PraxIS
Dec.
2008
08-12 Contents: Redaction, IRISS,
Euro,
Spreadsheet WTF
ISSN
1649-2374 This issue
online at http://www.sysmod.com/praxis/prax0812.htm
[Previous]
[Index] [Next]
| Systems
Modelling Ltd.:
Managing reality in
Information Systems -
strategies for success |
|
IN THIS ISSUE
|
1) IT
Risk
Redaction
Redux
Irish Reporting and
Information
Security Service
|
2) Euro debates
In or out?
|
3) Spreadsheets
The Daily WTF on the
Uncertainity Principle of
Spreadsheets
|
4) Off
Topic
Office Offline web comic
|
14 Web links in this newsletter
|
About this newsletter and
Archives
Disclaimer
Subscribe
and Unsubscribe information |
_______________________________________________________
Welcome to PraxIS
Another spreadsheet story this month, and your last chance to
get a Spreadsheet Safe training + XLTest package
deal!
Patrick O'Beirne
_______________________________________________________
_______________________________________________________
1) IT Risk
Redaction Redux
After my article last month
on the accidental revealing of hidden data in Excel,
a contact reported
that he knew of a case in the US where a
fortune 100 company made a
production of Word docs and
Powerpoint slide decks, all produced as
PDF's and with the
redactions as a distinct layer rather than
"burned-in".
Changing the redactions to a transparent colour turned
them
into a highlight of the information the other side felt was
interesting. It may have been the GE case:
http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202421717785&rss=ltn
GE
Suffers a Redaction Disaster; General Electric's
sensitive
information easy to access behind black veil
By Douglas S. Malan The Connecticut Law Tribune
May 28, 2008
"The
plaintiffs'
firm, Sanford,
Wittels & Heisler in Washington, D.C.,
took the time and effort
to
black out
reams of pages in numerous briefs to make them inaccessible
to the public -- or so they thought. But
as of late last
week,
you could
download several documents through PACER's federal
court
filing system, copy the black bars that cover the
text on the screen
and paste them into a Word document.
Voilà. Information about
the inner-workings of GE's white,
male-dominated management and their
alleged discriminatory
practices against women, which is supposed to be
sealed by
court order, appears with little technical savvy required. 'I
didn't know that,' plaintiffs' lead counsel David W.
Sanford said".
Other
references on this topic are:
http://en.wikipedia.org/wiki/Sanitization_(classified_information)
http://www.stg.srs.com/eds/docdet/info.shtml
Public
Information on Hidden Data; articles on the issue of hidden data
in electronic documents
http://www.metadatarisk.org/
TRACE!
by
Workshare is a free document security tool that provides personal
protection against information privacy and
compliance violations in all
documents you touch.
https://admin.adobe.acrobat.com/_a295153/p81774772/
Adobe
has
a whitepaper "Redaction of Confidential Information
in
a Document" on
the proper way to redact documents in their
source form and PDF.
http://
www.fas.org/sgp/othergov/dod/nsa-redact.pdf
The
National Security Agency Information
Assurance Directorate
has also provided guidance in a document titled:
"Redacting
with Confidence: How to Safely Publish Sanitized
Reports
Converted from Word to PDF"
_______________________________________________________
Irish Reporting and Information Security
Service
IRISS are Ireland's first CERT (Computer
Emergency Response Team) to
provide services to all users
within Ireland.
