07-04 Contents: Historic CC theft, Enforcement, ScanXLS 2007, Spreadsheet audit course, news and downloads
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0704.htm [Previous] [Index] [Next]
|Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success|
IN THIS ISSUE
|1) Risk & Security
Biggest credit card theft - so far
Consequences - the stick
|2) ScanXLS 2007
List all your spreadsheet files with an overview of their contents
|3) Spreadsheet Best Practices training,
Learn how to detect and prevent errors
|4) Spreadsheet news
New products, free downloads
|5) Off Topic
Photos and short video clips from Iceland
|20 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information
My big news this month is the release of version 3 of ScanXLS. I also announce my next public course in spreadsheet checking techniques. There are discounts for buying within the next week!
45.7 million people were hit in the biggest ever credit card security breach in history. Customers who shopped at the company’s TK Maxx stores in the Ireland, the UK, Canada and Puerto Rico were all targeted and the hackers were able to witness unencrypted credit card data as payments were processed between store tills and the banking networks. The data was accessed on TJX’s systems in the UK and in Massachusetts over a 16-month period and the data accessed covered credit and debit card transactions dating as far back as December 2002. The company also disclosed that another 455,000 customers who returned merchandise without receipts were robbed of their driver's license numbers and other personal information. In Florida, the gang used the cards once to buy $400 gift tokens. These were then convertible later, and there was no way to link a gift token number to the card number used to purchase it.
TJX’s SEC filing is listed at:
Encryption that was later introduced didn't work because the intruder had access to the decryption tool for the encryption software. That probably occurred because the tool was stored on the same computer as the encrypted file. Scoping the damage done is made more difficult because not only did the intruder cover up their tracks by deleting log files, the company also routinely deleted transaction files ... but too late to avoid the hack.
The incident has already cost the firm $5 million in expenses related to the investigation, cleanup and shoring up of security measures, with future costs including compensating potentially huge numbers of fraud victims.
http://www.itpi.org/cs/blogs/itpiKurt Milne quotes a VP of security at one of the world's top 15 largest banks, who said:
"You have to make people responsible for getting things done, and accountable if they are not. You can have a great change control system, configuration management, control every aspect of the environment -- but if people don't follow the process and you are not going to do anything about it, you are not going to make a lot of progress. As an example, at another company I worked for, we had an end of year production freeze with no changes. Yet four changes were detected to the production system. What happened to the people who made the changes? Nothing. What happened to their bosses? Nothing."
A technology approach to what to do when an unauthorised change is detected might be to send the author an email requiring them to take a test on change control policies and copy their manager with their results.
A more person-oriented approach is to always review changes at a regular meeting with management and trace the reason for every exception back to its root cause. If the process needs to be improved, it gets improved; if not, the author knows that unauthorized changes will get management attention.
Here is a process focus on the causes of error rather than the characteristics of errors:
Is Your Enterprise An Error Enabler? February 21, 2007 By George Spafford
There are a number of situations that dramatically increase the odds of human error, yet organizations continually fail to manage them. I've snipped just the headings from his article, read it to get the detail:
Operating Under Tight Deadlines
April 16th 2007 is the release date of the Excel 2007 version of ScanXLS, my spreadsheet to produce a directory of spreadsheet files and measures of their quality. The price will be 99 euro from 8am BST on Mon 16 April. Readers of PraxIS can order it at the old 59.95 euro price until then.
Differences from ScanXLS 2.3
ScanXLS3 works in Excel 2007 and can process the much larger files in that version, 16384 columns by 1048576 rows.
Sheet Excel lists the Add-Ins available to the current user.
Sheet ScanXLS has added many types of error and suspect constructs. It allows you to specify as many properties and search terms as you wish. It optionally reports a detailed list of cell addresses with errors.
Sheet Links gives the Link Status. A new button Draw Arrows gives a visual indication of the dependencies among the workbooks.
Sheet PQLinks is new, listing the external Pivot Table and Database Query links with the connection string and query text where available.
The next public one-day training course will be run on Tue May 22 in the training PC room of the Irish Computer Society. Mount St. Crescent, Dublin 2, Ireland. There is an early bird discount of 100 euro until 8am April 22, so talk to your training budget manager now!
also deliver this course in-house tailored to your organization’s specific needs. Individual support can be given and confidential spreadsheets assessed. Contact me for more details on the syllabus.
Participants will learn by a combination of lectures and practical hands on work:
Where to start and what are the most efficient techniques to use
How you can cut down a huge system of spreadsheets to a manageable audit task
The symptoms that indicate potential or actual problems
How to create an inventory of critical spreadsheets, assess them for risk, and prioritize scarce resources
Little-known secrets of Excel's auditing features
Reinforce your learning with an optional hour of hands-on practice using demonstration versions of auditing software on your own laptop
http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control Available worldwide from Amazon.
http://sysmod.buy.ie/catalog/product_info.php?products_id=188 Our offer - free shipping to EU.
In an article entitled "Spreadsheet security? What spreadsheet security!" Phil Howard of Bloor Research mentions the new tool ExSafe from ROI-Soft, an Irish company:
http://www.roi-soft.com ExSafe adds cell level security and even protection of Excel's temporary files.
I already use SpACE from HMRC and EXChecker from Compassoft in my training courses. Other new products are:
http://www.prodiance.com Prodiance Spreadsheet IQ is also available on CNET www.download.com
http://www.lyquidity.com Lyquidity ComplyXL, also Sarah Seddon's blog at http://www.irishdev.com/blogs/sarahseddon
http://www.Excelcalcs.com Free XLC software gives MS Excel the capability of displaying cell formulae as mathematical equations.
Rickard Warnelid pointed me to his useful list of handy Excel keystroke abbreviations for common commands on his web site http://www.NavigatorPF.com
Other versions are available at:
http://www.mvps.org/dmcritchie/excel/shortx2k.htm Excel 2000
http://blogs.msdn.com/excel/archive/2006/02/23/538311.aspx Excel 2007 - 214 keyboard shortcuts, links to:
What do you think these words might mean?
Flufferpoint, Spreadalanche, Defart, Frankensheet, Quack-Scholes, Reporticane
They are all winners of the Juice Analytics Sniglets
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
I have now uploaded some of the photographs and videos I took during my visit to Iceland in February.
Photographs on Flickr: http://www.flickr.com/photos/probeirneVVideos on YouTube: http://www.youtube.com/PROBeirne
The videos are short captures of Strokkur geysir, Gulfoss waterfall, and feeding the ducks on Reykjavik pond.
Copyright (c) Systems Modelling Limited,
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com
For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I moderate posts to the EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/