Meng-Chow Kang, PhD, CISSP, CISA

Director and CISO

APJC region, Cisco Systems, Inc

Based in Singapore, Meng-Chow has been a practicing information security professional for more than 20 years, including more than five years of permanent residency in China, and field experience spanning from technical to management in the various security and risk management roles in the Singapore government, major multi-nationals financial institutions, and security and technology providers. In his current role, Meng-Chow strategizes and manages Cisco’s global Extranet partners’ security, and ISO/IEC 27001 information security management systems (ISMS) certification programs, and regional intellectual property protection in the Asia Pacific, Greater China, and Japan regions.

Meng-Chow has been contributing to the development and adoption of international standards relating to information security since 1998, and initiated the formation of the Regional Asia Information Security Exchange (RAISE) Forum in 2004, which has since been serving as a platform for regional collaboration and contributing to international standards development in ISO and ITU-T. Meng-Chow was also the first Convener for the Security Controls and Services standards Working Group (WG 4) at ISO/IEC JTC 1/SC 27 supporting the implementation of the ISO/IEC 27001 standard for information security risk management from April 2006 to May 2012. In May 2012, Meng-Chow was appointed the Chairperson for a new ITSC Cloud Security Working Group, which successfully completed the development of a new Singapore Standards on “Multi-tiered Cloud Security”, published in October 2013 as SS 584.

In August 2005, Meng-Chow was presented the accolade “IT Evangelist of the Year 2005” by the Singapore National Infocomm Competency Council (NICC) in recognition of his work and contribution to the IT security community and standards arena. Meng-Chow was also the recipient of the “Distinguished Award” and “Distinguish Partner Award” from the Standards, Productivity and Innovation Board (SPRING Singapore) in September 2005, and August 2008, respectively, for his continuous efforts and leadership in shaping the IT security standardization landscape in Singapore. Meng-Chow’s contribution to the information security professionals development in the industry was further recognized in July 2010 by (ISC)2 with the presentation of the (ISC)2 President Award 2010.

Meng-Chow received his MSc degree in Information Security from the Royal Holloway and Bedford New College, University of London, and completed his PhD in Information Security Risk Management at the Southern Cross University, Australia. He has been a Certified Information Systems Security Professional (CISSP) since 1998, and Certified Information Security Auditor (CISA) since 1997.


January 6, 2015


Responsive Security in Action

4 min read

In 2013, our internal Information Security team carried out a series of controlled anti-phishing exercises. The purpose was to raise employees' awareness of potential spear phishing attacks through emails. Spear phishing has been a common first step for Advanced Persistent Threat (APT) attacks to gain access to a user's system before launching further attacks at internal targets. As such, if employees are vigilant against such attack patterns, we should effectively reduce the risk of successful APT attacks involving email phishing.

December 30, 2014


Getting More Responsive Security by Learning From Disaster Responses

5 min read

Editor’s Note: In the two previous blogs, we discussed some of the issues and dilemmas found within information security knowledge and practice domains. Those challenges arise fundamentally from the traditional approach that many organizations have adopted to address information security requirements. In this fourth installment, we look at how good preparation can improve security outcomes, […]

December 23, 2014


Issues and Dilemmas in Information Security Practices

5 min read

Editor’s note: In A Circular Problem in Current Information Security Principles, we highlighted one of the challenges in our knowledge domain that contributes to the ineffectiveness of today’s information security practices. In this third installment, we review the issues and dilemmas that are common in our practice environment. One of the challenges information security management teams […]

December 16, 2014


A Circular Problem in Current Information Security Principles

5 min read

Editor’s Note: In this second installment of the blog series on more responsive security, we take a closer look at the circular problems associated with four common security principles in managing “weak link” risks in Information Technology organizations. Before discussing what constitutes this responsive approach to security, let us first look at a few of […]

December 9, 2014


Understanding and Addressing the Challenges of Managing Information Security – A More Responsive Approach

2 min read

Just like bad weather conditions found in nature, such as typhoons, hurricanes, or snowstorms, technology system defects and vulnerabilities are inherent characteristics found in a cyber system environment. Regardless of whether it’s a fair comparison, weather changes are part of the natural environment that we have little direct control over, whereas the cyber environment is […]