Aloysius Cheang

Last updated
Aloysius Cheang
OccupationManaging Director
Employer Cloud Security Alliance

Aloysius Cheang is the Managing Director APAC for the Cloud Security Alliance. He has another role as their Standards Secretariat overseeing all standardization efforts within CSA (Cloud Security Alliance) and owning the relationships with other SDOs. Aloysius was a former member of the Singapore government's Chief Security Officer roundtable, and founder of SIG^2 [1] in 2001. [2] [3] He also held senior executive positions with various consulting companies and telco with a worldwide remit.

SIG^2 rose to become the de facto security community in Asia,[ citation needed ] and lead to the formalisation of the Singapore government-backed Association of Information Security Professionals (AISP), where Cheang was pro tem chairman from 2006 to 2007. He was also co-editor for the ISO/IEC 27032 "Guidelines for Cybersecurity", and represented Singapore on ISO/IEC/JTC 1 SC 27 WG4. His previous contribution for SS 507 "Business Continuity/Disaster Recovery Industry Standard" was adopted as ISO/IEC 24762. Cheang sits on the Singapore IT Standards Committee and the National Infocomm Competency Framework Security Sub-Committee.

Cheang's professional certifications include CISA, CISSP and GCIH, and is the first Microsoft Security MVP in South Asia, and a member of the Microsoft SEA MVP Hall of Fame. [4] His views have been presented in Times Asia, [5] CIO Asia, [6] ZDNet, [7] Computerworld , The New Paper , [8] MyPaper, Sin Chew Daily , Wen Wei Po , [9] The Straits Times [10] and ChannelNewsAsia as an independent source of specialist opinion.

Publications

Related Research Articles

The Common Language Infrastructure (CLI) is an open specification and technical standard originally developed by Microsoft and standardized by ISO/IEC and Ecma International that describes executable code and a runtime environment that allows multiple high-level languages to be used on different computer platforms without being rewritten for specific architectures. This implies it is platform agnostic. The .NET Framework, .NET and Mono are implementations of the CLI. The metadata format is also used to specify the API definitions exposed by the Windows Runtime.

<span class="mw-page-title-main">Business continuity planning</span> Prevention and recovery from threats that might affect a company

Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery. Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery.

<span class="mw-page-title-main">Linux Standard Base</span> A standard for Linux distributions

The Linux Standard Base (LSB) was a joint project by several Linux distributions under the organizational structure of the Linux Foundation to standardize the software system structure, including the Filesystem Hierarchy Standard. LSB was based on the POSIX specification, the Single UNIX Specification (SUS), and several other open standards, but extended them in certain areas.

CISSP is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)².

The Open Document Format for Office Applications (ODF), also known as OpenDocument, is an open file format for word processing documents, spreadsheets, presentations and graphics and using ZIP-compressed XML files. It was developed with the aim of providing an open, XML-based file format specification for office applications.

Disaster recovery is the process of maintaining or reestablishing vital infrastructure and systems following a natural or human-induced disaster, such as a storm or battle. It employs policies, tools, and procedures. Disaster recovery focuses on information technology (IT) or technology systems supporting critical business functions as opposed to business continuity. This involves keeping all essential aspects of a business functioning despite significant disruptive events; it can therefore be considered a subset of business continuity. Disaster recovery assumes that the primary site is not immediately recoverable and restores data and services to a secondary site.

Information technology service management (ITSM) is the activities that are performed by an organization to design, build, deliver, operate and control information technology (IT) services offered to customers.

Office Open XML is a zipped, XML-based file format developed by Microsoft for representing spreadsheets, charts, presentations and word processing documents. Ecma International standardized the initial version as ECMA-376. ISO and IEC standardized later versions as ISO/IEC 29500.

<span class="mw-page-title-main">IT security standards</span> Technology standards and techniques

IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

The following article details governmental and other organizations from around the world who are in the process of evaluating the suitability of using (adopting) OpenDocument, an open document file format for saving and exchanging office documents that may be edited.

Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization. According to ITIL, SAM is defined as “…all of the infrastructure and processes necessary for the effective management, control, and protection of the software assets…throughout all stages of their lifecycle.” Fundamentally intended to be part of an organization's information technology business strategy, the goals of SAM are to reduce information technology (IT) costs and limit business and legal risk related to the ownership and use of software, while maximizing IT responsiveness and end-user productivity. SAM is particularly important for large corporations regarding redistribution of licenses and managing legal risks associated with software ownership and expiration. SAM technologies track license expiration, thus allowing the company to function ethically and within software compliance regulations. This can be important for both eliminating legal costs associated with license agreement violations and as part of a company's reputation management strategy. Both are important forms of risk management and are critical for large corporations' long-term business strategies.

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

International standards in the ISO/IEC 19770 family of standards for IT asset management address both the processes and technology for managing software assets and related IT assets. Broadly speaking, the standard family belongs to the set of Software Asset Management standards and is integrated with other Management System Standards.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

ISO/IEC 38500 is an international standard for Corporate governance of information technology published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. The standard is heavily based on the AS 8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology, originally published in January 2005.

This is a comparison of the Office Open XML document file format with the OpenDocument file format.

<span class="mw-page-title-main">.NET Framework</span> Software platform developed by Microsoft

The .NET Framework is a proprietary software framework developed by Microsoft that runs primarily on Microsoft Windows. It was the predominant implementation of the Common Language Infrastructure (CLI) until being superseded by the cross-platform .NET project. It includes a large class library called Framework Class Library (FCL) and provides language interoperability across several programming languages. Programs written for .NET Framework execute in a software environment named the Common Language Runtime (CLR). The CLR is an application virtual machine that provides services such as security, memory management, and exception handling. As such, computer code written using .NET Framework is called "managed code". FCL and CLR together constitute the .NET Framework.

ISO/IEC JTC 1/SC 29, entitled Coding of audio, picture, multimedia and hypermedia information, is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It develops and facilitates international standards, technical reports, and technical specifications within the field of audio, picture, multimedia, and hypermedia information coding. SC 29 includes the well-known JPEG and MPEG experts groups, and the standards developed by SC 29 have been recognized by nine Emmy Awards.

ISO 22301:2019, Security and resilience – Business continuity management systems – Requirements, is a management system standard published by International Organization for Standardization that specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. It is intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization.

ISO 22300:2021, Security and resilience – Vocabulary, is an international standard developed by ISO/TC 292 Security and resilience. This document defines terms used in security and resilience standards and includes 360 terms and definitions. This edition was published in the beginning of 2021 and replaces the second edition from 2018.

References

  1. "SIG^2". Archived from the original on 2009-05-05. Retrieved 2009-05-11.
  2. "Profile on SIG^2". Archived from the original on 2009-05-05. Retrieved 2009-05-11.
  3. Microsoft MVP site [ permanent dead link ]
  4. "Aloysius Cheang | CROW". crow.org.nz. Retrieved 2020-12-12.
  5. Paris Hilton's Hack Attack
  6. "The Mobility Threat". Archived from the original on 2006-10-19. Retrieved 2009-05-11.
  7. Do former black hats make good hires?
  8. "banks not hit yet but warned to be vigilant". Archived from the original on 2008-03-14. Retrieved 2009-05-12.
  9. WiFi炒股 易遭盜密碼
  10. "New media: A case of Jekyll & Hyde". Archived from the original on 2011-07-07. Retrieved 2009-05-12.
  11. PACIS 2001 Proceeds, Paper 22
  12. Analysis of the Linux.Ramen Worm [ permanent dead link ]
  13. IT Standards Committee list of IT standard
  14. S'pore pushes business continuity, disaster recovery standard
  15. "Singapore Standards on Business Continuity and Disaster Recovery on its way to become an International Standard". Archived from the original on 2009-03-09. Retrieved 2009-05-12.
  16. "PSB Certification Body – Business Continuity & Disaster Recovery (BC/DR)". Archived from the original on 2009-04-14. Retrieved 2009-05-12.
  17. Role of Security in Infrastructure Optimization
  18. "Privacy Issues – Business Disabler or Enabler?". Microsoft . Archived from the original on 2009-03-26. Retrieved 2009-05-12.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.