04-10 Contents: EUC risks, photocopier hack, Security, Quantitative methods, Euro EU+10, Spreadsheet error survey, Ig Nobel prizes
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0410.htm [Previous] [Index] [Next]
Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success | |
IN THIS ISSUE |
|
1) Risk & Security End user computing risks Hacking into online photocopiers CyberSecurity Awareness Month Culling unpopular colleagues? |
|
2) Quantitative methods My recommended course book |
|
3) Euro Faint stirrings of interest |
|
4) Spreadsheets New Statistics on Model Error Rates |
|
5) Off Topic Ig Nobel prizes 2004 Actuary jokes |
|
16 Web links in this newsletter About this newsletter and Archives Disclaimer Subscribe and Unsubscribe information |
_______________________________________________________
To help sponsor the cost of this newsletter, make your next purchase from Amazon using one of the links below. You don't even have to buy the specific book I mention - just click on one of my links before you buy anything from Amazon! When you click, you are offered a choice of Amazon store - US, Canada, UK, France, Germany, Japan, so you can pick the one you prefer.
For those who read this by email: if some of the links in this newsletter
wrap in your email window, or your email client cannot open PDF files, you can
go to the online version of this newsletter and right-click on the links to save
the files:
http://www.sysmod.com/praxis/prax0410.htm
Patrick O'Beirne
_______________________________________________________ _______________________________________________________
I presented on this topic on Sep 30 to the Information System Security Association of Ireland (IssaIreland.org). The risks in end user development is getting more prominent attention in the software engineering community:
www.computer.org/software/homepage/2004/July-Aug/dangers.htm "The Dangers of End-User Programming", by Warren Harrison IEEE Software, July/August 2004, pp. 5-7. Warren says "recently I’ve become uneasy thinking about where these dabblers are applying their newfound knowledge...And now we’re expecting (no, depending on) these folks to write software that not only works correctly but is secure as well?"
http://csdl.computer.org/comp/mags/so/2004/05/s5toc.htm The Sep/Oct 2004 issue of IEEE Software magazine has free access to a PDF of the letters page that includes readers' comments on these risks, "How Dangerous Are End-User Programmers?" Warren comments "Programming isn’t easy or error free, even for 'professional developers'. Why pick on end users? "
____________________________________________________________
A post on the Open list in Ireland said "reminds me of all the laser jet printers you used to find on the internet that had no password protection. I found that <name> had such a printer sitting on their network once. Wonder how many pages of 'please change my password' it took for them to fix it :)"
____________________________________________________________
www.staysafeonline.info "Securing your personal computer plays a crucial role in protecting our nation’s Internet infrastructure. The National Cyber Security Alliance (NCSA) is a public-private partnership focused on promoting cyber security and safe behavior online." Includes a list of the top ten cyber security tips for home users.
____________________________________________________________
http://csdl.computer.org/comp/mags/so/2004/05/s5028abs.htm
Software Magazine September/October 2004 (Vol. 21, No. 5) pp. 28-32 Why Culling
Software Colleagues Is Popular
"Cutting staff is generally seen as an unpleasant duty, to be carried out when a
company’s financial position deteriorates. This article explores the observation
that regular culling of staff can be popular with the workforce, because poor
performers cause much more damage than is apparent to management. Using queuing
theory and simulation, the author demonstrates the severe impact of poor work.
In this context, the support for cutting poor staff is logical. The author
recommends surveying your software developers to find out if they feel that this
would improve their productivity. If so, then there is a popular mandate to
implement a 'rank and remove' approach. "
____________________________________________________________
Hacking Exposed: Network Security Secrets and Solutions, 4th edition Stuart
McClure, Joel Scambray, George Kurtz. Explains operating systems, switch and
network vulnerabilities--used by the bad guys to get in--and how to remove them.
http://sysmod.com/az.php?a=0072227427&b=Hacking_Exposed
Hacking: The Art of Exploitation, by Jon Erickson. Describes the techniques
of computer hacking, covering such topics as stack-based overflows, format
string exploits, and shellcode.
http://sysmod.com/az.php?a=1593270070&b=Art of Exploitation
____________________________________________________________
____________________________________________________________
I have just started presenting a course in Quantitative Methods to the first year BA students at the Irish Management Institute. This draws upon my background in financial modelling and operations research, and some lecturing I did in the School of Management Science and Information Systems Studies (MSISS) at the Department of Statistics in Trinity College Dublin.
