PraxIS March 2006

_______________________________________________________

Welcome to PraxIS

As you would expect, avian influenza is appearing on our agenda.

My request for feedback this month is to please let me have your suggestions for supplementary material for the support web site of 'Spreadsheet Check and Control'

Thank you!

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

90% of mail sent to sysmod.com is spam

Last month I discussed a mail filtering practice called greylisting. I asked my hosting company, Blacknight Solutions, about the proportion of mail that gets caught in their spam filters. Michele Neylon replied that my site gets heavily besieged by dictionary attacks, where mail is sent to thousands of possible addresses in the hope that some get through. "76% of SMTP connections were to send to non-existent users, so we dropped them".  And of the mail that got through, 41% was rejected as spam by the filters. Also, 6% was virus infected. So that means that only about 10% of the email sent to sysmod.com is genuine.

Ironically, my own site was hijacked at a weekend by spammers to spread their garbage. I've taken the PHP script email contact forms off my site until I secure the code. They were hit 500 times by the hijack described in  http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay

Metadata - electronic fingerprints

http://www.gcn.com/print/25_4/38253-1.html Government Computer News "Without a trace"

Late last year, the New York Times pried open a Word document of a presidential speech and discovered that the originator of the White House document (and by extension of the speech itself) was not among Bush’s usual cadre of speechwriters. He was a special adviser with an expertise in swaying public opinion. Oops. Still, this was not in the same league as http://www.computerbytesman.com/privacy/blair.htm Richard M. Smith's analysis (June 2003) of Tony Blair’s Iraq Dossier.

Last December, the National Security Agency released guidance on how to clean up your documents before sending them out to the world.

http://www.fas.org/sgp/othergov/dod/nsa-redact.pdf "Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF" 13 Dec 2005, Federation of American Scientists.

Change tracking, for instance, creates a lot of potentially hidden data. A fundamentally useful idea, change tracking allows documents, as they get passed around the office, to keep track of which user made which changes. Ronald Hackett, program manager for SRS Technologies of Huntsville, Ala, described a quirk of the Microsoft Windows/Office environment where Microsoft Outlook, Microsoft’s e-mail client, surreptitiously starts the change tracking in a document, even when the user hasn’t turned on the feature. The upshot is when you e-mail a PowerPoint presentation, Excel spreadsheet or Word document to another party, the change tracking is automatically on and, as the file makes it rounds, you know who works on it. To turn off this feature in Outlook, go to Tools>Options>Preferences>E-Mail Options>Advanced E-mail Options and unclick the box next to “Add properties to attachments to enable Reply with Changes.”

http://workshare.com/products/trace/default.aspx Trace from Workshare is a free tool to alert you to metadata in your documents.

Data Protection: guidance for (non-IT) professionals

http://www.out-law.com/page-6684

Data protection advice for professionals published OUT-LAW News, 28/02/2006

http://www.ico.gov.uk/cms/DocumentUploads/Opinions_GNP_28_Feb_06_V2.pdf

The Information Commissioner’s Office has published a good practice note to help professionals, including teachers, social workers and doctors, understand how best to comply with the Data Protection Act when recording professional opinions. The opinion should be accurate and up to date. It cannot be challenged for inaccuracy under the Data Protection Act simply because it is different to an opinion held by someone else, but factual information contained within it can be challenged.

Guidance for Small Business on Fraud threat

http://www.fraudadvisorypanel.org/newsite/Publications/Publications_advice.htm "Cybercrime - what every SME should know" by the Fraud Advisory Panel. 92K PDF, 20 pages.

Book: "Information Security: Principles and Practice", Mark Stamp (390pp, Wiley, 2006)

http://sysmod.com/az.php?a=0471738484&b=Information+Security+Principles+and+Practice

Rob Slade comments "While not a complete coverage of security, this book has some excellent material on the subjects it covers. The references are well chosen, and a great many are available on the Web, furnishing a rich source of items for further study, or general resources. I can easily recommend this text for those interested in cryptography, and it makes some good points with regard to software security, as well."

