Welcome

This Web site is constructed by using XML and XHTML. Many new Internet standards and technologies have also been used, that include CSS1/2, RDF, XSLT, XSL, XUL, MathML, WML, JavaScript, Java, etc. Friends and colleagues who are reading my pages will sometimes find it not displayed correctly. This is due to the compatibility problems of browser. Different browsers support different sets of W3C standards. Here is a summary to describe the different behaviour of the browsers.
If you can read this then you are the few most lucky people in the world

Best view on Netscape 7.x or Mozilla

Syndicate this page with RSS (XML), an RDF vocabulary used for site summaries. You can subscribe to in your favorite news aggregator to receive the latest news instantly.

Information Systems Security and Audit Control

For secure email and transmission, use my PGP Public Key

(My) Professional Certification :

• Certified Information Systems Security Professional (CISSP)
  International Information Systems Security Certification Consortium (ISC)2
• Certified Information Systems Auditor (CISA)
  Information Systems Audit and Control Association (ISACA)

Systems Architecture

We are using computer everyday. Information systems security affects all of us. Therefore, the systems must be based on humans but not solely technology. However, the IS security is always fragmented and technology based. There is no literature (in my knowledge) speak on the human-centric IS security. So I started to use the cognitive engineering techniques in constructing the IS security - mapping the TEN security domains. The results together with the technical information and type of attacks of the corresponding security domains are presented in the Security Architecture.

• Information System Security Resources Link
• Linux Security's Hacking Lexicon It is not a "jargon file"

Audit and Control

Control Objectives for Information and related Technology (CobIT) was originally based on Information Systems Audit and Control Foundation (ISACF)'s Control Objectives, has been enhanced with existing and emerging international technical, professional, regulatory and industry-specific standards. "Control" is adapted from the COSO Report (Internal Control - Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission, 1992) and "IT Control Objective" is adapted from the SAC Report (Systems Auditability and Control Control Report, The Institute of Internal Auditors Research Foundation, 1991 and 1994).

• IT Governance Management Guideline
• CobIT framework is grouped into four domains: planning and organization, acquisition and implementation, delivery and support, and montoring. There are total 34 high-level Control Objectives.
• Corresponding to each of the 34 high-level control objectives is an Audit Guideline to enable the review of IT processes against CobIT's 318 recommened detailed control objectives to provide management assurance and advice for improvement.

Projects

Internet Technologies Area

• Professional XML - The next generation Internet is powerful and important to us. It is not surprise to find that many companies and government bodies are using the new technologies to re-engine/build their businesses. Therefore , I have used some of these technologies to build my Web site too. Because many standards are evolving and complicated. So if you are new in this area then may be you would find this "soup" good to you.

• Mapped the status of Hong Kong's Internet development to the Next Generation Internet I find that Hong Kong is inactive in partnering / joining alliance. We are also lack of project initiatives and applications development, like e-Learning. If Hong Kong's role as an "middle-man" between the West and China. Then in the Internet Age we may focus on middleware development, maintaining a platform / environment for data transactions and information interchange. Along with the physical goods that are moving, there are huge amount of information / records moving too. In this case, Hong Kong's identity should become an electronic-middleman, or "e-middleman".

  Reading the Next Generation Internet, you would see the roles and importance of the information systems security, distributed computing, objects environment, XML, and advanced networking.

• Semantic Web - : The Semantic Web is the abstract representation of data on the World Wide Web, based on the RDF standards and other standards to be defined. It is being developed by the W3C, in collaboration with a large number of researchers and industrial partners. Semantic Web is one of the W3C's long term goals for the Web. The other two are Universal Access and Web of Trust.

  Technologies /Standards: RDF, XML, XHTML, XSLT, Web Services Description Language (WSDL), SOAP (XML Protocol), etc.

• The W3C Team groups the related activities into four "domains":
  • Architecture
  • Interaction
  • Technology and Society
  • Web Accessibility Initiative

  Starting in 2003, Document Formats is merged into the Interaction Domain. The Internationalization Activity and work on XSL and XSLT move to Architecture. The Technology and Society and the Web Accessibility Initiative Domains are unchanged.

  I have touched the first three domains except the Web Accessibility Initiative domain. Details of W3C Activities

• Distributed computing environment, Peer-to-Peer, COMING ...
• Projects

Index

The new Web technology is about infrastructures, systems, standards, tools, and applications. It is not an easy task to understand all! But after you do so you would see a bright future of tomorrow's promise land. Visitors of my site would notice that some of these technologies have been used in building my Web. If you are also interested in the future Internet development. Then I have composed this top-down "How to Read" index for you.

Strategy & Management

• Strategy and Management
• Knowledge Management
  Apple may not be the most innovative personal computer company but without them the computer industry will be very boring. This is specially true in the 2002 as we experience a global economy downturn. In a detail analysis of Apple strategy and movement (will become part of MSc final year project), we shall learn something about innovation in computer industry, how it interact with the open source movement, and the organizational transform of developing e-business. Looking at Hong Kong, while our government is promoting innovative industry and knowledge-base society, I don't see any policy focusing on the core issues. On this I would be happy to see you share your opinions with me.

Pure Science

Physics

• Classical Mechanics
• Optics
• Thermodynamics
• Quantum Mechanics
  • Postulates of Quantum Mechanics
  • Quantum Time and Space
  • Quantum Computation is the study of information processing processes of quantum mechanical systems. Small quantum computers (QC), capable of doing dozens of operations on a few qubits represent the state of art in quantum computation. There are also experimental prototypes for doing quantum cryptography.

Mathematics

• Mathematical Study of Severe Acute Respiratory Syndrome (SARS) in HK
• Probability Distributions - Both Monte Carlo (static) simulation and distribution driven (input events are generated by a stochastic function) simulation rely on sequences of random numbers to drive the simulators.
• Group Theory
• Number Theory
  • Chinese Reminder Theorem

Collections

• Projects
• Mathematical Study of Severe Acute Respiratory Syndrome (SARS) in HK
• Internet Strategies, E-Commerce & Information Systems Security and Audit
• Shareware - Peer-to-Peer, Human Machine Interface.
• UNIX and UNIX variants
• Art
• Traditional Photography
• Digital Photography
  Animation and Still Pictures
• I Ching
• Chinese Poetry
• IQ Test - Logic
• Books, CDs, and DVDs page has been set up for both Web and WAP browsing. I do this for my convenience to search / edit my collection by mobile phone when needed (in the book/CD/DVD shops around the world). The wired WAP/3G phone provides you unlimited access of information.