PraxIS March 2005

_______________________________________________________

Welcome to PraxIS

For readers in the UK, please forward the news item about the spreadsheet auditing course that Ray Butler and I shall be giving in Salford on May 17-18, to your contacts who are auditors, risk managers, and EUC training managers.

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

New Information Quality Special Interest Network Launched

The Irish Computer Society (ICS) has teamed up with the Irish members of the International Association for Information and Data Quality (IAIDQ) to form a new ICS Special Interest Network. The Information Quality Network (IQ Network) is for IT professionals responsible for the operation or development of the systems that process and store business data, and for business professionals concerned about the impact of poor quality data on their processes and costs.

To find out more about the IAIDQ, check out www.iaidq.org.

_______________________________________________________

Book: "Managing Security with Snort and IDS Tools"

http://sysmod.com/az.php?a=0596006616&b=Snort+and+IDS by Kerry Cox/Christopher Gerg, 2004, on network sniffing and intrusion detection. Robert Slade's review at http://victoria.tc.ca/int-grps/books/techrev/bkmswsit.rvw describes it as a set of useful explanations for the use and operation of the standard intrusion detection program.

_______________________________________________________

UK Public Virus Alert web site launched

The UK government set up a Virus Alert site ITSafe on Feb 23 to warn home and small business users of PC viruses, mobile phone vulnerabilities and so on. It is expected to issue between six and ten alerts a year, concentrating on the most major problems. It will not provide patches, but will point the user to where the patches can be downloaded. It is also made clear that the site is not a substitute for proper AV and Firewall provision.

http://itsafe.gov.uk/

"Safe" Word ?

http://www.itsafe.gov.uk/glossary/itsafeword.html  definition: A security feature used on the ITsafe website to help reduce the risk of someone spoofing our e-mails. When you sign up to our e-mail service you are asked to type in an ITsafe Word [...] All e-mails we send to you will use this word in the 'subject' line. In e-mail programs this is normally displayed just above the e-mail content. You can quickly check that the e-mail has come from us as someone else would not know your ITsafe Word."

A comment in the Risks Digest http://catless.ncl.ac.uk/Risks/23.77.html : "Until you forward the e-mail, forgetting to remove the word (not that it mentions that people *should* do this on forwarding etc). Or post it to USENET, or..."

_______________________________________________________

Wanna be president of Microsoft?

Geoff Kuenning posted this to the same issue of Risks digest:

"If you go to https://businessfilings.ss.ca.gov you can type in the name of any corporation registered in California and be presented with the corporate-info form. If you type "Microsoft", you'll get several with MS in the name, including one that's located at One Microsoft Way, Redmond, WA. Keep clicking and you can fill out the form with "corrected" information. It costs a $25 filing fee, which can be paid with a credit card. They also collect an e-mail address, though I don't know why. So if you have a stolen credit card and a throwaway e-mail address (e.g., at mailinator.com or just good ol' hotmail), you can change Microsoft's information."

_______________________________________________________

The Weakest Link

Elias Levy (Symantec) noted a cute illustration of the weakest link in a would-be security system: http://www.syslog.com/~jwilson/pics-i-like/kurios119.jpg

____________________________________________________________
____________________________________________________________   

2) Web researching

Test their Y!Q

http://yq.search.yahoo.com/

Y!Q maintains an automatic lookup of items relevant to whatever you're looking at in your browser. For example, if you go to http://test.news.yahoo.com, you'll see "Search Related Info" links. Click on those to get a new semitransparent window with Yahoo search results related to the item you've clicked on. 

This is not just another IE toolbar. You can get it for Firefox or embed it into your Web page with some control over content.