_______________________________________________________
____________________________________________________________   

2) Business Continuity Management

Webcasts on Business Continuity Management (BCM) and IT

http://www.ics.ie/events/  Evening lectures hosted by the Irish Computer Society in conjunction with the Emergency Planning Society (EPS) will be broadcast live on the web.

Tuesday 14 March: Business Continuity Management and the IT Professional What is BCM, what drives BCM in an organisation, what are the international standards, the role of risk management, IT issues, getting BCM right and what should you be doing? Speaker Michael Gallagher, Business Continuity Consultant

Tuesday 04 April: Achieving Business Continuity via Dual Data Centre Architecture for critical applications An insight into the policy, principles, architecture, and operating procedures as used by ESB in the implementation of its Dual Data Centre Strategy to promote stability, high-availability and disaster contingency for business critical systems in a multi platform production environment. Speaker: Greg Rogers, Technical Architect, IT Solutions, ESB

Tuesday 09 May: IT Continuity Planning Key issues in IT continuity planning, testing of plans, alternative arrangements, steps in recovery following an incident. Speaker: Claire Bradley, Resiliency Risk Management, JPMorgan Chase

Emergency Planning & Bird Flu

The Emergency Planning Society (EPS) in Ireland had a conference on Avian Flu on 3rd March.

http://www.riskcenter.com/story.php?id=12356 Operational Risk - Avian Flu, What to Expect and How Companies Can Prepare for It. "The avian flu that is steadily making its way around the globe will develop into a pandemic that will kill tens of millions, create chaos in companies and send the world economy into a tailspin. Or it won't. "

Europeans get nervous of flu surge

http://www.eubusiness.com/Health/060216222757.hr5n1m8v (EU Business)

A European Union on "high alert" approved new measures to halt the unrelenting advance of bird flu, even as more avian cases were confirmed. A number of countries, including Denmark, France, Greece, Luxembourg, The Netherlands and Sweden, have ordered poultry and other tame birds to be kept indoors to avoid contamination. In a sign of the seriousness with which the disease is being taken, a Greek farmer was fined 6,000 euros (7,120 dollars) for not confining chickens in accordance with the rules.

Tim Armit of Clifton Risk Management  (www.cliftonrisk.com) posted an article to the B2-ORM yahoogroup with these action points - in summary, don’t let yourself be taken by surprise. None of this is difficult and only requires basic planning and yet it will help. In many ways looking at Avian flu is like looking at the millennium bug. It may impact everyone across the world, or it may be expected and never arrive in the way foreseen.  He suggests:

• Once an infection is discovered in the UK and its human to human link proven, then work from the premise that work will stop, or be impacted, and plan operations with this in mind.
• Plan for rushes on food goods as people stock pile, on ATM withdrawals as they hoard cash, on online shopping as people shop from home (why they think a delivery van is somehow cleaner than their own cars, I don't know)
•  Assume your own call centre operators will not want to work together so implement telephone systems that allow operators to work from home and still deliver service to customers.
• Consider much longer time periods of loss of employees than those published for infection. Think of extended sick leave for people who are not sick but are supporting sick family members.

____________________________________________________________
____________________________________________________________

3) Informatics for Development

Wireless Networking in the Developing World

http://www.InformaticsDevelopmentInstitute.net In the Informatics Development Institute, we are working on a project for low-power communications in remote areas. I came across an important resource, a free eBook:

http://seattlewireless.net/~rob/wndw-ebook.pdf (2MB PDF) 254 pages Wireless Networking in the Developing World

A practical guide to planning and building low-cost telecommunications infrastructure. They focus on wireless data networking technologies in the 802.11 family. The extensive collection of case studies present various groups' attempts at building these networks, the resources that were committed to them, and the ultimate results of these attempts. Contents include:

A Practical Introduction to Radio Physics
Network Design
Antennas & Transmission Lines
Networking Hardware
Security
Building an Outdoor Node
Troubleshooting
Case Studies:

- Crossing the divide with a simple bridge in Timbuktu
- Finding solid ground in Gao
- Spectropolis, New York
- The quest for affordable Internet in rural Mali
- Commercial deployments in East Africa

____________________________________________________________
____________________________________________________________

4) Spreadsheets

More spreadsheet errors in the news

Sun Life provide yet another example of someone thinking that changing a document background colour hides text:

http://news.yahoo.com/s/cpress/20060210/ca_pr_on_bu/sun_life_financial_3

TORONTO (CP) - Sun Life Financial Inc.'s (TSX:SLF - news) fourth-quarter profit increased more than nine per cent to $478 million, a day early than scheduled after "human error" left the company vulnerable to a possible leak.