For the course book, I am using Louise Swift's "Quantitative Methods for
Business, Management and Finance" because it starts from the right place
for mature students who have forgotten school math, and gives many examples to
practice the points.
It covers Essential Maths, Describing Data, Probability, Statistics, and
Business Modelling, which includes linear programming, project planning,
inventory control, time value of money, quality control, and simulation.
http://sysmod.com/az.php?a=0333920767&b=Quantitative_Methods
I can send a longer book list to anyone who requests it. My close second choice was "Quantitative approaches in business studies", by Clare Morris 6th ed 2003, very reader-friendly but slightly less detailed.
____________________________________________________________
For readers interested in quants, here are some more useful links:
www.wilmott.com Paul Wilmott's site on Quantitative Finance (is there any other kind?) has forums discussing financial engineering techniques, risk modelling, derivatives, Monte Carlo simulation, and more. His book is:
Paul Wilmott on
Quantitative Finance, 2 Volume Set, gets five-star reviews.
Updates "Derivatives: The Theory and Practice of Financial Engineering". With
essential Visual Basic code and spreadsheet explanations of the models
http://sysmod.com/az.php?a=0471874388&b=Quantitative_Finance
Here are two online texts with free content:
www.pearsoned.com.au/elearning/hovey/inv_dec/home.html Spreadsheet Modeling for Investment Decisions, online ebook by Martin Hovey of the University of South Queensland. "Spreadsheet Modelling for Investment Decisions should be treated as a supplement to finance textbooks... a valuable aid to developing workable models quickly and accurately."
www.pearsoned.com.au/elearning/hovey/corp_fin/main.html Spreadsheet Modeling in Corporate Finance, online ebook by Martin Hovey of USQ.edu.au. "The book is written as a supplement to your corporate finance textbook."
Financial Modeling, by Simon Benninga. A finance "cookbook" that bridges the
gap between theory and practice by providing a nuts-and-bolts guide to solving
common financial models with spreadsheets
http://sysmod.com/az.php?a=0262024829&b=Financial_Modeling
____________________________________________________________
____________________________________________________________
I recently had a call from Elly Fiorentini of BBC Radio York to answer a question live about decimalisation. It still looks unlikely that the UK is going to do anything about the euro, even though the public service is still conscientiously updating the transition plan:
www.euro.gov.uk/europreparations.asp
Euro Preparations - What you need to know
(July 2004)
This leaflet provides a summary of the third outline National Changeover Plan. It explains how the UK would make the change from sterling to euro in the event of a decision to join.
I also hear from people in the new EU accession countries about my euro conversion book, so maybe this topic will be revisited in a couple of years!
Just to remind you, my popular online Euro currency exchange conversion calculator for EU and world currencies with today's European Central Bank rates is available for free use in an iframe if you would like to provide visitors with a currency converter service on your web site.
____________________________________________________________
____________________________________________________________
Usually, people quoting statistics on defect creation rates in spreadsheets refer back to Ray Panko's original researches from 1995-2000. Here is some current work that shows it's just the same now.
www.actuaries.asn.au/PublicSite/pdf/fsfpaper2004-jasminandlee.pdf Financial Modelling of Project Financing Transactions; Robert J Lawrence, Jasmine Lee, Institute of Actuaries of Australia Financial Services Forum 26-27 August 2004.
They quote Tom Grossman: "experienced spreadsheet users are but amateur spreadsheet programmers." and go on to say "The risks of modelling are well understood in the project financing industry, particularly in the Australian market, and these risks are beginning to be appreciated in other industries as well. People with actuarial training are more likely to view the financial model as a dynamic rather than static model and thereby focus on the logic rather than the results based on current input assumptions."
