PraxIS June 2006

_______________________________________________________

Welcome to PraxIS

Summer approaches but conference activity grows more intense - maybe we'll meet at one of these events?

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

Software asset management becomes an ISO standard

http://www.out-law.com/page-6911 A new international standard has been produced to enable organisations to prove that they are performing Software Asset Management (SAM) to a standard sufficient to satisfy corporate governance and to aid industry and vendors with software compliance. 

Published by ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission), ISO/IEC 19770-1:2006, Information technology – Software asset management - Part 1: Processes will enable organisations to benchmark their capability in delivering managed services, measuring service levels and assessing performance.

Verification and compliance: covers the process to identify and record assets and match inventory to licences and associated processes like authorisation and calculating effective licence from underlying licences (upgrades)

Software asset management tempts salespeople

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=111186

Auto Warehousing Co. told Don Tennant of Computerworld about Microsoft trying to pressure people into buying a software asset tool. AWC was contacted by Janet Lawless, a software asset management engagement manager at Microsoft, who claimed that "a preliminary review of [AWC's software licensing] information indicates that your company may not be licensed properly." She wanted to send a consultant to AWC to conduct an inventory of its installed software. The CIO, Dale Frantz, says he does regular audits and maintains extensive records of purchases, license keys and registration codes. Lawless countered that "our Software Asset Management (SAM) program is the only unbiased way to create an accurate baseline and resolve this matter." AWC's attorney, suspecting that Lawless' actions were part of an elaborate sales effort, basically told her to back off.

Records management and data retention policies

http://www.out-law.com/page-6931  Morgan Stanley agreed to pay $15 million to settle a civil action brought by the US Securities and Exchange Commission for failing to produce tens of thousands of emails requested during SEC investigations from 2000 to 2005. It also agreed to adopt new staff training procedures on email preservation. The SEC claimed that Morgan Stanley did not diligently search for back-up tapes containing responsive emails until 2005, and it over-wrote back-up tapes, destroying at least 200,000 emails.

Book: "Governance Guidebook", by Fred Cohen

http://sysmod.com/az.php?a=1878109340&b=Governance+Guidebook A reference textbook for the Chief Information Security Officer (CISO)

Individual differences in risk and uncertainty management

http://www.internalcontrolsdesign.co.uk/rumaresults/index.html  Results of an online survey by Matthew Leitch, May 2006.

The experiment involved four imaginary situations, each with a list of five potential actions. Respondents had to rate each action on a scale from "Awful" to "Great" and say how certain they felt of each rating.

Matthew Leitch comments: "The most popular views on how to answer also tended to be the honest, open, objective, rational approach, but there were exceptions. It was also interesting to see how certain preferences correlated. For example, it's no surprise that a fondness for setting targets up front went with an interest in pushing people to rectify disappointing results, and went against shifting plans in the light of experience." Auditors tended to give answers further away from the principles than others and were particularly prone to concealing risks and exaggerating both good and bad news in pursuit of a reaction.

Book: "Perfect Passwords", by Mark Burnett

http://sysmod.com/az.php?a=1597490415&b=Perfect+Passwords "Perfect Passwords: Selection, Protection, Authentication", by Mark Burnett. A 181 page book on the weaknesses of most passwords and recommendations for choosing stronger ones based on length, randomness, a 'password day' for expiration, and passphrases.

__________________________________________________________
____________________________________________________________   

2) Software Testing

Software Testers User Group meeting topics: Career Development, Rightsourcing

Wednesday, June 7 2006, 18.00hrs Venue: Holiday Inn Hotel, Pearse Street, Dublin 2

Talks
1. Testers are Doing it for Themselves! by Julie Gardiner
2. Rightsourcing ... by Declan Kavanagh

____________________________________________________________
____________________________________________________________

3) Spreadsheets

Office 2007 Beta 2 available

The second major test version of Office 2007 is now available to all as a 400MB download from http://www.microsoft.com/office/preview/beta/getthebeta.mspx

This is for bug fixing or market awareness, there will be no changes to the interface or features of Office.