The problem centred around the company's quarterly statistical supplement, which is regularly provided to the analyst community in advance of earnings - but with the latest quarterly results blanked out. In doing so, the spreadsheet is converted into a document file. However, the censored information could be recovered by using Acrobat software, explained spokesman Tom Reid.

Training course in spreadsheet auditing methodology

http://www.sysmod.com/spreadsheet_auditing.htm  now taking bookings for:
Ireland: (Irish Computer Society, Dublin)  Thursday 20 April 2006
UK: (University Women's Club, London), Thursday 27 April 2006 - Joint event with Ray Butler

The intended audience is anyone who builds or reviews spreadsheet models, such as managers, accountants, actuaries, financial modellers, or IT analysts in enterprise IT audits. You need to have an intermediate or advanced knowledge of Excel. You should leave the seminar with the confidence to use the tools and methods shown to risk-assess and test spreadsheets in your organisation.

• Where to start and what are the most efficient techniques to use
• How you can cut down a huge system of spreadsheets to a manageable audit task
• The symptoms that indicate potential or actual problems
• How a company can create an inventory of its critical spreadsheets, assess them for risk, and prioritize scarce resources
• How the top spreadsheet auditing software tools compare, including little-used secrets of Excel's auditing features
• Includes a copy of "Spreadsheet Check and Control", my new book of 47 professional checking techniques
• Reinforce your learning with an optional hour of hands-on practice using demonstration versions of auditing software

To book online, visit http://sysmod.buy.ie/catalog/product_info.php?products_id=189 

More Spreadsheet Check and Control book rave reviews

http://newsweaver.ie/cpa/e_article000536500.cfm?x=b11,0,w

Paul Heaney, CPA, Director of Education and Training with the Institute of Certified Public Accountants in Ireland, says:

"This is an excellent, easy to follow book containing the key practices that will arm the novice and self taught spreadsheet user so they can create well designed, reliable and error free spreadsheets. Learning is greatly assisted by relevant practical exercises throughout the book and a “Check your knowledge” opportunity at the end of each section. I believe, as an experienced spreadsheet user, that other experienced users, designers and auditors may also benefit from this book. "

http://www.webcpa.com/article.cfm?articleid=18843&pg=acctoday

The Electronic Accountant magazine says the book "[Warns] you away from errors both common and uncommon, and showing you how to make Excel spreadsheets that are safe, reliable, more efficient, consistent and auditable. Beyond that, the book teaches readers how easy it is to make mistakes, and offers a set of tools for testing and detecting errors. It's the kind of book you ought to have two of - one for you, and one to pass around."

http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control Celtic_Tigger says in an Amazon UK review "An excellent book on a key subset of Information Quality. Countless man-days of work are wasted through scrap and rework of spreadsheet models every day. This book is an excellent introduction to the techniques needed to manage the quality of Information in spreadsheets. This book is now part of my coffee-stained reference library... "

I shall be adding more material to the reader support web page www.sysmod.com/sbp/ (access requires a username and password provided in the book), If you have improvement suggestions, please let me know so I can make this a better resource.

http://sysmod.buy.ie/catalog/product_info.php?products_id=188 Where to buy the book - free shipping to EU in March 2006.

ScanXLS Spreadsheet Links documentor

http://www.sysmod.com/scanxls.htm

My spreadsheet tool to collect inventory data on spreadsheet files & links is going to be updated soon, and the price will go up slightly to 79.95 euro. I have received requests for more detailed error reporting and the detection of file names in VBA code. Keep the suggestions rolling in, that's how it improves!

_______________________________________________________
_______________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) Off Topic

The Apple Intel ad reloaded

http://video.google.com/videoplay?docid=-6415770050655464328  Intel chips in an Apple? Imagine the possibilities :-)

_______________________________________________________
_______________________________________________________

Copyright 2006 Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________