Windows 10 Insider Preview 17763.107 (RS5) (1809) (Oct 2018 Update) (2018-10 CU) to Slow Ring released
Wednesday, October 31, 2018
Sunday, October 28, 2018
How to enable sandbox for Windows Defender on Windows 10 and also how to check it is running in sandbox?
1. Run command prompt under administrator right
2. setx /M MP_FORCE_USE_SANDBOX 1
3. Reboot the machine
4. Done
To verify the Windows Defender running under sandbox:
1. Go to download process explorer https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
2. Run process explorer under administrator right
3. Right on the menu click “select columns”, then tick the box “Integrity Level”
4. The process “MsMpEngCP.exe” will under AppContainer
Reference:
https://www.zdnet.com/article/windows-defender-becomes-first-antivirus-to-run-inside-a-sandbox/
https://www.thewindowsclub.com/sandboxing-windows-defender
Thursday, October 25, 2018
Google Chrome 70 support Progressive Web Apps (PWA) installation on Windows
After you go to https://mobile.twitter.com/ , you will find he Google Chrome menu have a “Install Twitter”. After the installation, you will see the shortcut under recently added and you pin it to start menu, the ICON become Google Chrome and mark “Twitter”.
![Screenshot_20181025-072301[3647]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjf5jirlDGLTsCIsJsyhFqaujWj-XqAHDrtaamVjx-1_YkjDwQCvh8RXj5pCnwSYpo1coKEqb-vnjQ46oZocBrUVaAa6qLz7j2dQfAh51HhyZxq0x3yj-LsowJGtvhrVpmwe6D8jBiye9SJ/?imgmax=800 "Screenshot_20181025-072301[3647]")
Tuesday, October 23, 2018
Windows 10 on World Dream Cruise
Dream Cruises is Asia's cruise line that aims to redefine vacation travel with a transformational journey at sea
World Dream launched in November 2017, offering guests the highest levels of service and spacious comfort in the region.
It is also equipped latest and greatest technology.. Cisco AP, FernTel IP Phone (Outdoor), Mitel IP Phone (Indoor), MICROS Systems – Oracle (POS), Of course Windows 10 anywhere.
![IMG_20181020_104641196[3332]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcItaiYiKFgoZ0oqT8jsTp3XTfdDAYfheaJZ-8ckYxBER0jh4s7Z6Y1HOclYvJ5FDabqfpko1Q9MM0-Rat-iWHk1TLHr6kg40Y3E2sDYPU-3zS3_f2G8HfBSd1s7cGO9U3ViIXi3ZEmxgr/?imgmax=800 "IMG_20181020_104641196[3332]")
PhotoBooth by Windows 10:
![IMG_20181020_165128996[3333]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDkM0Cv5i3kjOv8nUn_NyLxq1FaoDruvP0V5oc_eXIpPD6vaHH-oL4dvN-2iTxrjUsVlJrYSrajajr1cjDBqbJImZmILegq_N2opcd0PBtBPKoaUU6fJBEfBgLK_hkhuhz4c_P9G0Md8Mn/?imgmax=800 "IMG_20181020_165128996[3333]")
![IMG_20181020_165137033[3334]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhclrp9A_qSIyXpf3UGiD4MEWLxHcmNcTHOK-eW-wsc299w_BQTV0_ijCmAit6kDcPD4laDAGQoqJgSZ45B7c58nxanINkNSUVF4CJtDkAnKsZkF131eJQ8mx_PU2O7NPM8G-WNflWH0MTb/?imgmax=800 "IMG_20181020_165137033[3334]")
Windows 10 in control room
![IMG_20181020_103938424_HDR[3335]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTj4AG8lZ81nqPfIlYAuKEYu9R0ilVSXg_Zbc0855SjM0SmBffBPndIksVTtVQjgsYNhy2vVkmjdL6lYaVjyuHOeQ-vXgZToHKCQX8NVzN5HX6jr8GSnHPJIwbyWBIXbKY3tTQMNmZe-Hb/?imgmax=800 "IMG_20181020_103938424_HDR[3335]")
Thursday, October 18, 2018
Wednesday, October 17, 2018
![Screenshot_20181017-154757[3314]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK9eSKlDst7N7HhWna0wpy7-GzkAE-wJG6VJJd2Crzg7eD7TQPg2zeDbfC_ddhVfQmKSZrKsUyDZLAuc5yMY20tvBVjBJz9bXzmAFHTpY4pgIC803o__ZF-a-yUVt2MJXK-vyJlMizuCyd/?imgmax=800 "Screenshot_20181017-154757[3314]")
Hong Kong Exchange and Clearing (HKEx) connection - Securities Market
BROKER SUPPLIED SYSTEMS (BSS) e.g. Ayers
HKEx Orion Central Gateway (OCG) (In the past, it is Open Gateway (OG))
