PraxIS December 2003                    ISSN 1649-2374

03-12 Contents: Spreadsheet Risks call for papers, Security Awareness, e-Voting, Privacy & Spam Directive, Software Testing, UK Euro Preparations 7th report

This issue online at

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success


1) Risk management
  EuSpRIG 2004 Call for Papers
  Spreadsheet risk stories
  Security awareness resources 
  Electronic Voting risks

2) Internet issues
    Privacy and Electronic Communications EC Directive  

3) Software Quality
   Lee Copeland & David Parnas To Address Irish Software Testers

4) The Euro and the UK
   UK Treasury's seventh report on euro preparations  

5) On the lighter side
   Virtual Economy - Story Games   

11 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information



Please let me know what you think of this newsletter - I'm always interested in receiving your comments! Thanks for reading,

Patrick O'Beirne



1) Risk management - security

EuSpRIG 2004 Call for Papers

Theme: Risk Reduction in End User Computing
Best practice for spreadsheet users in the new Europe

Thursday July 15th - Friday July 16th 2004
Klagenfurt University, Klagenfurt, AUSTRIA

EuSpRIG is issuing a Call for Papers for the 2004 conference on Spreadsheet Risks, Development and Audit Methods. The theme is "Risk Reduction in End User Computing". The programme will concentrate on:
· raising the profile of the risks associated with spreadsheet use,
· the management and reduction of the risks associated with spreadsheet use,
· spreadsheet development methods,
· audit tools and methods,
· productivity enhancement,
· learning from alternative solutions and related approaches.

We are seeking the following types of submission:
· full academic papers (up to 5000 words),
· management summaries (up to 2000 words).

Important Dates
- Submit abstract to <programme at eusprig dot org> by 15th January, 2004.
- Submit full paper / management summary by 1st March, 2004
- Acceptance notification is to be received by 31st March, 2004.

Submission Details
For submission instructions, details of formatting, handling of illustrations etc. download guidelines from 

Spreadsheet risk stories

There are now so many of these - 23 at the last count - that I had to move them to a special web page on the European Spreadsheet Risks Interest Group web site, at   That page has a link to which can send you an email notification whenever more stories are added to the page.


Security awareness resources
Includes links to the most useful newsletters, mailing lists, advisories, groups, etc.

Seen on :
UK Government and FSA material, free. A large number of templates, checklists and methodologies for big and small organisations
US government site with free security awareness training and educational material and contingency planning.


Electronic Voting risks

There are just so many stories about these. A remarkable compilation of articles on risks in e-voting technology is at the RISKS-LIST: Risks-Forum Digest. For example, the last two weeks had:
14 November 2003 Volume 23 : Issue 03

Astonishing electronic voting "glitch" (Steve Summit)
The computer is ALWAYS right (Charles Lamb)
Re: California halts e-vote certification (David E. Ross)
More on Diebold installing uncertified software in California (PGN)
Re: A new risk for electronic voting (Steven M. Bellovin)
Report raises more questions about voting machines (EPIC)
28 November 2003 Volume 23 : Issue 04

California to require voting machine receipts and stricter auditing (Steve Bellovin)
E-Votes must leave a voter-verified paper audit trail (PGN)
Diebold ATMs hit by Nachi worm (Steve Summit)
Proposed reason for electronic voting mess (John Bechtel)
Re: Astonishing electronic voting "glitch" (Martin Ward)


2) Internet

BASDA have published an article on the most recent legislation relevant to businesses considering the commercial/trading implications of Data Protection legislation. The Privacy and Electronic Communications (EC Directive) Regulations 2003 have updated data protection legislation to keep track with changes in technology and the conduct of e-commerce and marketing. Here is an extract:

"Enforcement of the Regulations (by the Information Commissioner) is by way of imposing fines of up to £5,000 per offence if the matter goes before a Magistrates Court, or an UNLIMITED fine where the case is heard before a jury. Noteworthy: personal liability may attach to company directors, managers or company secretaries where they knowingly or negligently commit an offence under the Regulations. There is also a facility for aggrieved data subjects to bring compensation claims for losses or damage suffered from the contravention of regulations. The onus is on businesses to ensure they have systems in place to monitor and control the collection of personal data in compliance with the Regulations.

