04-06 Contents: forensic computer evidence, ethics, passwords, euro archives, spreadsheet software, quiz, data analysis
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0406.htm [Previous] [Index] [Next]
|Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success|
IN THIS ISSUE
|1) Risk & Security
Gathering forensic computer evidence
Morality, Ethics, and Corporate Governance
Weak and Strong Passwords
|2) Emergent Design Seminars
June 1,15,29, Dublin, free to ICS members
3) Euro Archives DVD
Links to massive archive of legacy euro websites
EUSPRIG 2004 provisional programme
Free spreadsheet software and templates
Financial Literacy Quiz
Review of ActiveData: data analysis toolkit for Excel
|6) On the lighter side
Pagina quam tu quaeris abest.
|15 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information
What's most interesting item in this month's newsletter? Email me to vote for your favourite; or, reality-TV style, to vote out the least interesting!
Do me a favour - tell a news, business, or travel portal about my euro-based foreign exchange calculator!
Recently, the Dáil (Irish Parliament) had to pass a law to allow T.D.s (members of parliament) to examine child p0rn0gr@phy (sorry, I had to munge that to get past your email filters) in a case involving a judge who may be impeached. In case any readers are in the unhappy position of having to preserve evidence at a crime scene, here are some pointers. Basically, don't turn the equipment (PC, mobile phone, whatever) on if it's off, or off if it's on. Just don't touch it - call in the police.
http://csoonline.com/read/050104/forensics.html Eric Friedberg, executive vice president and general counsel for Stroz Friedberg, says "you can divide the world into two groups of people: those who have been through a lengthy cross-examination by a high-powered criminal defense attorney and those who haven't. Investigators with that experience always approach their work with a level of care and double-checking because they never again want to go through the experience of having their head ripped off in front of 12 people and a judge".
http://www.vnunet.com/News/1152379 Vital e-crime evidence often destroyed; National High Tech Crime Unit warns firms to leave computer forensics to the experts. By Iain Thomson, vnunet, 29 Jan 2004. "Companies that fall victim to computer crime may be inadvertently destroying evidence in their efforts to find the perpetrators. Detective Chief Superintendent Len Hynds, of the National High Tech Crime Unit (NHTCU)" "You only have one opportunity to collect the evidence you need to prove your case. Human resources send in well-meaning IT help desk staff who don't know what they are doing and ruin the evidence. You need a professional computer forensic team in there as soon as possible."
In the UK, the Association of chief Police Officers have produced this guide to "Good Practice for Electronic Evidence Gathering" http://www.nhtcu.org/ACPO%20Guide%20v3.0.pdf (432K PDF). It covers what to do at crime scenes; transportation; investigating personnel; evidence recovery; suggested questions for the victims; and a chart for Best Practice for the Seizure of Electronic Evidence.
In the USA, the DOJ produced "Electronic Crime Scene Investigation: A Guide for First Responders" http://www.ojp.usdoj.gov/nij/pubs-sum/187736.htm (874K PDF)
It contains chapters on Investigative Tools and Equipment; Securing, Evaluating, Documenting the Scene; Evidence Collection; Forensic Examination by Crime Category, and much more.
I've mentioned the recent AIB scandal in my blog www.sysmod.com/blog and a recent development has been the resignation of the Aer Lingus chairman who was with AIB at the time of the scandals. Last weekend, the head of Bank of Ireland resigned over access to an escort agency web site at work. The IT person who had to report finding that incident may have had some difficult moments. One may speculate as to whether the CEO would have resigned if the Sunday Business Post ( www.sbpost.ie ) had not got a tip-off and published the story. It may have been a tipping point as he had had other problems in managing the bank.
But I'd be far more impressed with the bank's ethics if he or other managers resigned as a result of improper sales practices. A neighbour of mine, in her late eighties, had a presentation from a BoI investment advisor (read: bank salesperson on commission). At a time of her life when a reliable income is most important, to pay for home help, that whippersnapper recommended that she cash some of her assets and live off them, and put most into a long-term risky equity investment policy. Fortunately, she was too sensible for that. And don't get me started on the young bucks who play with other people's money on the stock market, whose only aim is to generate revenue from churn rather than make money for the investor.