M Machine – AMS Client (AMS/3) (*AMS/3 - the third generation of electronic stock trading system introduced in October 2000)
Throttles - The throughput rate of OCG messages into OTP-C through OCG is governed by a throttle mechanism
Securities and Derivatives Network/2 (SDNet/2) or HKEX Service Network (HSN) which are used for connection of China Connect Central Gateway (CCCG)/Orion Central Gateway (OCG)
China Connect Exchange Participants (CCEPs)/Tradethrough Exchange Participants (TTEPs)
Broker-to-Client Assigned Number (BCAN) and Client Identification Data (CID) files
HK Market:
ORION CENTRAL GATEWAY (OCG)
HK-China Market:
China Connect Central Gateway (CCCG):
Orion Market Data Platform – Securities Market (OMD-C)
China Stock Connect (CSC)
Shanghai Stock Exchange (SSE)
Shenzhen Stock Exchange (SZSE)
Hong Kong Securities Clearing Company Limited (HKSCC), as a securities settlement system (“SSS”) operator
Hong Kong Futures Exchange Limited ("HKFE") - HKFE Clearing Corporation Limited (HKCC) to operate a clearing house for the purpose of clearing all trades concluded on the markets
Connectivity Guide HKEX China Connect Central Gateway Platform
FAQ
Interface Specifications HKEX China Connect Central Gateway Platform Binary Trading Protocol
Section A – Notes to the Application
Ricoh Hong Kong Smart Backup Service (Backup to Cloud Service)
Ricoh HK Smart Backup Service (Backup to Cloud Service):
https://ricoh-solutions.hk/en/solutions-n-services/cloud-services/
There are 30 days free trial promotion:
The Service login page:
You will assign 100GB for trial.
The platform was powered by Acronis AnyData Engine
The software agent for different platform:
Backup Agent on Mac OS
Monday, October 15, 2018
Global Navigation Satellite System (GNSS) and related information
Global Navigation Satellite System (GNSS)
US GPS
Russian GLONASS
China BDS
EU Galileo
Regional Navigation Satellite System (RNSS)
Japan Quasi-Zenith Satellite System (QZSS)
India NAVIC
Global Positioning System (GPS) is a navigation and tracking system that uses satellite conections and radio waves. This system can compute the exact geographic coordonates of a object or person on the surface of the earth as long as it has a device that contains a GPS receptor.
Assisted Global Positioning System (AGPS or A-GPS) is a system that often significantly improves the startup performance—i.e., time-to-first-fix (TTFF)—of a GPS satellite-based positioning system. A-GPS is extensively used with GPS-capable cellular phones.
Location-Based Service (LBS) is a tracking system that uses mobile phone signal. The tracking is done by using GSM cell towers of local mobile phone service providers. Tracking through LBS is less precise when compared to GPS because the device estimates its position in the area of the cell tower.
GLONASS or "Global Navigation Satellite System", is a space-based satellite navigation system operating in the radionavigation-satellite service. It provides an alternative to GPS and is the second navigational system in operation with global coverage and of comparable precision.
中国北斗卫星导航系统 BeiDou Navigation Satellite System (BDS) BeiDou-3 will eventually consist of 35 satellites and is expected to provide global services upon completion in 2020. When fully completed, BeiDou will provide an alternative global navigation satellite system to the United States owned Global Positioning System (GPS), and is expected to be more accurate than the GPS.
Galileo is the global navigation satellite system (GNSS) that is being created by the European Union (EU) through the European GNSS Agency (GSA),headquartered in Prague in the Czech Republic, with two ground operations centres, Oberpfaffenhofen near Munich in Germany and Fucino in Italy.