http://www.iriss.ie
I
recently signed up for IRISS and got this story:
Deloitte Survey Shows 65% of Irish E-Commerce Sites Not
Secure
"A
recent survey by
Deloitte shows that a significant portion of the
100
websites surveyed did not coply with the PCI DSS Credit
Card Payments
standard. In addition 2% of the sites did not
encrypt cardholder data
at all. The report points out
that these insecure sites can
lead to a greater risk of
their clients becoming the victims of
identity theft or
credit card fraud. IRISS would recommend all
sites
that support e-commerce to ensure that they are compliant with
the PCI DSS Credit Card Payments Standard. https://www.pcisecuritystandards.org/
http://www.deloitte.com/dtt/press_release/0,1014,cid%253D235021,00.html
"The
analysis looked at over 100 Irish based
e-commerce websites
and examined the security levels that were in place
for
online payments. 53% of companies supported weak or
legacy
encryption, with 2% sites not encrypting cardholder
data entry sessions
at all. This means that the information
that visitors to the site
submit such as name, address and
credit card details can potentially be
compromised and
accessed by fraudsters. In addition, 7% websites
did not
require a CVV2 number – the three digit code on the back of
credit cards. By requesting this number, the risk of
fraud is greatly
reduced. 3% of websites also had expired
SSL certificates. SSL
certificates verify that the website
being interacted with is who it
claims to be. Michael
Hofmeyr, Senior Manager, Enterprise Risk Services,
Deloitte added:
“Recent research released in National
Identity Fraud Prevention Week
found that almost 90,000
people in Ireland have fallen victim to
identity
fraud."
____________________________________________________________
____________________________________________________________
2) Euro
debates
http://www.eubusiness.com/news-eu/1225126021.25
EUBusiness
reports that debate about whether and when to
join
the euro is hotting up.
It
has re-surfaced in the UK, Sweden, and Denmark.
http://www.eubusiness.com/news-eu/1227536222.99
Majority
of Icelanders want to join EU, adopt euro: poll
"A
large majority of
Icelanders want their crisis-hit country to apply
for EU
membership and adopt the euro, but their enthusiasm has dwindled
somewhat since the height of the financial panic
last month, a poll
showed Monday. The poll, published in
the Frettabladid daily,
indicated that 59.6 percent of
Icelanders think their North Atlantic
island nation should
apply to join the European Union. About 68 percent
support
replacing their sharply depreciated krona with the euro."
____________________________________________________________
____________________________________________________________
3) Spreadsheets
Heisenberg Uncertainty Principle...of Copy-and-Pasting into
Spreadsheets?
http://thedailywtf.com/Articles/The-Great-Excel-Spreadsheet.aspx
"In
going
back previous editions of the spreadsheet, somehow, they managed
to send completely idiotic numbers to their
customers for three full
years (at least). Not a single
customer, not a single manager ever
noticed the
inconsistency for what were supposed to be
trivial
multiplications; not a single one of them noticed
that
'The-most-important-figure-on-this-chart-we-base-all-our-decisions-on;
was
random garbage.
Excited at the chance to clear his
name, Maxim
revealed his findings to the lead
analyst. However,
instead
of
relief, he only shrugged
and responded 'Hmph... well, we usually just
use our gut
for recommendations, anyway.'"
I am reminded of a
quotation, the earliest date I have
seen for it is 2001: "I
work for an investment bank. I have dealt
with code written
by stock exchanges. I have seen how the computer
systems
that store your money are run. If I ever make a fortune, I will
store it in gold bullion under my bed."
ScanXLS helps companies find VAT rates in spreadsheets
Companies in the UK and Ireland face the
staggering task of changing
price lists in spreadsheets
because of the VAT rate reduction from
17.5% to 15% in
Chancellor Darling's stimulus to the British economy,
and
the increase from 21% to 21.5% in Ireland. SCANXLS from Systems
Modelling lets you scan your entire hard disk or
network for
spreadsheets that contain 17.5% or .175 or
combinations that
result in gross or net calculations such
as 7/47 and 40/47.
Systems Modelling can also scan spreadsheet files sent to us.
This spreadsheet scanning service suits those who don't
wish to install
third party software on their servers, or
who want an outsourced
solution.
Scanxls also reports on other data or formula integrity issues
that may exist in the spreadsheet, alerting
businesses to problems that
they did not know they had.
Contact: Patrick O'Beirne (+353) 5394 22294
Spreadsheet Safe Training plus unique software
My
Spreadsheet Safe training course is available. A sample of the
product is available from
http://www.spreadsheetsafe.com/pdf/product%20snapshot.pdf
http://www.spreadsheetsafe.com/product/syllabus/
Contact
me if you would like a copy of the 64-point
syllabus.
