PraxIS June 2004

04-06 Contents: forensic computer evidence, ethics, passwords, euro archives, spreadsheet software, quiz, data analysis

ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0406.htm     [Previous] [Index] [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success

IN THIS ISSUE

 
1) Risk & Security
    Gathering forensic computer evidence
    Morality, Ethics, and Corporate Governance
    Weak and Strong Passwords
2) Emergent Design Seminars
    June 1,15,29, Dublin, free to ICS members
3) Euro Archives DVD
    Links to massive archive of legacy euro websites
4) Spreadsheets
    EUSPRIG 2004 provisional programme
    Free spreadsheet software and templates
5) Auditing
    Financial Literacy Quiz
    Review of ActiveData: data analysis toolkit for Excel
6) On the lighter side
    Pagina quam tu quaeris abest.
15 Web links in this newsletter
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information

_______________________________________________________

Welcome to PraxIS

What's most interesting item in this month's newsletter? Email me to vote for your favourite; or, reality-TV style, to vote out the least interesting!

Do me a favour - tell a news, business, or travel portal about my euro-based foreign exchange calculator!

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  Risk, Security,  Privacy

Forensic evidence gathering

Recently, the Dáil (Irish Parliament) had to pass a law to allow T.D.s (members of parliament) to examine child p0rn0gr@phy (sorry, I had to munge that to get past your email filters) in a case involving a judge who may be impeached. In case any readers are in the unhappy position of having to preserve evidence at a crime scene, here are some pointers. Basically, don't turn the equipment (PC, mobile phone, whatever) on if it's off, or off if it's on. Just don't touch it - call in the police.

http://csoonline.com/read/050104/forensics.html Eric Friedberg, executive vice president and general counsel for Stroz Friedberg, says "you can divide the world into two groups of people: those who have been through a lengthy cross-examination by a high-powered criminal defense attorney and those who haven't. Investigators with that experience always approach their work with a level of care and double-checking because they never again want to go through the experience of having their head ripped off in front of 12 people and a judge".

http://www.vnunet.com/News/1152379  Vital e-crime evidence often destroyed; National High Tech Crime Unit warns firms to leave computer forensics to the experts. By Iain Thomson, vnunet, 29 Jan 2004. "Companies that fall victim to computer crime may be inadvertently destroying evidence in their efforts to find the perpetrators. Detective Chief Superintendent Len Hynds, of the National High Tech Crime Unit (NHTCU)" "You only have one opportunity to collect the evidence you need to prove your case. Human resources send in well-meaning IT help desk staff who don't know what they are doing and ruin the evidence. You need a professional computer forensic team in there as soon as possible."

In the UK, the Association of chief Police Officers have produced this guide to "Good Practice for Electronic Evidence Gathering" http://www.nhtcu.org/ACPO%20Guide%20v3.0.pdf (432K PDF). It covers what to do at crime scenes; transportation; investigating personnel; evidence recovery; suggested questions for the victims; and a chart for Best Practice for the Seizure of Electronic Evidence.

In the USA, the DOJ produced "Electronic Crime Scene Investigation: A Guide for First Responders" http://www.ojp.usdoj.gov/nij/pubs-sum/187736.htm (874K PDF)

It contains chapters on Investigative Tools and Equipment; Securing, Evaluating, Documenting the Scene; Evidence Collection; Forensic Examination by Crime Category, and much more.

____________________________________________________________
 

Morality, Ethics, and Corporate Governance

I've mentioned the recent AIB scandal in my blog www.sysmod.com/blog and a recent development has been the resignation of the Aer Lingus chairman who was with AIB at the time of the scandals. Last weekend, the head of Bank of Ireland resigned over access to an escort agency web site at work. The IT person who had to report finding that incident may have had some difficult moments. One may speculate as to whether the CEO would have resigned if the Sunday Business Post ( www.sbpost.ie ) had not got a tip-off and published the story. It may have been a tipping point as he had had other problems in managing the bank.

