05-03 Contents: Data Quality, UK ITSafe, Risks reports,EU Constitution, Cyberlaw, Spreadsheet auditor course, Numerical diversion
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0503.htm [Previous] [Index] [Next]
|Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success|
IN THIS ISSUE
|1) Risk & Security
New Information Quality Special Interest Network Launched
UK Public Virus Alert web site launched
Wanna be president of Microsoft?
The Weakest Link
|2) Web researching
Test their Y!Q
EU Constitution newsletter
Cyberlaw: EU Law on Spam
Course on auditing spreadsheets, Salford, May 17-18
|5) Off Topic
Philology and Numerology
|16 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information
For readers in the UK, please forward the news item about the spreadsheet auditing course that Ray Butler and I shall be giving in Salford on May 17-18, to your contacts who are auditors, risk managers, and EUC training managers.
The Irish Computer Society (ICS) has teamed up with the Irish members of the International Association for Information and Data Quality (IAIDQ) to form a new ICS Special Interest Network. The Information Quality Network (IQ Network) is for IT professionals responsible for the operation or development of the systems that process and store business data, and for business professionals concerned about the impact of poor quality data on their processes and costs.
To find out more about the IAIDQ, check out www.iaidq.org.
http://sysmod.com/az.php?a=0596006616&b=Snort+and+IDS by Kerry Cox/Christopher Gerg, 2004, on network sniffing and intrusion detection. Robert Slade's review at http://victoria.tc.ca/int-grps/books/techrev/bkmswsit.rvw describes it as a set of useful explanations for the use and operation of the standard intrusion detection program.
The UK government set up a Virus Alert site ITSafe on Feb 23 to warn home and small business users of PC viruses, mobile phone vulnerabilities and so on. It is expected to issue between six and ten alerts a year, concentrating on the most major problems. It will not provide patches, but will point the user to where the patches can be downloaded. It is also made clear that the site is not a substitute for proper AV and Firewall provision.
http://www.itsafe.gov.uk/glossary/itsafeword.html definition: A security feature used on the ITsafe website to help reduce the risk of someone spoofing our e-mails. When you sign up to our e-mail service you are asked to type in an ITsafe Word [...] All e-mails we send to you will use this word in the 'subject' line. In e-mail programs this is normally displayed just above the e-mail content. You can quickly check that the e-mail has come from us as someone else would not know your ITsafe Word."
A comment in the Risks Digest http://catless.ncl.ac.uk/Risks/23.77.html : "Until you forward the e-mail, forgetting to remove the word (not that it mentions that people *should* do this on forwarding etc). Or post it to USENET, or..."
Geoff Kuenning posted this to the same issue of Risks digest:
"If you go to https://businessfilings.ss.ca.gov you can type in the name of any corporation registered in California and be presented with the corporate-info form. If you type "Microsoft", you'll get several with MS in the name, including one that's located at One Microsoft Way, Redmond, WA. Keep clicking and you can fill out the form with "corrected" information. It costs a $25 filing fee, which can be paid with a credit card. They also collect an e-mail address, though I don't know why. So if you have a stolen credit card and a throwaway e-mail address (e.g., at mailinator.com or just good ol' hotmail), you can change Microsoft's information."
Elias Levy (Symantec) noted a cute illustration of the weakest link in a would-be security system: http://www.syslog.com/~jwilson/pics-i-like/kurios119.jpg
Y!Q maintains an automatic lookup of items relevant to whatever you're looking at in your browser. For example, if you go to http://test.news.yahoo.com, you'll see "Search Related Info" links. Click on those to get a new semitransparent window with Yahoo search results related to the item you've clicked on.
This is not just another IE toolbar. You can get it for Firefox or embed it into your Web page with some control over content.
The Federal Trust monthly newsletter will monitor the debate, events and developments surrounding the ratification process for the EU Constitution in all 25 member states. It will offer a particular UK perspective of this process and provide a forum for differing views on the debate. Back issues are available at www.fedtrust.co.uk/constitution_newsletter
www.fedtrust.co.uk/admin/uploads/News_Mar_05.pdf The March edition notes:
"The EU Commissioners have discovered a new way to reach the public: blogs. Margot Wallström, the Swedish Communication Commissioner, has got her own personal blog, in which she describes her work and comments on life in Brussels": http://weblog.jrc.cec.eu.int/page/wallstrom
Those interested in deeper legal discussion now have a listserv list as a forum for academic discussion of cyberlaw and internet law issues, from a European perspective. Contributions can include networking (announcements of conferences, calls for papers etc), requests for information, notes about recent developments, and discussion of any aspect of the subject. To join the list, or to see the list archives, either contact the list owner direct (s.hedley at ucc.ie) or visit https://listserv.heanet.ie/cyberlaw.html
A recent sample is "Regulating Spam: Directive 2002/58 and Beyond" by Lodewijk F. Asscher (May 2004) http://ssrn.com/abstract=607183 "This paper analyses the legal framework regulating unsolicited commercial communications or spam in the European Union. Our focus is on the Directive on privacy and electronic communications of July 12, 2002 (the E-Privacy Directive), as this directive has introduced new rules on the regulation of spam. "
http://www.isaca.org.uk/northern/formal_training.htm ISACA course at Salford University, 17-18 MAY 2005.
Spreadsheet models are widely used to inform vital business decisions and processes, and are known to be about the most error-prone and high-risk applications in any business. Despite the risks, they are often not tested, or are tested around, leaving businesses exposed to error (and potentially in breach of regulatory and legal requirements) Testing can be an enormous sink of time and effort, much of it tediously repetitive for the auditor or reviewer, and as a result errors can easily be overlooked. If it is contracted out to any of the excellent specialist service companies in the field, it can be expensive and open-ended.
ISACA Northern England presents a two-day course in auditing spreadsheet models led by two leading experts in the field - Ray Butler and Patrick O'Beirne. Over two days, you will learn by a combination of lectures and practical hands on work:
You will gain this experience by working through the risk assessment and audit of a live spreadsheet model of your choice from your business. You should leave the seminar with the confidence to use the tools / methods shown to risk-assess and test further spreadsheets in your organisation. If you do not wish to bring one of your own spreadsheets, a large practice spreadsheet will be available You will be supplied with full documentation, a guide to risk assessment, and working (but time limited) copies of two leading spreadsheet auditing tools, SpACE and ExChecker for evaluation.
My useful workbook to collect inventory data on spreadsheet files & links is being expanded to give multiple levels of links.
Professional Excel Development: The Definitive Guide to Developing Applications Using Microsoft Excel and VBA. By Stephen Bullen, Rob Bovey, John Green. Paperback 800 pages (March 31, 2005)
More Excel books are at http://www.sysmod.com/spreads.htm#Books
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
Those interested in language and numbers should check out these sites:
http://www.zompist.com/numbers.shtml The numbers 1 to 10 in 5000 world languages
http://www.turbulence.org/Works/nums/ The Secret Lives of numbers. An interactive Java applet histogram exploring the relative popularity and cultural associations of every integer between 0 and one million. Why is 800 popular, for example?
Copyright 2005 Systems Modelling Limited,
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/