Quasi-Zenith Satellite System (QZSS) is a project of the Japanese government for the development of a four-satellite regional time transfer system and a satellite-based augmentation system for the United States operated Global Positioning System (GPS) to be receivable in the Asia-Oceania regions, with a focus on Japan.
The Indian Regional Navigation Satellite System (IRNSS), with an operational name of NAVIC is an autonomous regional satellite navigation system
Satellite-Based Augmentation System (SBAS)
US Wide Area Augmentation System (WAAS) - GPS
European Geostationary Navigation Overlay Service (EGNOS) - GPS , GLONASS and Galileo
Japanese Multi-functional Satellite Augmentation System (MTSAT or MSAS) - GPS
Indian GPS Aided Geo Augmented Navigation (GAGAN) - GPS, GLONASS
The Wide Area Augmentation System (WAAS) is an air navigation aid developed by the Federal Aviation Administration to augment the Global Positioning System (GPS), with the goal of improving its accuracy, integrity, and availability.
European Geostationary Navigation Overlay Service (EGNOS) is Europe's regional satellite-based augmentation system (SBAS)
Japanese Multi-functional Satellite Augmentation System (MSAS), Multi-functional Satellite Augmentation System (MTSAT or MSAS) is a Japanese satellite based augmentation system (SBAS), i.e. a satellite navigation system which supports differential GPS (DGPS) to supplement the GPS system by reporting (then improving) on the reliability and accuracy of those signals. MSAS is operated by Japan's Ministry of Land, Infrastructure and Transport Japan Civil Aviation Bureau (JCAB).
Indian GPS Aided Geo Augmented Navigation (GAGAN). The GPS-aided GEO augmented navigation (GAGAN) is an implementation of a regional satellite-based augmentation system (SBAS) by the Indian government. It is a system to improve the accuracy of a GNSS receiver by providing reference signals.
Reference:
http://help.vonino.eu/what-is-gps-and-lbs-tracking/
https://en.wikipedia.org/wiki/Assisted_GPS
https://en.wikipedia.org/wiki/BeiDou_Navigation_Satellite_System
https://en.wikipedia.org/wiki/European_Geostationary_Navigation_Overlay_Service
https://en.wikipedia.org/wiki/Wide_Area_Augmentation_System
https://en.wikipedia.org/wiki/Galileo_(satellite_navigation)
https://en.wikipedia.org/wiki/GPS-aided_GEO_augmented_navigation
https://en.wikipedia.org/wiki/MTSAT_Satellite_Augmentation_System
https://www.hkedcity.net/funpost/science_ahead/page_5b1674e0316e83bf4d000000
https://en.wikipedia.org/wiki/Indian_Regional_Navigation_Satellite_System
https://en.wikipedia.org/wiki/Quasi-Zenith_Satellite_System
Sunday, October 14, 2018
The 2018-10 Update for Windows 10 Version 1703 for arm-based Phone Devices have been released on my Lumia 640
![wp_ss_20181014_0001[3303]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhueIWCPU3B98gMAsKQZTjp6m_FnYzvkKc6lcyp6B8pb1SoGoYT8Pbz4ECAzKKVM1uAb-GzPMktpPBBjXhp7XbQYxOp68pmWMnusP2SAvslrC-gSRiaveSDjmOdKxq89Fp3e7If7gUlS4W4/?imgmax=800 "wp_ss_20181014_0001[3303]")
After apply the Oct update, it become 15063.1390
![Screenshot_20181013-215512[3301]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipfbvggTuAXw310hY07UoeJhM81EP9b1cm6w0afuuLWTv-zSHnMCpKiYr8sY2jWUjmHRRztNySd1CeNAbE59XyWauy07OPJg4JaxYNXk3gON0GEjH8IEl41K7fYnOSzXW-D3LE4y1B6klg/?imgmax=800 "Screenshot_20181013-215512[3301]")
Tuesday, October 9, 2018
Regulatory requirement - IA, SFC and PCPD (with some HKMA and MPFA reference)
There are several area we need to consider when we design and setup our infrastructure:
(a) Information security policy
-> We need to have this policy within IT policy or separate a policy document. The document need to fit the regulatory requirement, market best practice, international security standard in design and control manner.