But I'd be far more impressed with the bank's ethics if he or other managers resigned as a result of improper sales practices. A neighbour of mine, in her late eighties, had a presentation from a BoI investment advisor (read: bank salesperson on commission). At a time of her life when a reliable income is most important, to pay for home help, that whippersnapper recommended that she cash some of her assets and live off them, and put most into a long-term risky equity investment policy. Fortunately, she was too sensible for that. And don't get me started on the young bucks who play with other people's money on the stock market, whose only aim is to generate revenue from churn rather than make money for the investor.

____________________________________________________________
 

Weak and Strong Passwords

You know that passwords should have 8 characters or more, with mixed case and non-alphabetic characters. Most people don't try very hard and use "secret", or others in this list of common passwords: http://www.pclinuxonline.com/article.php?sid=8823

Here are a couple of alternative methods:

1) Think of a line from a favourite song, preferably not the first or most famous catchphrase line as that's getting too easy too. (See the Christmas songs at www.sysmod.com/praxis/prax0301.htm#lighter - the titles are too short) . Use the first, second,  or last letters of each word, mix the case, and you can get a longish password.

2) Change some letters to numbers. O becomes 0, i becomes 1, l becomes ! (1,I, and l are hard to distinguish in fonts other than Courier, but fortunately passwords are just shown as asterisks), Z becomes 2, t becomes +, a becomes @, S becomes 5, B becomes 8, etc.

____________________________________________________________
____________________________________________________________   

2) Emergent Design Seminars

The Irish Computer Society (ICS) in association with the Centre for Software Engineering will be holding a series of evening seminars dedicated to Emergent Design, a new approach to software engineering. These seminars are intended to provided practical insights into three of the key Emergent Design concepts, which support simplicity in software design: test first programming, refactoring, and design patterns.
The seminars will be held at fortnightly intervals during the month of June at the ICS premises, Crescent Hall, Mount Street Crescent, Dublin 2 . The first will take place on Tuesday 1st June and the subsequent events will follow on Tuesday 15th June and Tuesday 29th June. Each evening's event will begin at 6pm with registration followed by tea and coffee. The seminar itself will take place between 6:30 and 7:30, with an opportunity for discussion and networking until 8pm. On-street parking is readily available nearby.

____________________________________________________________
____________________________________________________________   

3) Euro Archives DVD

I have just received the Euro Archives DVD. It only gives the front page of each site but that is just a matter of space - it's 1.27GB of home pages. Unfortunately, all the links have a simple error. It must not have been tested before release. For example, assuming the DVD drive is K:, my site is: K:/517_sysmod.com/emu.htm
Click on "Frequently Asked Questions on the IT Impact of the euro " and the link is:
javascript:sortir('http:/europa.eu.int/comm/mediatheque/multimedia/archive/517_sysmod.com/eurofaq.htm');
This fails because there is only one slash after the http: when there should be two. http://europa.eu.int/comm/mediatheque/multimedia/archive/517_sysmod.com/eurofaq.htm works fine.
The online archives of closed euro sites may be found at: http://europa.eu.int/comm/mediatheque/multimedia/archive/index.htm
"Since it was decided to launch a single currency in Europe, numerous Internet sites dealing with the euro have been set up by individuals, institutions, companies, etc. In order to keep this Internet memory of the euro alive, the Directorate General Economic and Financial Affairs of the European Commission has decided to store all these documents –whether merely informative, in favour of or against the euro currency - in an electronic archival resource, Euro-Archives, which aims to make all points of view on the euro accessible to the widest possible audience."

_______________________________________________________

Euro Conversion Calculator updated for new EU member currencies

http://www.sysmod.com/eurocalc/eurocalc.php euro calculator

I have now updated the online calculator to show the currencies of the ten new accession state members, and the exchange rates for other world currencies. It is updated every day from the European Central Bank rates. I am pleased to say it has been syndicated to the European information portal EUBusiness.com (www.eubusiness.com/Currency-converter)

If you would like to feature this on your web site, just email me telling me the page you want it on and I'll explain to your web maintainer how to do it. In return, I ask that you retain my advertisement display and links to my site.

