secretary (OGCIO) In attendance Mr Patrick CHAN (OGCIO) Absent with apologies Professor David CHEUNG Member (The University of Hong Kong) Ir Stephen KM LAU, JP Member (Hong Kong Computer Society) Mr Otto LEE Member (Thomson Reuters) Professor John LUI Member (The Chinese University of Hong Kong) Mr Antony MA Member (Cloud Security Alliance (Hong Kong & Macau Chapter)) Mr Henry NG Member (Thales e-security) - 1 -

Mr Ted SUEN Member (MTR Corporation Limited) Confirmation of minutes of last meeting Action by 1. The notes of the sixth Working Group meeting held on 22 May 2013 were confirmed without amendment. Matters arising from the last meeting 2. Regarding to the organisation name for Mr Dale JOHNSTONE, the notes of meeting and corresponding pages on OGCIO Homepage had been updated with the agreed changes. Update on Cloud Expert Group and Working Groups 3. Mr Patrick CHAN updated the meeting the latest development of the Cloud Expert Group and Working Groups as well as the statistics of access to the InfoCloud Portal and download of the Practice Guide on Procuring Cloud Services and the two Security Checklists. 4. Ms Clara HO enquired if there were any figures that showed the percentage of the download of the Practice Guide from SMEs. Mr Patrick CHAN responded that while the InfoCloud Portal did not identify individual visitors, the web log data could help reveal the distribution of visitors by region through their IP addresses. Alternatively, the subscription function in the InfoCloud Portal to be launched in the near future could add questions to get more information of subscribers. Update on study of Cloud Services Assessment Tools and Certification Schemes 5. Mr TS YU presented the findings from the study on the needs, availability and deployment readiness of Cloud Assessment Tools and Cloud Services Certification Schemes. He also updated that - 2 -

he had relayed the e-mail from the Expert Group on Cloud Computing Certification under the Hong Kong Council for Testing and Certification to all Members of the Working Group inviting them to participate in the Cloud computing certification survey. Members were also encouraged to disseminate the questionnaires to their peer groups and relevant organisations to collect more views. 6. The Convenor considered that while cloud computing certification might not need to be mandated, it would certainly contribute to the promotion of wider cloud services adoption. He invited Members to express views such as whether assessment or certification should be made mandatory or remained voluntary, whether Hong Kong should create its own certification schemes or to adopt international certification schemes, and how we could collaborate with the Mainland on the adoption of certification schemes. 7. Mr SH LIM updated the meeting that the Infocomm Development Authority of Singapore was working towards mandating certification scheme for Cloud Services Providers in Singapore and cross certification with international schemes such as Cloud Security Alliance. Members then deliberated on the applicability of such scenario in Hong Kong. Some Members shared that setting any scheme as mandatory would come with a price and it would thus be more flexible for organisation to make their own choice. Some Members opined that since cloud services were usually provided across border, it would be more appropriate to go for international standards rather than localised ones. Some Members viewed that Hong Kong was market driven and it should leave flexibility for organisations to pursue certification based on market demand instead of mandating certain certification schemes. It would be more worthwhile to promote the value of certification and the variety of international or defacto certification schemes which would help establish the trustworthiness of Cloud Service Providers to the prospective consumers, in particular those who were privacy and security conscious. Regarding the collaboration with the Mainland, it - 3 -

was generally agreed to keep in view the development of certification standards in the Mainland and explore further in the HK/Guangdong Expert Committee on Cloud Computing Services and Standards. 8. Mr TS YU supplemented that the Expert Group on Cloud Computing Certification intended to recommend some tools / schemes for the industry to adopt voluntarily and was expecting to collect industry's views whether there were tools / schemes in the market that were up to the standard. 9. Members generally agreed to further explore if there could be a handful of tools / schemes / standards selected (objectively with a set of criteria) for promotion to the industry. We would also further liaise and collaborate with Guangdong experts on certification schemes that could help achieve mutual trust of cloud services in the two places. 10. Mr Dale JOHNSTONE further suggested that a portal might be set up for the Cloud Service Providers to publicise the assessments or certifications they had achieved for different tiers at their installations so that the public could appreciate the trustworthiness of these service providers. Update of progress of preparation for hosting the SC 27 meeting 11. Mr TS YU and Mr Dale JOHNSTONE updated the meeting on the progress of the preparation for hosting the SC 27 meeting in Hong Kong in April 2014. Mr TS YU added that the website for the SC 27 meeting event would be rolled out in October. Discussion on the plan to gather views and inputs from different stakeholder groups 12. The Convenor raised if we could explore riding on the HKPC event to collect views from the key stakeholder groups apart from the WGPUCS to promote the Practice Guide. Ms Donna CHAN responded that it was an annual event organised by the - 4 -

HKPC for the SMEs and there would be at most one hour allocated for promoting the Practice Guide. After deliberations, the Convenor concluded that the Working Group would look for other opportunities for holding round table discussion with different stakeholder groups since each stakeholder group would have its specific kinds of concerns. The priority stakeholder groups would be SMEs and ICT industry. Details of it would be further discussed after the meeting. Any other business 13. Mr SC LEUNG enquired whether there would be a replacement of Cloud Security Alliance (CSA) representative for Mr Antony MA in this Working Group. Ms Donna CHAN responded that Mr Antony MA was still one of the members in this Working Group though he might not be able to attend every meeting. She added that other representative from CSA could be invited to attend the meeting of the Working Group on need basis. 14. There being no other business, the meeting adjourned at 4:45 pm. The Secretariat Expert Group on Cloud Computing Services and Standards October 2013-5 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information