You know that passwords should have 8 characters or more, with mixed case and non-alphabetic characters. Most people don't try very hard and use "secret", or others in this list of common passwords: http://www.pclinuxonline.com/article.php?sid=8823
Here are a couple of alternative methods:
1) Think of a line from a favourite song, preferably not the first or most famous catchphrase line as that's getting too easy too. (See the Christmas songs at www.sysmod.com/praxis/prax0301.htm#lighter - the titles are too short) . Use the first, second, or last letters of each word, mix the case, and you can get a longish password.
2) Change some letters to numbers. O becomes 0, i becomes 1, l becomes ! (1,I, and l are hard to distinguish in fonts other than Courier, but fortunately passwords are just shown as asterisks), Z becomes 2, t becomes +, a becomes @, S becomes 5, B becomes 8, etc.
http://www.sysmod.com/eurocalc/eurocalc.php euro calculator
I have now updated the online calculator to show the currencies of the ten new accession state members, and the exchange rates for other world currencies. It is updated every day from the European Central Bank rates. I am pleased to say it has been syndicated to the European information portal EUBusiness.com (www.eubusiness.com/Currency-converter)
If you would like to feature this on your web site, just email me telling me the page you want it on and I'll explain to your web maintainer how to do it. In return, I ask that you retain my advertisement display and links to my site.
The 2004 conference is bigger than ever, reflecting the growing concern in industry and the public sector over risk from the uncontrolled use of spreadsheets. Not only is it extended to a day and a half, we are willing to put on introductory sessions at no extra charge on Wed 14 July if enough registrants express an interest.
www.eusprig.org/2004conf.htm Provisional programme outline
- A Paradigm for Spreadsheet Engineering Methodologies. Thomas A. Grossman[US], Özgür Özlük[US]
- A discussion of best practice. David Colver, Operis[UK]
- Testing spreadsheets: who, when, why and how. Louise Pryor[UK]
- Spreadsheet models complexity metrics. Andrej Bregar[SI]
- A Toolkit for Scalable Spreadsheet Visualization. Markus Clermont[IE]
- Computational Models of Spreadsheet-Development Basis for Educational Approaches. (Karin Hodnigg[AT], Markus Clermont [AT,IE], Roland T. Mittermeir[AT])
- A novel approach to formulae production and overconfidence measurement. S. Thorne[UK], Dr D. Ball[UK], P. Cleary[UK], Z. Lawson[UK]
- Using layout information for spreadsheet visualization. Sabine Hipfl[AT]
- An Analysis of Three Independent Methods of Error Discovery Amongst Fifty-Seven Similar Spreadsheets. Richard J. Irons[AU]
- End User Computer Applications – Auditability and Other Benefits Derived from a Temporal Dimension. Ralph Baxter, ClusterSeven[UK]
- TellTable Spreadsheet Audit Logs: from technical possibility to operating prototype. Andy Adler[CA], John Nash[CA], Neil Smith[CA]
- XlStruct: A Tool for Building Structured Error-Resistent Spreadsheets. Gary K. Arakaki[JP]
- Identification of logical errors through Monte Carlo simulation. Hilary L. Emmett[UK], Lawrence I. Goldman[US]
I have split up my long spreadsheet resources page www.sysmod.com/sslinks.htm because it was getting too big at over 100K. The following sections are now on a page www.sysmod.com/free-software.htm :
Spreadsheet application software for Windows and Linux
Useful spreadsheet templates for budgeting, planning, etc.
Our spreadsheet inventory / properties collection utility - SCANXLS
Excel VBA code examples, tools, freeware, shareware, commercial
Excel Tips, tricks, traps, bugs, bug fixes, user groups
Book list: Excel, Financial modelling, and related topics
I have also added a link to my article on Agile Spreadsheet Development.
ActiveData for Excel provides 100 advanced data manipulation and analysis within Excel 2000 or above for use by financial auditors and accountants. It is undergoing constant development, so check their web site for the latest features: www.informationactive.com
Just to be clear at the start: this is a tool for data analysis, not "spreadsheet auditing" in the sense of checking spreadsheet formulas for errors or structural integrity. I will be reviewing those too, in future issues of PraxIS. If you are interested in Spreadsheet Professional, SpACE, Exchecker, or similar testing products, and need an expert opinion now rather than later, contact me for some private consultancy on the best way of using these tools.