_______________________________________________________

4) Spreadsheets

EUSPRIG 2004 provisional programme

The 2004 conference is bigger than ever, reflecting the growing concern in industry and the public sector over risk from the uncontrolled use of spreadsheets. Not only is it extended to a day and a half, we are willing to put on introductory sessions at no extra charge on Wed 14 July if enough registrants express an interest.

www.eusprig.org/2004conf.htm Provisional programme outline

  1. A Paradigm for Spreadsheet Engineering Methodologies. Thomas A. Grossman[US], Özgür Özlük[US]
  2. A discussion of best practice. David Colver, Operis[UK]
  3. Testing spreadsheets: who, when, why and how. Louise Pryor[UK]
  4. Spreadsheet models complexity metrics. Andrej Bregar[SI]
  5. A Toolkit for Scalable Spreadsheet Visualization. Markus Clermont[IE]
  6. Computational Models of Spreadsheet-Development Basis for Educational Approaches. (Karin Hodnigg[AT], Markus Clermont [AT,IE], Roland T. Mittermeir[AT])
  7. A novel approach to formulae production and overconfidence measurement. S. Thorne[UK], Dr D. Ball[UK], P. Cleary[UK], Z. Lawson[UK]
  8. Using layout information for spreadsheet visualization. Sabine Hipfl[AT]
  9. An Analysis of Three Independent Methods of Error Discovery Amongst Fifty-Seven Similar Spreadsheets. Richard J. Irons[AU]
  10. End User Computer Applications – Auditability and Other Benefits Derived from a Temporal Dimension. Ralph Baxter, ClusterSeven[UK]
  11. TellTable Spreadsheet Audit Logs: from technical possibility to operating prototype. Andy Adler[CA], John Nash[CA], Neil Smith[CA]
  12. XlStruct: A Tool for Building Structured Error-Resistent Spreadsheets. Gary K. Arakaki[JP]
  13. Identification of logical errors through Monte Carlo simulation. Hilary L. Emmett[UK], Lawrence I. Goldman[US]

_______________________________________________________

Free spreadsheet resources

I have split up my long spreadsheet resources page www.sysmod.com/sslinks.htm because it was getting too big at over 100K. The following sections are now on a page www.sysmod.com/free-software.htm :

Spreadsheet application software for Windows and Linux
Useful spreadsheet templates for budgeting, planning, etc.
Our spreadsheet inventory / properties collection utility - SCANXLS
Excel VBA code examples, tools, freeware, shareware, commercial
Excel Tips, tricks, traps, bugs, bug fixes, user groups
Book list: Excel, Financial modelling, and related topics

I have also added a link to my article on Agile Spreadsheet Development.

_______________________________________________________
_______________________________________________________

5) Auditing

Financial Literacy Quiz

In an article in the Harvard Business review entitled "Audit Committees Can’t Add", I found this link to a quiz containing 25 multiple-choice questions.
http://gsbsurvey.uchicago.edu/survey/parshantgoenka/Financial%20Literacy%20Quiz.poll.html
The Blue Ribbon Committee (convened by the NYSE and the NASD) recommended that Audit Committee members should be financially literate. Now, both the NYSE and the AMEX state that audit committees should have independent directors who are financially literate. One conventional definition of financial literacy is the ability to read and understand financial statements; this quiz interprets this ability broadly to include reading and understanding the income statement, balance sheet, statement of cash flows and the supporting notes and schedules.

_______________________________________________________

Review of ActiveData

ActiveData for Excel provides 100 advanced data manipulation and analysis within Excel 2000 or above for use by financial auditors and accountants. It is undergoing constant development, so check their web site for the latest features: www.informationactive.com 

Just to be clear at the start: this is a tool for data analysis, not "spreadsheet auditing" in the sense of checking spreadsheet formulas for errors or structural integrity. I will be reviewing those too, in future issues of PraxIS. If you are interested in Spreadsheet Professional, SpACE, Exchecker, or similar testing products, and need an expert opinion now rather than later, contact me for some private consultancy on the best way of using these tools.

