PraxIS Nov. 2007

07-11 Contents: InfoSec downloads, Security & Testing free seminars, Spreadsheet conferences

ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0711.htm   [Previous] [Index]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  

IN THIS ISSUE

1) Risk & Security
     Standard of Good Practice for Information Security download
     Cyber Security Awareness Resource Center downloads
     Pirate copies of books
     Audit Technology Conference, London 20-21 Nov
2) Irish news
     Ireland Corporate Enforcer impatience with compliance
     ICS Security Professionals' Network Seminar, 5 Nov
     SoftTest Ireland Presentation by O2 and AGM, 8 Nov
3) Spreadsheets
     Excel User Conference Cambridge, Nov 29 - Dec 1
     SPRIG sleepless at INFORMS, Seattle, 5 & 7 Nov
     Did you spot a spreadsheet error from a mile away?
     Excel oddities, annoyances, quirks
     ScanXLS continues to be enhanced
     VBA Code Quality - Project Analyser
4) Off Topic
     Giveaway of the day freeware
13 Web links in this newsletter
 
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information

_______________________________________________________

Welcome to PraxIS

If it's November, it must be conference season! Let me know your experience of any of the conferences I mention.

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk & Audit


Standard of Good Practice for Information Security

The Information Security Forum (ISF) has launched the 2007 version of its international Standard of Good Practice for Information Security, which can be downloaded free of charge. The Standard of Good Practice for Information Security (the Standard) addresses information security from a business perspective, providing a practical basis for assessing an organisation’s information security arrangements.

http://www.isfstandard.com/SOGP07/index.htm


Cyber Security Awareness Resource Center downloads

https://www.isc2.org/cgi-bin/csam_resources.cgi

The page says that all file sizes are 4KB but in fact they can be some megabytes. Examples are:


Pirate copies of books

The Giveaway of the Day site mentioned below uses a file sharing service www.wikifortio.com . I discovered an illegal copy of some copyrighted material on that site and contacted the author. He in turn told me about another ebook site to which he had to send a take-down notice, www.scribd.com  where among all the usual self-published and PR material was again some PDF versions of well known textbooks. If you publish any copyright material, check the web regularly for bootleg versions.


Audit Technology Conference, London 20-21 Nov

http://www.auditconferences.co.uk/

20th and 21st November 2007 Holiday Inn Kensington Forum, London

Topics to be covered include: Governance, Risk and Compliance, Audit Workflow, XBRL, Illicit Image Abuse, Spreadsheet Risks, Continuous Audit, Direct Tax Audit, Electronic Discovery, and Fraud Detection.

My presentation on Nov 21st is "Minimising Risk in Important Spreadsheets". This presentation examines the risk to organisations which arise from the uncontrolled use of spreadsheets.

____________________________________________________________
____________________________________________________________   

2) Irish news


Ireland Corporate Enforcer “becoming impatient with the lack of compliance”

Don McAleese of the Information Technology Law Group of Matheson Ormsby Prentice writes a regular legal bulletin for the Irish Computer Society. http://www.ics.ie/news/ne_eBulletin.htm

The European Communities (Companies) (Amendment) Regulations 2007 came into effect on 1 April 2007. They implement the EU “Disclosure Directive” and extend the requirements of regulations going back to 1973 (European Communities (Companies) Regulations 1973) which require companies to disclose certain particulars concerning the company on their letter heads and order forms so that they now apply to electronic communications and websites.

It is coming up to 6 months now since the Regulations have been introduced, and the Office of the Director of Corporate Enforcement, which is responsible for the enforcement of the Regulations, is understood to be “becoming impatient with the lack of compliance”.

The article provides a table showing the different information a company must display on its business letters, order forms, electronic communications and websites.

Care needs to be taken in complying with the requirements as failure to comply is an offence for which not only the company is liable, but also any officers, directors or “persons in accordance with whose directions or instructions the directors of the company are accustomed to act and to whose directions or omissions the default is attributable. The maximum fine is €2,000 per offence”.


ICS Security Professionals' Network Seminar, 5 Nov 12:30-14:00

http://www.ics.ie/

The ICS Security Professionals' Network presents the second in its series of lunchtime information security sessions structured around the eleven ISO/IEC 27002 Domains.  Michael Brophy, CEO of Certification Europe, will present key findings of the recently-completed first worldwide ISO 27001 survey Mark Cawley, Head of Security Practice at BT Ireland, will present Managed Security Services - A Viable Option for protecting your Business


SoftTest Ireland Presentation by O2 and AGM, 8 Nov

8 November, 5.30-8pm at IBEC, Confederation House, 84/86 Lower Baggot Street, Dublin

http://www.SoftTest.ie  To register please email ruth dot walmsley at momentumni dot org

Managing Complex Test Environments to Deliver Quality at the Right Price

Joan's presentation is on how she has embraced the challenge of controlling and optimising the management of multiple, complex Test Environments in O2, where up to 30 test projects are managed at any one time, while reducing costs and headcount. This has been done by establishing a Help-Desk system, using pre-existing Test Management Software (HP Quality Centre). Joan will speak about the system itself, how it evolved and the benefits it has brought to the organisation. Joan Jordan is an accomplished Testing Professional with over 12 years experience in the IT Industry.