____________________________________________________________
____________________________________________________________

3) Europe

EU Constitution newsletter

The Federal Trust monthly newsletter will monitor the debate, events and developments surrounding the ratification process for the EU Constitution in all 25 member states. It will offer a particular UK perspective of this process and provide a forum for differing views on the debate. Back issues are available at www.fedtrust.co.uk/constitution_newsletter

www.fedtrust.co.uk/admin/uploads/News_Mar_05.pdf The March edition notes:

"The EU Commissioners have discovered a new way to reach the public: blogs. Margot Wallström, the Swedish Communication Commissioner, has got her own personal blog, in which she describes her work and comments on life in Brussels": http://weblog.jrc.cec.eu.int/page/wallstrom

_______________________________________________________

Cyberlaw: EU Law on Spam

Those interested in deeper legal discussion now have a listserv list as a forum for academic discussion of cyberlaw and internet law issues, from a European perspective. Contributions can include networking (announcements of conferences, calls for papers etc), requests for information, notes about recent developments, and discussion of any aspect of the subject. To join the list, or to see the list archives, either contact the list owner direct (s.hedley at ucc.ie) or visit https://listserv.heanet.ie/cyberlaw.html

A recent sample is "Regulating Spam: Directive 2002/58 and Beyond" by Lodewijk F. Asscher (May 2004) http://ssrn.com/abstract=607183  "This paper analyses the legal framework regulating unsolicited commercial communications or spam in the European Union. Our focus is on the Directive on privacy and electronic communications of July 12, 2002 (the E-Privacy Directive), as this directive has introduced new rules on the regulation of spam. "

____________________________________________________________
____________________________________________________________

4) Spreadsheets

AUDITING SPREADSHEETS COURSE May 17-18

http://www.isaca.org.uk/northern/formal_training.htm  ISACA course at Salford University, 17-18 MAY 2005.

THE PROBLEM

Spreadsheet models are widely used to inform vital business decisions and processes, and are known to be about the most error-prone and high-risk applications in any business. Despite the risks, they are often not tested, or are tested around, leaving businesses exposed to error (and potentially in breach of regulatory and legal requirements) Testing can be an enormous sink of time and effort, much of it tediously repetitive for the auditor or reviewer, and as a result errors can easily be overlooked. If it is contracted out to any of the excellent specialist service companies in the field, it can be expensive and open-ended.

THE SOLUTION

ISACA Northern England presents a two-day course in auditing spreadsheet models led by two leading experts in the field - Ray Butler and Patrick O'Beirne. Over two days, you will learn by a combination of lectures and practical hands on work:

• How to risk assess spreadsheet models in your business;
• Ways in which spreadsheets can be tested;
• How to use computer-assisted Audit tools to gain assurance about / detect errors in business spreadsheet models

You will gain this experience by working through the risk assessment and audit of a live spreadsheet model of your choice from your business. You should leave the seminar with the confidence to use the tools / methods shown to risk-assess and test further spreadsheets in your organisation. If you do not wish to bring one of your own spreadsheets, a large practice spreadsheet will be available You will be supplied with full documentation,  a guide to risk assessment, and working (but time limited) copies of two leading spreadsheet auditing tools, SpACE and ExChecker for evaluation.

_______________________________________________________

SCANXLS enhancements

http://www.sysmod.com/scanxls.htm ScanXLS

My useful workbook to collect inventory data on spreadsheet files & links is being expanded to give multiple levels of links.

_______________________________________________________

New book: Professional Excel Development

   http://sysmod.com/az.php?a=0321262506&b=Professional_Excel

Professional Excel Development: The Definitive Guide to Developing Applications Using Microsoft Excel and VBA. By Stephen Bullen, Rob Bovey, John Green. Paperback 800 pages (March 31, 2005)

More Excel books are at http://www.sysmod.com/spreads.htm#Books

_______________________________________________________
_______________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) Off Topic

Philology and Numerology

Those interested in language and numbers should check out these sites:

http://www.zompist.com/numbers.shtml The numbers 1 to 10 in 5000 world languages

http://www.turbulence.org/Works/nums/ The Secret Lives of numbers. An interactive Java applet histogram exploring the relative popularity and cultural associations of every integer between 0 and one million. Why is 800 popular, for example?

_______________________________________________________
_______________________________________________________

Copyright 2005 Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________