The easiest way to get to grips with the product is to run through their Getting Started Guide, which you get to from ActiveData > Help > Open Getting Started Guide. The Getting Started Guide provides you with feature walk-throughs using the supplied sample data workbook. This workbook is available using ActiveData > Workbook > Open ActiveData Sample Workbook.

ActiveData > Workbook menu

> Workbook Navigator provides a convenient dialogue to Copy, Un/Hide, Un/Protect, Rename, and Delete one or multiple selected sheets. This is similar to the add-in products I reviewed in PraxIS March 2004. It also keeps a history of all the workbooks you have used, far more than the 9 in Excel's most-recently-used (MRU) File list. By the way, if Excel is slow to exit, select ActiveData > Help > Options and set the maximum number of items for workbook history to 50 or less. Otherwise, AD may be spending a long time recording statistics on your last 256 workbooks!

> Global Workbook Find and Replace is a powerful command to change many workbooks in one go. You can search in cell values or formulas.

> Index Workbooks adds a sheet to a permanent file (adataindex.xls) with a list of workbooks and optionally the worksheets within. It is convenient for a snapshot of your spreadsheet directories.

> Revert is a "revert to saved" option that discards the last unsaved changes you made.

> Import allows you to import directory and file listings, and data from ODBC sources.

ActiveData > Sheets menu

Much of AD assumes that the data you are dealing with is structured as database tables in rows and columns with unique headings. If your data is not so organised, you will need to impose a regular structure to be able to use these features. The tool is really intended for data slice-and-dice, so check your work carefully if you apply it to cells containing formulas.
The features are: Merge Sheets, Match Sheets, Compare Sheet, Query Sheet by example or by formula, Split Sheet, Sort by up to 6 groups, Sample randomly, Index Sheets and View.

> Merge is like a database join operation. It creates a new sheet with columns combined from other sheets where rows are matched by some comparison operator. It adds a new column headed "Tags" where it places a + sign against unmatched rows.

> Match Sheets is similar to Merge but performs an extract operation. Both these two features are useful for finding mismatched data, such as invoices with salesperson codes that do not exist in the salesperson table.

> Compare Sheets compares two sheets with a common key and then generates totals and counts for selected columns.

> The Split Sheet By Group tool is used to take the current sheet and separate it into multiple sheets based on the values in a specified group or column. For example, you can create extracted sheets by salesperson or month.

> Index sheets creates a summary sheet with columns for SheetName, Type, Rows, Columns, Cells, UsedRange, Workbook Properties.

ActiveData > Rows menu

The Rows group provides you with over 20 functions that allow you to identify and tag data that you wish to manipulate, move or copy from sheet to sheet or delete. You can select rows by example, by formula, by format, by comparison criteria, or special cases such as even/odd/blanks

ActiveData > Columns menu

Columns can be reordered, created from calculations, and split in various ways. This is like the Excel Column Parse feature. Double-clicking a column header sorts by that column.

ActiveData > Cells menu

This has features to:

ActiveData > Analysis menu

Provides features for Group Summary, Top/Bottom Items, Date Aging, Stratification by bands, Fuzzy match columns, Find Duplicates, Find Gaps, Descriptive Statistics, and Benford's analysis. The last is often used by auditors to detect fraud where amounts have been invented.

A right-click on a column of selected cells also shows quick stats.

In summary, this is a powerful collection of tools for data analysis and manipulation. A skilled Excel formula jockey with an intimate knowledge of VBA could achieve the same results, assuming that they know all these numerical techniques too. For people whose focus is on doing the analysis rather than juggling with advanced Excel features, here is that jock-in-a-box with a set of features that may have you looking at data in ways you didn't know you could.

_______________________________________________________
_______________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

If you like the newsletter, a great way to show your support is to make your next book or CD purchase from our Amazon shop page!

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

6) On the lighter side

http://www.ibiblio.org/blah.html The infamous 404 error message - Page not found - in a variety of world languages and dialects including Latin!

_______________________________________________________
_______________________________________________________

 

Copyright 2004 Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://groups.yahoo.com/group/EuroIS/ 
_______________________________________________________

    [Previous] [Index] [Next]