07-12 Contents: Data loss, privacy, Process Improvement, Excel tips, Spreadsheet Management
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0712.htm [Previous] [Index] [Next]
|Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success|
IN THIS ISSUE
|1) Risk & Security
The biggest data loss in history ... so far
Software Test Process Improvement
Excel User Conference
Excel tips & tricks
Manager and Auditor perspectives
A friend passes away
|14 Web links in this newsletter
|About this newsletter and Archives
Subscribe and Unsubscribe information
As we approach the festive season, may you all have a safe and happy Christmas, and achieve your goals in 2008!
In mid-October, a junior official in the Revenue & Customs service of the UK (HMRC) placed two CDs into unrecorded outsourced delivery to the National Audit Office containing unencrypted full personal data about recipients of child benefits. The story is a catalog of short cuts taken to save bother which bypassed all accepted security control measures.
Why by post on CDs, when there is (allegedly) a secure government intranet ?
Why unencrypted, given that the new head David Hartnett (Paul Gray moved sideways to the Cabinet Office) told the House of Commons Treasury Select Committee that "We set out in 2006 to learn lessons in relation to security and to tighten things up."
Why was all the data there when the NAO specifically asked for a subset? Cost was initially offerered as a reason but if they believe that they are being ripped off by the outsourced services.
And when it was known not to have arrived, why was it sent AGAIN (although received the second time) the same way?
We don't know yet whether the data is only mislaid internally, or if it is already in the hands of fraudsters waiting to make their move.
Naturally, this questions their ability to manage a secure National ID Card database.
That is merely the biggest of a continuous stream of admissions of failure to maintain security and privacy
The.Data Protection Commissioner in Ireland, Billy Hawkes, has said he has serious concerns about the levels of data security in some public bodies in Ireland that handle large amounts of information about citizens. “We’ve been warning for years about the danger of information about us previously held in silos in the public sector being brought together in centralised databases and accessible to large numbers of public servants,” Mr Hawkes told RTÉ Radio’s News at One programme.
confirmed Thursday evening that a computer error caused 15,000 payment
advice slips to be sent to the wrong addresses. The bank
apologised for the mistake and said that it is writing to customers
affected. AIB also stated it had informed the Office of the Data
Bank account numbers, National Insurance numbers, names, addresses and dates of birthof up to 60,000 people were on a laptop stolen from a staff member's car in Belfast earlier this week. Derek Alcorn, chief executive of the Citizen's Advice Bureau of Northern Ireland, apologised and added "We can say that the data on the computer is protected by three levels of security including a high level of encryption."
of websites have been shut down temporarily by one of the largest web
hosting companies in Britain after the personal details of customers
were stolen by computer hackers.
The hackers managed to access the “master database” of Fasthosts for information, including addresses, bank details, e-mails and passwords.
If you weren't there, you missed a great chance to learn from the experts and MVPs about pivot tables, advanced charting, data access techniques, and optimising performance. Congratulations to Simon Murphy for organising it. My own presentation on auditing spreadsheets has been supplied to the delegates. It was a one-hour condensation of a half day course. If you'd like to have that in-company, contact me.http://www.exceluserconference.com
Bob Phillips provides a detailed discussion on the SUMPRODUCT worksheet function. It can be used to solve the problem of, for example, getting a sum between two dates, or with extra selection conditions. Also, it can function with closed workbooks, and the handling of text values can be tailored to the requirements.
Have you ever wanted to straighten out a table of non-normalised data into something that you can pass to a pivottable? John Walkenbach describes a startlingly simple technique to create a simple table where the columns of the original are repeated as rows.
How to create a normalised database table from a simple
two-variable summary table.
Jan Karel Pieterse has launched the first version of
his ExcelRefTool ( the Excel Formula Reference Auditing Utility.)
JKP is a founding member of: the Professional Office Developers Association
My ScanXLS product creates such an inventory with a list of errors and unusual attributes of thousands of spreadsheets. The biggest scan I have heard about so far was of a company with 45,000 finance spreadsheets in Australia. At the Audit Technology conference that I spoke at in November, I was asked how one knows what is a risky spreadsheet given just such an inventory with various attributes. In fact, there is no single rule that tells you. Consider the TransAlta spreadsheet mistake that cost them $24M, as reported here:
I don't know, but that could have been a very simple spreadsheet with just a SUM in it. The problem was the data was pasted in off by one row. While audit automation software like ScanXLS is going to identify files where some sheet has formulas that refer to empty cells, or inconsistent formulas, they cannot tell whether this is for someone's coffee pool budget, or a mission critical spreadsheet. That's where sampling and domain knowledge play their part. Another auditor told me of their experience in asking for an really important spreadsheet and receiving a very simple model with just a few tables of numbers, which passed inspection as clear. Well, of course, if you ask a manager to select something for you to audit them on, what do you think you'll get?
Peter de Jager, a change management consultant who achieved prominence during Y2K, speaks on the nature of organisational change:
I remember one of his presentations included a physical metaphor of how to turn pushback into progress; kind of judo meets ballroom dancing! A big effort in end-user computing management is just that problem of culture change. People with a hero culture like the reputation of being a firefighter, only slightly diminished by the fact that few people notice that it was the same person who started the fire. We've been over this ground a long time ago with software development and testing, so it's time to apply the same lessons to spreadsheet developers, maintainers, and users. To get a handle on your own company's assets of informal software, give me a call.
http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control Available worldwide from Amazon.
http://sysmod.buy.ie/catalog/product_info.php?products_id=188 Our offer - free shipping to EU .
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
I shared many a platform with Roderick during the Y2K and Euro project years.
I received a letter with sad news from his sister Debbie beginning
"It is with great sadness that I have to tell you of the sudden and unexpected death of Roderick on 2nd September in Spain." Megan & I visited Spain last year and had tried to meet up with him but we could not coincide. We remember him fondly, ever since a picnic near the Albert Hall many years ago.
Copyright (c) Systems Modelling Limited,
. Reproduction allowed provided the newsletter is copied in its
entirety and with this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com
For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I moderate posts to the EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/