The easiest way to get to grips with the product is to run through their Getting Started Guide, which you get to from ActiveData > Help > Open Getting Started Guide. The Getting Started Guide provides you with feature walk-throughs using the supplied sample data workbook. This workbook is available using ActiveData > Workbook > Open ActiveData Sample Workbook.
ActiveData > Workbook menu
> Workbook Navigator provides a convenient dialogue to Copy, Un/Hide, Un/Protect, Rename, and Delete one or multiple selected sheets. This is similar to the add-in products I reviewed in PraxIS March 2004. It also keeps a history of all the workbooks you have used, far more than the 9 in Excel's most-recently-used (MRU) File list. By the way, if Excel is slow to exit, select ActiveData > Help > Options and set the maximum number of items for workbook history to 50 or less. Otherwise, AD may be spending a long time recording statistics on your last 256 workbooks!
> Global Workbook Find and Replace is a powerful command to change many workbooks in one go. You can search in cell values or formulas.
> Index Workbooks adds a sheet to a permanent file (adataindex.xls) with a list of workbooks and optionally the worksheets within. It is convenient for a snapshot of your spreadsheet directories.
> Revert is a "revert to saved" option that discards the last unsaved changes you made.
> Import allows you to import directory and file listings, and data from ODBC sources.
ActiveData > Sheets menu
Much of AD assumes that the data you are dealing with is structured as database tables in rows and columns with unique headings. If your data is not so organised, you will need to impose a regular structure to be able to use these features. The tool is really intended for data slice-and-dice, so check your work carefully if you apply it to cells containing formulas.
The features are: Merge Sheets, Match Sheets, Compare Sheet, Query Sheet by example or by formula, Split Sheet, Sort by up to 6 groups, Sample randomly, Index Sheets and View.
> Merge is like a database join operation. It creates a new sheet with columns combined from other sheets where rows are matched by some comparison operator. It adds a new column headed "Tags" where it places a + sign against unmatched rows.
> Match Sheets is similar to Merge but performs an extract operation. Both these two features are useful for finding mismatched data, such as invoices with salesperson codes that do not exist in the salesperson table.
> Compare Sheets compares two sheets with a common key and then generates totals and counts for selected columns.
> The Split Sheet By Group tool is used to take the current sheet and separate it into multiple sheets based on the values in a specified group or column. For example, you can create extracted sheets by salesperson or month.
> Index sheets creates a summary sheet with columns for SheetName, Type, Rows, Columns, Cells, UsedRange, Workbook Properties.
ActiveData > Rows menu
The Rows group provides you with over 20 functions that allow you to identify and tag data that you wish to manipulate, move or copy from sheet to sheet or delete. You can select rows by example, by formula, by format, by comparison criteria, or special cases such as even/odd/blanks
ActiveData > Columns menu
Columns can be reordered, created from calculations, and split in various ways. This is like the Excel Column Parse feature. Double-clicking a column header sorts by that column.
ActiveData > Cells menu
This has features to:
- fill cells with random, fixed or incremental values, characters, dates, or numbers;
- fill cells with items randomly chosen from selected ranges in existing worksheets;
- convert cells upper/lower case;
- remove spaces and non printing characters;
- convert to values, dates, numbers, text;
- format Selected Cells according to a template that you design;
- move a selection cell by cell, copy, paste, swap, extend or contract the selection.
ActiveData > Analysis menu
Provides features for Group Summary, Top/Bottom Items, Date Aging, Stratification by bands, Fuzzy match columns, Find Duplicates, Find Gaps, Descriptive Statistics, and Benford's analysis. The last is often used by auditors to detect fraud where amounts have been invented.
A right-click on a column of selected cells also shows quick stats.
In summary, this is a powerful collection of tools for data analysis and manipulation. A skilled Excel formula jockey with an intimate knowledge of VBA could achieve the same results, assuming that they know all these numerical techniques too. For people whose focus is on doing the analysis rather than juggling with advanced Excel features, here is that jock-in-a-box with a set of features that may have you looking at data in ways you didn't know you could.
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
If you like the newsletter, a great way to show your support is to make your next book or CD purchase from our Amazon shop page!
Thank you! Patrick O'Beirne, Editor
http://www.ibiblio.org/blah.html The infamous 404 error message - Page not found - in a variety of world languages and dialects including Latin!
Copyright 2004 Systems Modelling Limited,
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://groups.yahoo.com/group/EuroIS/
[Previous] [Index] [Next]