(b) Access control
-> User access control, identity and record management
-> Password policy and control
-> Network and system access control
-> Onboarding, change and off-boarding
(c) Encryption
-> Network transmission e.g. SSL, SSH……
-> Laptop HDD (e.g. bitlocker)
(d) Change management
-> Change management policy/procedure, better have a change management broad (CAB)
(e) User activities monitoring
-> System logging and audit log management
(f) System, Data backup and continuity planning.
-> Backup policy
-> DR site, data offsite…..
-> Regular restore test…
(g) Operation
-> All operation should have document and record for audit trail
-> Vendor management (Outsourcing)
(h) Cyber Security
-> Two tier firewall
-> 2FA
-> Patch Management
-> Encryption
-> Endpoint protection
-> Two tier antimalware solution
-> Zero trust network
-> Security Operation Centre (SOC) for logging, event management …
-> Incident management
-> Access control
-> Physical security
-> System, Data backup and business continuity planning (BCP)
-> User least privilege (Principle of least privilege)
-> DNS security
-> Password policy
-> Data encryption
-> Security Policy with management roles and responsibilities
-> Cybersecurity awareness training for internal system users
-> Cybersecurity alert and reminder to clients
-> Vendor management
(I)Internet facing service (e.g. Internet trading)
-> 2FA
-> Anti DDoS
Please check the following information for your reference:
Insurance Authority (IA)
Guidelines (GL) – Previous call Guidance Notes (GN)
https://www.ia.org.hk/en/legislative_framework/guidelines.html
For IT related, please focus on GL8, GL10 and GL14
https://www.ia.org.hk/en/legislative_framework/files/GL8.pdf
https://www.ia.org.hk/en/legislative_framework/files/GL10.pdf
https://www.ia.org.hk/en/legislative_framework/files/GL14.pdf
Security:
Cyber Intelligence Sharing Platform
https://www.ia.org.hk/en/legislative_framework/circulars/reg_matters/files/cir_20170517.pdf
Also, Insurtech applications:
https://www.ia.org.hk/en/aboutus/insurtech_corner.html
Securities And Futures Commission (SFC)
SFC:
Information Technology Management Issues to be considered by licensed corporations
https://www.sfc.hk/edistributionWeb/gateway/EN/circular/openFile?refNo=H569
Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading:
Cybersecurity:
https://www.sfc.hk/web/EN/faqs/intermediaries/supervision/cybersecurity/cybersecurity.html
Circular to All Licensed Corporations Alert for Ransomware Threats
https://www.sfc.hk/edistributionWeb/gateway/EN/circular/doc?refNo=17EC26
Circular to Licensed Corporations Engaged in Internet Trading Good Industry Practices for IT Risk Management and Cybersecurity
https://www.sfc.hk/edistributionWeb/gateway/EN/circular/doc?refNo=17EC74
Privacy Commissioner for Personal Data (PCPD)
Guidance on Collection and Use of Biometric Data
https://www.pcpd.org.hk//english/resources_centre/publications/files/GN_biometric_e.pdf
Data Breach Notification
https://www.pcpd.org.hk//english/resources_centre/publications/files/DataBreachHandling2015_e.pdf
Guidance on the Proper Handling of Customers’ Personal Data for the Insurance Industry
https://www.pcpd.org.hk//english/resources_centre/publications/files/GN_insurance_e.pdf
Guidance on CCTV Surveillance and Use of Drones (Revised in March 2017)
https://www.pcpd.org.hk//english/resources_centre/publications/files/GN_CCTV_Drones_e.pdf
Privacy Guidelines: Monitoring and Personal Data Privacy at work
https://www.pcpd.org.hk/english/publications/files/monguide_e.pdf
Guidance on CCTV Surveillance Practices
https://www.pcpd.org.hk/english/resources_centre/publications/guidance/files/CCTVpractices_e.pdf
Hong Kong Police Requirements For Digital CCTV Systems
https://www.police.gov.hk/info/doc/cpa/CCTV%20English.pdf
Collection and Use of Personal Data through the Internet – Points to Note for Data Users Targeting at Children (December 2015)
https://www.pcpd.org.hk/english/resources_centre/publications/files/guidance_children_e.pdf
Best Practice Guide for Mobile App Development (Revised in October 2015)