Of course you'll also need to be sure your operating system is patched up to date too. There are some eLearning facilities on line, although I have not yet been able to install the offline MS elearning reader, it gives an error -5009.

New Microsoft whitepaper on spreadsheet compliance and Excel

http://blogs.msdn.com/excel In a post on his Excel 2007 blog, Microsoft Excel team manager David Gainer drew readers' attention to a whitepaper available as a 730k Word download, "Spreadsheet Compliance in the 2007 Microsoft Office System".

http://download.microsoft.com/download/8/d/7/8d7ea200-5370-4f23-bdca-ca1615060ec4/Excel%20Regulatory%20White%20Paper_Final0424.doc 

It summaries the regulatory drivers, gives the usual roadmap of "inventory - evaluate - implement appropriate controls". (To create an inventory, see my SCANXLS tool) It lists potential risks and control activities. Most importantly it recommends "3. Develop a Long-Term Spreadsheet Development and Maintenance Methodology" which is the focus of my book on "Spreadsheet Check and Control". It ends with a section "How the 2007 Microsoft Office System Can Help Address Compliance Challenges" that describes Sharepoint server 2007, Excel Services, Information Rights Management, and Workbook Encryption. To manage and monitor spreadsheet changes, it describes Enterprise Content Management in Office SharePoint Server 2007. However, there is no built-in capability to audit changes within spreadsheets individually.

The section "Developing Robust Spreadsheet Models" covers the frequently given advice of Cell Styles (although the interest example given is somewhat unfortunately chosen), Locking, Tables, Defined Names, and Formula auditing tools.

ScanXLS helps you get a handle on spaghetti linked workbooks

http://www.sysmod.com/scanxls.htm  SCANXLS is my Excel utility to scan directories for spreadsheets. It fits the need mentioned above to create an inventory of spreadsheets. It also builds a cross-reference of their dependencies, and helps assess their quality. It is one of the very few link directory tools in the marketplace

Spreadsheet Check and Control: 47 best practices to detect and prevent errors

http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control Available worldwide from Amazon.

http://sysmod.buy.ie/catalog/product_info.php?products_id=188  Our offer - free shipping to EU in June 2006.

World Cup Fever targeted by virus writers

http://www.sophos.com/pressoffice/news/articles/2006/05/yagnuul.html We're not safe from World Cup fever even here. Security experts have warned users about a virus that infects Microsoft Excel files under the camouflage of a fantasy football spreadsheet.

Are you tracking the Excel Knowledgebase?

http://support.microsoft.com/default.aspx?scid=kb;en-us;919127 Q919127 Calculations may not occur in an Excel workbook that has many formulas when you use the Calculate method to calculate formulas or after you press SHIFT+F9 to calculate formulas

Eusprig 2006 Conference, Cambridge, UK, July 5-7, 2006

http://www.uwic.ac.uk/eusprig/2006/index.htm The Sixth annual conference and AGM of the European Spreadsheet Risks Interest Group ( www.eusprig.org ) theme is Managing Spreadsheets: Improving corporate performance, compliance and governance. The venue is Fitzwilliam College, University of Cambridge, Cambridge UK. The papers will be announced shortly. Bookings can be made at the UWIC web site.

Google Spreadsheets

http://www.google.com/googlespreadsheets/tour1.html A new entry in the online spreadsheet field.

http://news.search.yahoo.com/news/search?p=google+spreadsheets More news stories on this. But you would not want to rely on a beta service, in case it goes down, like GMail.

_______________________________________________________
_______________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

4) Off Topic

Usually I put in some humour here, but this month I'll mention a more serious item, a newsletter by Rick Brenner on personal effectiveness that manages to be sensible and practical, avoiding pulp psychology.

Personal Effectiveness

http://www.ChacoCanyon.com/pointlookout/ Point Lookout: Personal, Team and Organizational Effectiveness. The June topic is "If Only I Had Known -  Ever had one of those forehead-slapping moments when someone explained something, or you suddenly realized something?"

_______________________________________________________
_______________________________________________________

Copyright 2006 Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________