Statistics on Model Error Rates is an appendix. "They are based on the thirty most financially significant projects that Mercer Finance & Risk Consulting reviewed during the financial year ending 30 June 2004. For the financial models related to these thirty projects the average number of unique formulae per model was 2,182 and the average number of issues raised during the initial review of these models was 151 (or, 6.9% of the number of unique formulae). The average number of versions required in order to produce a model that could be 'signed-off' was 6."
One spreadsheet needed 17 revisions to resolve 239 issues: 22MB, 4,825 Unique Formulas. The very best (in terms of issues as % of Unique Formulas) spreadsheet needed 3 revisions to resolve 49 issues: 1.9MB, 1,559 Unique Formulas.
____________________________________________________________
I can help you with spreadsheet modelling, model review, testing, audit and control:
http://www.sysmod.com/spreads.htm
Recent news of fraud and expensive mistakes requiring compensation have prompted leading banks, financial institutions, manufacturing, and service industries to take a harder look at the risks they are exposed to from spreadsheet applications.
I have developed a particular expertise in detailed testing of spreadsheet models and their structural integrity. Every customer is surprised at the defects that are uncovered! Would you take the challenge for your critical models?
When you are reviewing your internal controls, whether for Sarbanes-Oxley (SOX) or other compliance concerns, call on me for a thorough review of your spreadsheet applications. Phone +353 55 22294 or email me .
_______________________________________________________
http://www.sysmod.com/booklist.htm lists recommended books for detailed and high-level overviews of SOX, as well as other technical and business books.
_______________________________________________________
_______________________________________________________
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
_______________________________________________________ _______________________________________________________
www.improb.com/ig/ig-pastwinners.html#ig2004 The 2004 Ig Nobel Prize Winners
MEDICINE : Steven Stack of Wayne State University, Detroit, Michigan, USA
and James Gundlach of Auburn University, Auburn, Alabama, USA, for their
published report "The Effect of Country Music on Suicide."
PUBLIC HEALTH : Jillian Clarke of the Chicago High School for
Agricultural Sciences, and then Howard University, for investigating the
scientific validity of the Five-Second Rule about whether it's safe to eat food
that's been dropped on the floor.
CHEMISTRY : The Coca-Cola Company of Great Britain, for using advanced
technology to convert liquid from the River Thames into Dasani, a transparent
form of water, which for precautionary reasons has been made unavailable to
consumers.
Check the web site for the other categories!
www.actuaries.asn.au/PublicSite/pdf/actaust0405.pdf May 2004 issue of Actuary Australia
- technical analysis is astrology performed with a spreadsheet
- bank propriety derivative trading is gambling sanctioned by boards who do not
understand it
- selecting an investment manager is like choosing a poker machine based on how
much it has paid out in the recent past.
(Darren Wickham)
An actuary is someone who can tell you how many people will die in the next
year. A Sicilian actuary can also tell you their names and addresses.
(Roger Bohlsen)
_______________________________________________________
_______________________________________________________
Copyright 2004 Systems Modelling Limited,
http://www.sysmod.com .
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received
this newsletter from anybody else, we urge you to sign up for your personal copy
by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the
EuroIS list makes it easy for you to discuss issues raised, to share experiences
with the rest of the group, and to contribute files to a common user community
pool independent of the sysmod.com web site. I will be moderating posts to the
EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen
to reflect our focus on practical solutions to IS problems, avoiding hype. If
you like acronyms, think of it as "Patrick's reports and analysis across
Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at
http://www.sysmod.com/praxis.htm
DISCLAIMER
This newsletter is prepared in good faith and the information has been taken
from observation and other sources believed to be reliable. Systems Modelling
Ltd. (SML) does not represent expressly or by implication the accuracy,
truthfulness or reliability of any information provided. It is a condition of
use that users accept that SML has no liability for any errors, inaccuracies or
omissions. The information is not intended to constitute legal or professional
advice. You should consult a professional at Systems Modelling Ltd. directly for
advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to
anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers
a moderated discussion list for readers and a free shared storage area for
user-contributed files. The archives of this group are on YahooGroups website
http://groups.yahoo.com/group/EuroIS/
_______________________________________________________