Guidance on the Use of Portable Storage Devices (Revised in July 2014)
https://www.pcpd.org.hk//english/resources_centre/publications/files/portable_storage_e.pdf
Guidance for Data Users on the Collection and Use of Personal Data through the Internet (Revised in April 2014)
https://www.pcpd.org.hk//english/resources_centre/publications/files/guidance_internet_e.pdf
Guidance on Personal Data Erasure and Anonymisation (Revised in April 2014)
https://www.pcpd.org.hk//english/resources_centre/publications/files/erasure_e.pdf
EU General Data Protection Regulation (GDPR)
https://www.pcpd.org.hk/english/data_privacy_law/eu/eu.html
PCPD - Information Technology
https://www.pcpd.org.hk/english/resources_centre/industry_specific/information_technology.html
PCPD – Banking & Finance
https://www.pcpd.org.hk/english/resources_centre/industry_specific/banking_finance.html
PCPD – Insurance
https://www.pcpd.org.hk/english/resources_centre/industry_specific/banking_finance.html
Hong Kong Monetary Authority (HKMA)
Reference control from HKMA:
General Principles for Technology Risk Management:
Cyber Security Risk Management:
https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2015/20150915e1.pdf
Enhanced Competency Framework on Cybersecurity:
https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2016/20161219e1.pdf
Cybersecurity Fortification Initiative
https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2016/20161221e1.pdf
Cyber Resilience Assessment Framework (C-RAF)
https://www.hkma.gov.hk/media/eng/doc/key-information/speeches/s20160518e2.pdf
Implementation of Cyber Resilience Assessment Framework
https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2018/20180612e1.pdf
Security controls for Internet trading services:
https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2017/20171027e1.pdf
Risk Management of E-banking:
HKMA Open API Framework:
https://www.hkma.gov.hk/media/eng/doc/key-information/press-release/2018/20180718e5a2.pdf
https://www.hkma.gov.hk/media/eng/doc/key-information/press-release/2018/20180718e5a1.pdf
Fintech Facilitation Office (FFO)
Mandatory Provident Fund Schemes Authority (MPFA)
List of MPF Guidelines:
Controls Relating to Security of Data
Guidelines on Notification of Events of Significant Nature (e.g. Major (Core) system change / upgrade, move to cloud…..)
Cybersecurity With growing concern over cybersecurity issues, we shared views with Hong Kong Monetary Authority (“HKMA”) and briefed trustees on the importance of cybersecurity risk management. We discussed with trustees international principles and guidelines on cybersecurity and the steps they should take to protect their technological assets and customer information against cybersecurity threats. We also reminded trustees to set cybersecurity strategies and urged them to conduct regular self-assessment and testing on cyber-resilience for withstanding and recovering from disruption caused by cyber attacks.
MPFA reference technology risk control from HKMA.
Good whitepaper for your reference:
IT Security Guidance:
AWS FSI Whitepapers – Good for cloud computing:
https://aws.amazon.com/events/fsi-hk-whitepapers/
PCI standard if you need to handle credit card:
https://www.pcisecuritystandards.org/
https://www.pcicomplianceguide.org/faq/
SFC strengthens internet trading regulatory controls
A Guide to Strong Risk Culture and Risk Management in the MPF Industry
Sunday, October 7, 2018
Buzzwords and Tech-Jargon – Some Tech (Disruptive Ideas) are going to changing the world
FinTech - Financial Technology
TechFin – Technology Finance
InsurTech - Insurance Technology
RegTech - Regulatory Technology
SupTech – Supervisory Technology
LegalTech – Legal Technology
ProTech – Property Technology
BuildTech – Building Technology
![Screenshot_20181007-013256[3269]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghhefC4c3vfIAGzm25onWq7FFyXXnHStt5n6jk-_nV0fJj2mzDWE2BPhWHtAti03CQIXBEAftNCW-iILeIwMT_LOjnmG3gDiUqit8NA9ziDHL260_ku7TLmyWYuIKqw6oUS_bBA7L4KtH8/?imgmax=800 "Screenshot_20181007-013256[3269]")
Thursday, October 4, 2018
Subscribe to:
Posts (Atom)