____________________________________________________________
____________________________________________________________

3) Spreadsheets


Excel User Conference Cambridge, Nov 29 to Dec 1

http://www.exceluserconference.com/UKEUC.html

Presenters:  Nick Hodge MVP; Simon Murphy; Bob Phillips MVP; Andy Pope MVP,  Charles Williams, and Ken Wright.

Day 1: Beyond the Basics. Like most of us regular users of Excel, you may have the feeling you are using only a fraction of the full power Excel can offer. All of the sessions will provide proven tips and strategies to make you more productive from Excel experts, including Microsoft Excel MVPs, who share their knowledge regularly in various online forums.

Day 2: Advance to the Next Level. These sessions are designed to sharpen your skills and introduce you to some of Excels more advanced features and functionality. You will see demonstrations that will illustrate many of the tools and strategies to develop applications. Most of the session leaders are professional full time independent Excel developers.

My presentation at 09:45 is on "Excel - Auditing Spreadsheets"

Day 3: Developer Saturday. This day will be devoted to developer topics. If you are a professional developer, do development work for your employer or want to learn more about developing with Microsoft Office then this day is for you. You will have the opportunity to learn and share many aspects of the Office Suite working hand in hand with .net, VSTO or VB6.


Spreadsheet Productivity Research Interest Group (SPRIG) at INFORMS, Seattle, 5 & 7 Nov

https://informs.emeetingsonline.com/emeetings/formbuilder/clustersessionlist.asp?clnno=1471&mmnno=167

Nov 5,  4:30 - 6:00 p.m Spreadsheets in O.R. Practice: Papers from the Interfaces Special Issue, Chair: Thomas Grossman, USFCA

Nov 7 10:00 - 11:30 a.m. Modeling Applications using Spreadsheets (and More), Chair: Mukul Madahar, UWIC

and 1:30 - 3:00 p.m. Spreadsheet Technology and Engineering, Chair: Larry LeBlanc, Vanderbilt

and 3:30 - 5:00 p.m. Spreadsheets in Education, Chair: Janet Wagner, Stockton


Did you spot a spreadsheet error from a mile away?

http://www.theiia.org/ITAudit/index.cfm?iid=563&catid=21&aid=2833

The IIA offered a free book as a prize for those who downloaded that sales report spreadsheet, identified at least one error, and replied by Oct. 17. I found seven issues, another Eusprig member who won the book found 11, but only 2 the same as mine, and another found a different one! A formula inconsistency was so easy to spot and so insignificant that I wondered if it was a distracter for something else more serious. I didn't know whether to take the jokey names seriously.  In fact, the point was that *all* the invoices rounded up, whereas statistically one would expect some up and some down.


Excel 12 with European dates cannot import DBF format

I posted a few oddities recently to my blog at http://www.sysmod.com/blog

Excel 2007 with European regional Windows date settings cannot import dBase dbf file dates correctly. Although the data is stored in the record unambiguously as YYYYMMDD, Excel 12 imports it as mm/dd/yyyy so dates with days above 12 appear as text. It imports correctly when the regional date format is mm/dd/yyyy.


ScanXLS continues to be enhanced

Thanks to some good feedback from users, my ScanXLS utility continues to be improved. It searches directories for XLS files and reports on the external data sources and links between them.

http://www.sysmod.com/scanxls.htm


VBA Code Quality - Project Analyser

http://www.aivosto.com

I've been checking out the Project Analyzer from Aivosto Oy in Finland. The trial version works on up to ten modules, so you can easily see how it works on a small project. It finds dead code and suspicious constructs. I like it for the automated VB code review:


Spreadsheet Check and Control: 47 best practices to detect and prevent errors

http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control Available worldwide from Amazon.

http://sysmod.buy.ie/catalog/product_info.php?products_id=188  Our offer - free shipping to EU .

 

_______________________________________________________
_______________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

4) Off Topic

Giveaway of the day freeware

http://www.giveawayoftheday.com/

If you like to check the covers of PC magazines for trial software, here's an online version of the same thing. For a period of 24 hours at a time, you can download an application for free use. They are all full programs, no "free download" nonsense, an expression I usually filter out of Google searches for a utility. They are sometimes previous versions, or one function extracted from a larger suite, or restricted to non-commercial use. A very useful feature is the comment blog that is well used with many votes for and against the software on offer for the day.

_______________________________________________________
_______________________________________________________

Copyright (c) Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I moderate posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________