Yu Ming Keung

  • Really interesting post, Sarush, I am not an Instagram user but I’m surprised that it took them so long to add that valuable security feature to protect the users. Two-facter authentication is effective to deter hackers because hackers would spend time to hack an account when they know a secondary token is going to be needed. However, at the same…[Read more]

  • Talking about the use of Big data in cybersecurity, it can help the government setting with a number of high-profile use case examples, how the internet-of-things(IoT) is taking a firm hold in helping government […]

    • To add to your post Yu Ming, these days big data techniques used to mine databases are being adopted by the military to glean more information from many different types of data it collects—from drones, automated cybersecurity systems, terrorist databases and many other sources which is helpful in performing military operations and hence is becoming a useful technology.


    The biological national security is facing a dramatic issue and it may be ripped from the page because American pharmaceutical companies and the health-care sector are not doing enough to secure biological […]

  • According to the Symantec research, it showed that many workers are not aware of the security risks associated with using their own devices for business. This can expose IT and indeed the whole business to risks. […]

  • Very interesting article Ming, Trade-based money laundering is one of the most sophisticated methods of cleaning dirty money. Since you mentioned about invoicing for goods and services. Multiple invoicing is one of the most common method of TBML, which allows money launderers to receive multiple payments for the same product. I think ACL is one of…[Read more]

  • Detecting the Undetectable
    This week, I read this article “Detecting the Undetectable” from Info-security magazine. Since modern breaches mostly involve a mix of chameleonic deception and clever automation, ena […]

    • I like your article Yu Ming. In light of the fact that attacks are increasingly evolved and sophisticated, the reality is there is no longer a one size fits all approach to security. To defend against the modern cyber threat, organizations need a multiple-faced approach, and not to fall into the trap of implementing one measure. Those automated antivirus software or controls can easily be bypassed, which means that we need to think about defence-in-depth and monitoring-in-depth strategies to detect the undetectable.

  • Bringing in millennials to the work place is beneficial for the organization because they can bring in new ideas in an advanced technology perspective. Embracing IT allow businesses to grow and expand much faster. Organizations who accelerate the integration of technology into workplace will enable workers to harness technology in way that allows…[Read more]

  • Hey Laly, I strongly agree with you that millennials have a much deeper knowledge of digital information than the prior generations. And I believe that Audit and Assurance professions will be benefited by millennials from a technology perspective. Millennials never underestimate the willingness to embrace new technologies because they have grown…[Read more]

  • Hey Lezile, I agree with you that both issues go hand in hand. In today’s environment, business can’t ignore the impact of technology because information technology is a vital components to a company’s operations and growth. For example, many companies have already embracing the IT innovation like launching their phone applications, resul…[Read more]

  • Hey Mustafa, I like how you stated that auditors focus more on documents and are likely to create more findings that are not important. It is a good point and I never thought of that. You are right, “Less is More” and that “more” doesn’t always add value to the organisations/auditee. That kind of auditors works so hard but they don’t know what the…[Read more]

  • Hey Alex, good post, I strongly agree with you that faker is the worst type of auditor. If they issue wrong opinions to the auditee, They can cause the most catastrophic damage to a business. There is a lot of sources available like COBIT 5, NIST for the auditor to refer to. A responsible auditor are meant to be reliable all the times!

  • I read an article in regards to a new concept “Fast Data” instead of Big data. Data is growing at a fast rate where each person will create roughly 1.7 megabytes of new data per second by 2020. With that being sai […]

    • Yu Ming, when it comes to fast data, it is important to capture the value in it properly. In fact, the best way to capture the value of incoming data is to react to it the instant it arrives. If businesses are processing incoming data in batches, they’ve already lost time and, thus, the value of that data. To process data arriving at tens of thousands to millions of events per second, they will need two technologies: First, a streaming system capable of delivering events as fast as they come in; and second, a data store capable of processing each item as fast as it arrives.

  • Thanks for shaving your takeaway from anthem breach. This article reminds me that 2 years ago, my friend got a fake email from PayPal saying that “sign up for this and you will get 5$ credit in your PayPal account. He did that and he told me to do so but I refused. He ended up didn’t get the five dollars and he contacted PayPal customer service.…[Read more]

  • Good post Alex, I totally agree with your statement that “companies should not see data as the responsibility of IT only.” Data itself means nothing before data becomes information after it has been processed to add context, relevance and purpose in business. The ability to analyze and act on data is increasingly important to businesses.

  • I read an article of EY regarding using data analytic in fraud detection. Since we have learned that ACL/Data analytics can be one of the tools for auditors to detect fraud in our previous classes. Fraud is […]

  • Yu Ming Keung posted a new activity comment 1 month, 3 weeks ago

    In my opinion, nobody is perfect and nobody knows everything, including auditors. I would consider “the faker” would be the worst type from the standpoint of an auditee. We have been taught that we cannot say “I do not know” when we are asked to provide an answer or opinion. If we do, the auditee may think the auditor is unprofessional. However…[Read more]

  • Yu Ming Keung posted a new activity comment 1 month, 3 weeks ago

    In my opinion, there is no conflict between depth of knowledge in technology, or its impact on the enterprise. They are both important at the same level because they support each other. With that said, depth of knowledge in technology can cause either good/bad impact on the enterprise. And impact on the enterprise can motivate people to obtain…[Read more]

  • My name is Yu Ming(Marco) Keung. I am a full time graduate student in the IT Auditing track in my second semester. I am from Hong Kong and I have been studying in the U.S for 5 years. I am expecting to graduate in […]

  • Yu Ming Keung posted a new activity comment 3 months, 2 weeks ago

    I totally agree with you. Risk assessments are very useful to determine what controls need to be determined and what controls need to be automated or manual. I think it is better for organizations to controls the risk assessments every 1/2 year to look for new risks and controls the company might need to consider to add. Either way, organizations…[Read more]

  • Yu Ming Keung posted a new activity comment 3 months, 2 weeks ago

    Great post, Alex. As auditors, we need to use our own judgement when we are undergoing any special situation, which means we have to remain objective throughout the audit process. If we fails to remain objective based on our integrity, the results of the audit would be skewed and therefore our opinions of the result of the audit will not represent…[Read more]

  • Load More
Skip to toolbar