-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
Great post Annamarie, database system can easily become an attractive target for hackers because it stored a lot of business data including business competencies and client’s privacy and credit card information so we need proper controls and security to mitigate DBMS risks.
Mitigating controls for a DBMS could be:
– Managing user access r…[Read more] -
Yu Ming Keung commented on the post, Week 3 Questions, on the site 7 years, 12 months ago
Hi Priya,
I think you brought up a really good real-life point that frequent updates can sometimes affect data’s discrepancies. This also happened to the companies I currently worked for. When I accessed to the database, I was often recommended to update the database management system, but the update might cause data discrepancies. There is a…[Read more]
-
Yu Ming Keung commented on the post, Week 3 Questions, on the site 7 years, 12 months ago
Hi Paul,
I agree with you. People, technology and process are the three elements for a successful IT operation within an organization but people are often the weakest link in security because most people are unsophisticated. Many organizations invested heavily on monitoring, surveillance and anti-malware software. However, its employees often…[Read more]
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
Key benefits of relational databases vs traditional file system?
One of the key benefits of relational databases is that it allows flexible access to data by creating different queries or tables whereas a file system only allows predetermined access to data.
Relational database system is designed to coordinate multiple users accessing the…[Read more]
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
Question 3: List risks associated with database management systems (DBMS)
– Excessive and Unused Privileges
– Malware
– Storage Media Exposure
– Database injection attacks
– Unmanaged sensitive data
– The human factorTo mitigate the risks associated with database management systems (DBMS), an organization can do the following:
-…[Read more] -
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
What are key characters of relational database management systems?
“Database management systems (DBMS) maintain data records and their relationships, or indexes, in tables. Relationships can be created and maintained across and among the data and tables.”
One of the unique characteristics of a relational database is its primary key, whi…[Read more]
-
Yu Ming Keung commented on the post, Week 3 Questions, on the site 7 years, 12 months ago
This answer is for Q4. Sorry.
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
I believe the step of P2p process most vulnerable to theft, fraud or failure happens when processing the invoice or payment and selecting vendors.
I believe almost everyone has the experience where you write a wrong check or invoice. It is very easy to modify the vendor payment information or manipulate the clients name, address on voucher /…[Read more]
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
3 Have you ever:
– Been victim of Fraud?
– Had evidence of, suspicions of fraud occurring?
– Been pressured (e.g. by an employer) to commit an act that was morally or legally questionable?
ExplainI have been a victim of debit card fraud last week with my card being used three times without my authorization in another state, Bingh…[Read more]
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
2 In class we discussed several dimensions of Management Assertions. Which do you believe is the most important? Why?
It is actually difficult to determine which management assertion is the most important one as each assertion functions differently. If any of them is missing, the auditor’s opinion won’t be trustworthy at all.
I would choos…[Read more]
-
Yu Ming Keung posted a new activity comment 7 years, 12 months ago
1 The concept of ‘Assertions’ is important to accountants. Who else is it important to? Why?
Besides accountants, management’s assertions are also very important to auditors. When it comes to the audit of a company’s financial statement, where the auditors rely on management’s assertions regarding the business, the auditors test the validit…[Read more]
-
Yu Ming Keung wrote a new post on the site Yu Ming Keung 8 years ago
Yu Ming Keung
Degree: Master of Science in IT Auditing and Cyber Security
Graduation: August 2017
Specialization: Information Technology Auditing
My name is Yu Ming Keung […]
-
Yu Ming Keung created the site Yu Ming Keung 8 years ago
-
Yu Ming Keung's profile was updated 8 years ago
-
Yu Ming Keung posted a new activity comment 8 years ago
The article talks about the important nature of data is driving laws and regulations, and security controls. Business enterprise spectrum is now faced with the challenge of how to classify data.
To implement an effective data management program
¥ Improving enterprise awareness around the importance of data classification
¥ Abandoning o…[Read more] -
Yu Ming Keung commented on the post, Week 2 Questions, on the site 8 years ago
I just recalled professor said in the class that IT auditors will only report to the executives on “what objectives need to be achieved”, and they are not responsible for answering “how the objectives has to be achieved”. That answers why COBIT is widely used by technology risk management and IT auditors. Thanks for the clarification.
-
Yu Ming Keung posted a new activity comment 8 years ago
Deepali, you provided clear explanations and examples on the security categorization.
I just want to add the potential impact definitions for each security objective—confidentiality, integrity, and availability and I believe it helps us learn the FIPS security categorizations in detail.
Security Objectives:
Confidentiality
Preserving a…[Read more] -
Yu Ming Keung posted a new activity comment 8 years ago
I agree with you all. I think that any control in an organization is really important and they support each other with no doubt. Without detective control, preventive controls won’t be as efficient because you have no clue about what to prevent from the harmful causes.
Binu,
I agree with you. However, you mentioned an organization should…[Read more] -
Yu Ming Keung commented on the post, Week 2 Questions, on the site 8 years ago
I agree with you Yulun, and I especially like how you compare COBIT and ITIL in three ways.
Both frameworks have different perspective but actually they are complementary. By implementing both framework, the organization can maximize its IT controls, solve business problems and support business goal achievement. -
Yu Ming Keung commented on the post, Week 2 Questions, on the site 8 years ago
It is my first time learning about the RACI chart and I believe it is a great tool to clearly identify roles and responsibilities during an audit. Actually, many organizations use it proactively when developing processes or project plans. I also learned that another benefit of RACI chart is to accelerate delivery by avoiding unnecessary…[Read more]
- Load More