PraxIS Mar. 2008

08-03 Contents: Data loss, Predators and Predation, Software Testing, Spreadsheet Tools

ISSN 1649-2374 This issue online at   [Previous] [Index]  [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  


1) Risk & Security
     171,324 Irish blood donor records stolen
     Followup to l'affaire Kerviel
2) Quality
     Software & Systems Quality Conferences Dublin, 5th March 2008
     SoftTest Ireland events April 1,2,3
3) Spreadsheets
     Jim Kaplan's AuditNet newsletter features spreadsheet tools
     OSU Spinoff RedRover launches its Excel audit product
4) Off Topic
     Interesting Photos of the day
13 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information


Welcome to PraxIS

I hope to see some of you at the Software & Systems Quality Conference in the IMI on March 5th!

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  Healthcare IT Risk

171,324 Irish blood donor records stolen

There has been plenty of coverage of this data loss, but most have focused on the claims of strong encryption. Only a few professionals have asked why data to be used for software testing was not anonymised. Daragh O'Brien of the IAIDQ comments on his blog: "Your unencrypted, non-anonymised data could have been on the laptop when it was stolen."

The Office of the Data Protection Commissioner Ireland was reported on Silicon Republic:

"The data was provided in CD form to the NYBC and contained transaction log files from the Progresa electronic logs system used by the IBTS for the period 2 July to 11 October 2007. The data contained patient names, addresses, email addresses and/or mobile phone numbers. The log files also contain numeric codes for other kinds of information such as attendance at the IBTS or blood-test results performed by the IBTS. Importantly, the key for these codes was not on the stolen laptop or on the disks given to the NYBC for the performance of its functions. We are satisfied, based on the information provided, that the key to the encryption software used on the laptop was not stored anywhere on the laptop or elsewhere. On the above basis, the conclusion reached is that the transfer of the personal data in question to the NYBC in the US did not constitute a breach of the Data Protection Acts. "

I'm not so happy with just an assurance that the key was not stored with the laptop, nor no mention of possible decrypted data. Nor with this part: “It is not possible to isolate individual fields in the log files, so it would have been difficult, if not impossible, to have anonymised the files prior to their supply to the NYBC. "

Followup to l'affaire Kerviel

Following last month's coverage of the Jerome Kerviel affair which cost Societe Generale 6M euro, I heard from Michel Volle. He recently published a book, "Prédation et prédateurs", which covers extensively the problems associated with finance, banks, money laundering etc. You can download this book (in French only) for free from . This book was published a few days before the Kerviel affair - but Michel believes this affair confirms his theory of such behaviour.

As a footnote to the affair, readers of The Register poured scorn in comments on an article pushing biometrics as a solution, and they recommended the use of 'wetware' (brains) instead:


2) Quality

Software & Systems Quality Conferences Dublin, 5th March 2008

This features presentations from the public and private sector and case studies. I'm involved in two sessions:

12.00 "Software Testers: Perceptions and Professionalism" panel discussion, chair is Mary Cleary of the Irish Computer Society.

15:00 "End-User Computing: Risks in Spreadsheets" is my own presentation.

SoftTest Ireland events April 1,2,3

Tuesday 1 April, 2-5.30pm, Radisson SAS Hotel, The Gasworks, Belfast
Wednesday 2 April, 9am-12.30pm, IBEC, Confederation House, 84/86 Lower Baggot St, Dublin T
hursday 3 April, 9am-12.30pm, Cork – speaker details and venue/booking information will be circulated separately via IT@Cork

There is no charge to attend these events - to register please email ruth.walmsley <at> stating which event you wish to attend

"Testing Using Open Source Tools" by Richard Thompson, Liberty IT

This presentation will cover: • A selection of the open source tools, techniques and approaches available today that can add value to development teams. • Discuss decision points, tool selection, implementation and measuring ROI.

"People Challenges for Test Teams" by Steve Allott

In this facilitated workshop you’ll be able to share your experiences with the group and explore the people challenges faced by testers. 

• Relentless business pressure for new functionality
• Constant and last minute changes to requirements
• Introduction of new development / testing methodologies e.g. agile
• Very frequent releases, often weekly, sometimes daily!
• Increasing application complexity over time
• Knowledge gap (e.g. what lies beyond the browser?)
• Steep learning curve (business as well as technical)
• Use of contract and offshore resources (loss of in-house expertise)
• Little or no documentation against which to test
• Lack of attention to all testing requirements (e.g. middleware, back end database, non-functional quality characteristics)

The expected outcome of the subsequent discussion is to compile a list of some useful hints and tips that can in some way help to relieve the stress faced by test managers and testers in fast moving test projects.


3) Spreadsheets

Jim Kaplan's AuditNet newsletter March 2008 AuditNet newsletter has a couple of interesting articles:

End User Database Access Using Excel by Mike Blakely from his blog at

An Excel workbook, macros, connection strings and example data and SQL has been contributed to the public domain by the author.

He also supplies "XL Audit Commander", a free addin for data extraction, audit sampling, and statistical analysis including Benford's law for detecting invented numbers.

Breaking Down Data and Putting It Back Together by Rich Lanza covers various ways of transforming and massaging data to make it amenable to analysis.

OSU Spinoff launches its Excel audit product

RedRover Audit is a tool for Microsoft Excel to visually display probable spreadsheet errors with point-and-click error correction and audit documentation trails.  It is based on research - the 'What You See is What You Test' (WYSIWYT) testing approach - by OSU professors Margaret Burnett, Martin Erwig and Gregg Rothermel, who have published a great deal on spreadsheet error checking with their NSF grant. See for more information.


Spreadsheet Check and Control: 47 best practices to detect and prevent errors Available worldwide from Amazon.  Our offer - free shipping to EU .




Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

4) Off Topic

In my iGoogle home page, I'm enjoying two widgets that provide a Photograph of the day:  National Geographic Picture of the Day  Flickr Interesting Photos of the Day


Copyright (c) Systems Modelling Limited, . Reproduction allowed provided this copyright notice is included.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I moderate posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!
To read previous issues of this newsletter please visit our web site at

This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website