For the remainder
of 2008 I am making a special offer that no other
trainer
can match. As well as the spreadsheet safe course,
course
materials, e-learning and certification test, each
candidate shall
receive a personal license for my XLTest
spreadsheet checking
software. In the busyness of
daily work, this add-in will dramatically
enhance
productivity in proofing and checking spreadsheets.
XLTest helps cover your assets
Here's some the
things my XLTest add-in does that would have helped in
the
story above:
1) Unhide all
very-hidden and hidden sheets, rows, and columns
2)
Report text hidden by font colour is the same as background colour
3) Report text hidden by formatting strings like
three semi-colons
4) Shows all built-in and custom
document properties.
Plus all
the things you expect an auditing add-in to do.
For a beta preview,
download the documentation (1MB PDF) at http://www.sysmod.com/xltest097.pdf
Spreadsheet Check and Control: 47 best practices to detect
and prevent errors
http://sysmod.buy.ie/catalog/product_info.php?products_id=188
Our
offer - free shipping to EU .
_______________________________________________________
_______________________________________________________
FEEDBACK
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne,
Editor
_______________________________________________________
_______________________________________________________
Office Offline : A web
comic by David Salaguinto. Gentle humour.
http://blogs.msdn.com/officeoffline/
http://blogs.msdn.com/officeoffline/archive/2008/10/17/but-it-s-not-a-positive-sign.aspx
http://blogs.msdn.com/officeoffline/archive/2007/11/16/it-s-not-even-their-first-merge.aspx
_______________________________________________________
_______________________________________________________
Copyright (c) Systems Modelling Limited,
http://www.sysmod.com
.
Reproduction allowed provided this copyright notice is included.
We appreciate any
feedback or suggestions for improvement. If you
have
received this newsletter from anybody else, we urge
you to sign up for
your personal copy by sending a blank
email to EuroIS-subscribe
(at) yahoogroups
(dot) com
For those who
would like to do more than receive the monthly
newsletter,
the EuroIS list makes it easy for you to discuss
issues
raised, to share experiences with the rest of the
group, and to
contribute files to a common user community
pool independent of the
sysmod.com web site. I moderate
posts to the EuroIS list, to screen out
inappropriate
material.
Patrick O'Beirne,
Editor
_______________________________________________________
ABOUT THIS
NEWSLETTER
"Praxis" means model or example, from
the Greek verb "to do". The name
is chosen to reflect our
focus on practical solutions to IS problems,
avoiding hype.
If you like acronyms, think of it as "Patrick's reports
and
analysis across Information Systems".
Please tell a
friend about this newsletter.
We especially appreciate
a link to www.sysmod.com from your web
site!
______________________________________________________
ARCHIVES
To read
previous issues of this newsletter please visit our web site at
http://www.sysmod.com/praxis.htm
DISCLAIMER
This
newsletter is prepared in good faith and the information has been
taken from observation and other sources believed to
be reliable.
Systems Modelling Ltd. (SML) does not
represent expressly or by
implication the accuracy,
truthfulness or reliability of any
information provided. It
is a condition of use that users accept that
SML has no
liability for any errors, inaccuracies or omissions.
The
information is not intended to constitute legal or
professional advice.
You should consult a professional at
Systems Modelling Ltd. directly
for advice that is
specifically tailored to your particular
circumstances.
_______________________________________________________
PRIVACY
POLICY:
We guarantee not to sell, trade or give
your e-mail address to anyone.
To subscribe to this
Newsletter send an email to
EuroIS-subscribe (at)
yahoogroups (dot) com
To unsubscribe from this
Newsletter send an email to
EuroIS-unsubscribe (at)
yahoogroups (dot) com
EuroIS is the distribution list
server of the PraxIS newsletter. It
also offers a moderated
discussion list for readers and a free shared
storage area
for user-contributed files. The archives of this group
are
on YahooGroups website
http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________