The article on our web-site:  from Clarks Solicitors, sets out to summarise the main issues touched on by the Regulations.

For example: Opt-In / Opt-Out

Previously, Data Protection legislation has required that recipients of marketing by electronic communications should be given the opportunity to refuse such marketing communications. It was widely held to be acceptable to provide the recipient with an "OPT OUT" box to tick if they did not wish to continue to receive similar marketing correspondence electronically. The Regulations have changed this to an "OPT IN" requirement with the express consent of recipients of marketing communications sent electronically to be sought BEFORE any such communications are sent (or received). The Regulations apply to electronic communications sent by fax, SMS and email ("spam"). "



3) Software quality

Lee Copeland & David Parnas To Address Irish Software Testers

SoftTest Ireland Mini - Conference in The Holiday Inn, Pearse St., Dublin on Monday, 8th Dec 2003 from 14.00 to 17.30hrs. Speakers for the event include Lee Copeland, SQE, USA and David Parnas, University of Limerick. Registration opens at 13.30hrs and the event will be followed by a drinks and networking reception! The event is FREE to members of SoftTest Ireland and €50 for non-members. You do not need to pre-register for this event.

Documentation Based Software Testing, David Parnas, University Of Limerick

Testing is sometimes viewed as an "add on" step in software development - something you do to demonstrate that the product is ready for use. Test planning is often postponed until the development is near its end. This results in incomplete testing, ambiguous test results, and the release of products of doubtful quality.

After reviewing fundamental software testing issues, we describe a document-driven testing approach in which test plans and test result evaluation are done with the aid of documentation prepared throughout
the design process. The policies about testing, and response to test results are determined in advance and high quality standards can be enforced on a project.

The Banana Principle For Testers: Knowing When To Stop Testing, Lee Copeland, SQE

A little boy comes home from school and his mother asks, What did you learn in school today? The boy responds, Today we learned how to spell banana but we didn t learn when to stop. As testers we face that same problem. We know how to do effective testing. But how do we know when to stop? How do we know we have done enough testing?

In this presentation, Lee discusses the five most common stopping criteria - (1) testing has met previously defined coverage goals, (2) the defect discovery rate drops below a previously defined threshold, (3) the marginal cost of finding the next defect exceeds the expected loss from that defect, (4) the project team reaches consensus on product release, and (5) the boss says Ship It!

In addition, Lee analyzes the advantages and disadvantages of each of these criteria. Join Lee for a discussion of this vital, but often ignored, part of the testing process.  

_______________________________________________________ _______________________________________________________

4) The Euro and the UK

Progress to the euro in the UK appears to be glacial. And the disputes about the Stability and Growth pact seem to be putting a decision off until 2015. ( See the European Finance Service of )

Nonetheless, HM Treasury’s Euro Preparations Unit has put out its seventh report: 
Seventh report on euro preparations, November 2003 (“EPR7”).
Foreword by the Financial Secretary to the Treasury, Ruth Kelly, MP v
Chapter 1 Executive summary 1
Chapter 2 Update on euro preparations 7
Chapter 3 Reports from new preparations committees 11
Chapter 4 Public and voluntary sector preparations 19
Chapter 5 Private sector preparations 29
Chapter 6 Wholesale financial markets 37
Chapter 7 Communication and consumer protection 45
Chapter 8 Forward work programme 49
Annex A Euro preparations committees 51
Annex B Other useful publications 55
Annex C List of technical terms and abbreviations 57


_______________________________________________________ _______________________________________________________


Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) On the lighter side

Virtual Economy - Story Games
The author, Jocelyn Paine, was involved in a project to create a game incorporating a model of the UK economy for the BBC website. His article draws on The Matrix, Truman Capote (rather than The Truman Show), the Swann-song "There's a Hole in My Budget", Greek myths, a program that generates plots for science fiction stories and a program called Nonsense that generates parodies of Slashdot and other well-known Websites from templates describing their format and random-choice rules for their content.



Christmas presents from Amazon



Copyright 2003 Systems Modelling Limited, . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to 
EuroIS-subscribe (at) yahoogroups (dot) com
- it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor

"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".


To read previous issues of this newsletter please visit our web site at


This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.

Copyright (c) SML 2003

Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!


We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website