06-02 Contents: Greylisting, SME IT Security, Software Testing, Quality, Search Engines, FDA Spreadsheet guidance, Choir MIDIs
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0602.htm [Previous] [Index] [Next]
| Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success | |
IN THIS ISSUE |
|
| 1) Risk & Security Grey area Article on security for Small to Medium Business Free guide to fraud prevention for Small to Medium Enterprises |
|
| 2) Software Testing & Information Quality Software Testing SIG Feb 16 Steve Allott, Brian Lambert Information Quality Forum Feb 23, Dublin |
|
| 3) Search Engines get more assertive We know what you searched last summer Cloaking gets the dagger SEO a weak case for standards |
|
| 4) Spreadsheets Spreadsheet Validation in FDA regulated industry Spreadsheet Auditing for Free Training course in spreadsheet auditing methodology with Ray Butler Spreadsheet Check and Control book applause |
|
| 5) Off Topic Free MIDI rehearsal line parts for choirs |
|
| 19 Web links in this newsletter About this newsletter and Archives Disclaimer Subscribe and Unsubscribe information |
_______________________________________________________
This month, I am asking for feedback on what you think are the most important things that small business should do to protect themselves from real life security threats.
Patrick O'Beirne
_______________________________________________________ _______________________________________________________
My email hosting company uses a technique called 'greylisting' to reduce spam. Briefly, every email from a non-whitelisted (ie approved) address receives an automatic bounce with a 'try again later' error message. The theory is that most spammers don't try again, the "fire-and-forget" methodology. (I don't see why they should not attempt retries now.) Since SMTP (Simple Mail Transport Protocol) is considered an unreliable transport, the possibility of temporary failures is built into the core spec (see RFC 821). Therefore, any compliant message transfer agent (MTA) should attempt retries if given an appropriate temporary failure code for a delivery attempt. Unfortunately, I found one client whose mail system does not do this, so I have to use a different email address for them. And their system does not return 'read receipt' requests, so I have to phone to make sure important emails got through.
Just another chicane in the road caused by spam and antispam sparring.
http://projects.puremagic.com/greylisting/
I've been asked to contribute an article on this to the Irish Computer Society. I'll say all the usual things, but I'd like your - what do YOU think is the #1 thing that a SMB should do, if they do nothing else?
http://www.icai.ie/media/mr-details.cfm?id=648
This 28 page 198K PDF is a European Federation of Accountants guide designed to assist SME entrepreneurs limit the risk of fraud. The publication analyses fraud's impact, provides practical suggestions to identify, detect and prevent fraud and recommends implementing internal control systems tailored to SMEs' specific needs. Case studies are also included to illustrate the range and nature of fraudulent activity.
by Rebecca Herold, 500 pages, Auerbach Publications, 2005.
http://sysmod.com/az.php?a=0849329639&b=Managing+InfoSec+Awareness
Gary Hinson says "I am delighted now to have found an excellent textbook on security awareness. If you've read any of my other book reviews, you'll perhaps appreciate how rare it is for me not to find fault. It was a real pleasure to read and is thoroughly recommended." Gary's review is linked from:
http://www.noticebored.com/html/white_papers.html
____________________________________________________________
____________________________________________________________
Contact: Karen E Devine, Administrator and Event Planner, SoftTest Ireland
Tel. 1850 75 25 75 http://www.softtest.ie
http://www.iqnetwork.org Join the IQ Network (the Information Quality SIG of the ICS, and a Community of Practice of the IAIDQ) in the Helix in DCU to share experiences, learn from Best Practices and meet with others facing the challenges of duff data quality and the need to continue to “Connect the Dots”. To register for the event, go to http://www.iq-research.net . Presentations include "Meeting the Raising Demands of Regulators: Re-engineering the Customer Investigation Process at Credit Suisse and Future Prospects" by Thomas Mügeli, Credit Suisse. and "Business Rules Based Measurement of Data Quality" by Marcus Gebauer, WestLB Bank. Copies of presentations will be available for download from the conference website in pdf format after the event, subject to agreement from copyright owners.
____________________________________________________________
____________________________________________________________
http://news.com.com/2100-1025_3-6034626.html
To find out what kind of information the four major search companies retain about their users, CNET News.com surveyed America Online, Google, Microsoft and Yahoo. They asked the same seven questions of each company. Steve Langdon of Google said that given an IP address or cookie value, Google can produce a list of the terms searched by the user of that IP address or cookie value. When asked "Have you ever been asked by an attorney in a civil suit to produce such a list of search terms? A prosecutor in a criminal case?", Langdon said "We do not share information about that.".
http://www.mattcutts.com/blog/ramping-up-on-international-webspam/ Matt Cutts is the software engineer at Google responsible for banning websites. He recently removed BMW.de for 30 days because they presented one keyword-loaded page to the search engine robot but a different graphic one to the browser via a javascript redirection. That’s a violation of Google's webmaster quality guidelines, specifically the principle of “Don’t deceive your users or present different content to search engines than you display to users.” It's nice to see sites that use spammy techniques like 'cloaking' hit with a penalty, Obviously BMW appealed and they got back in quickly after cleaning up their act, but a rap on the knuckles helps put manners on some people.
It has been argued that good HTML style is a necessary part of Search Engine Optimisation (SEO). Mike Davidson was curious why his ego-centric googling did not place his own site higher in the rankings. So he performed some tests using a madeup word (the Google Vacuum Tests) and discovered that as long as the text renders properly, it's good enough.
http://www.mikeindustries.com/blog/archive/2006/01/the-roundabout-seo-test Mike D. writes: "Although good semantics are somewhat valuable in optimization, simple things like proper titles, descriptive filenames, and incoming links are dramatically more important. For good SEO, making your site sticky enough to attract quality incoming links is by far and away the thing to concentrate on."
____________________________________________________________
____________________________________________________________
The pharmaceutical industry has long been used to regulation. One of the pioneers in Excel spreadsheet validation, Derek Wimmer's DACS product, has now been taken over by CompasSoft, along with the auditing tool EXChecker. On Wimmer Systems's websites I discovered some well thought out documents originating from the US Food & Drug Administration (FDA).
http://www.SpreadsheetValidation.com Derek Wimmer's site has 'Spreadsheet Design and Validation for the Multi-User Application for the Chemistry Laboratory Part I' (314K PDF) by Dennis Cantellops, Evelyn Bonnin and Anne Reid.
http://www.WimmerSystems.com has 'Spreadsheet Design, Verification and Validation, Use and Storage of Single-User Workbook Files in the US FDA Laboratories Part II' (1.4MB PDF) by Dennis Cantellops. Their Spreadsheet Specification and Reporting Tool is currently in beta and they are looking for people to evaluate it.
Ray Butler, a long-time campaigner on spreadsheet risks, has made available his Jan 2006 presentation to ISACA Northern England where he shows how to use the built-in features of Excel to audit spreadsheets for errors.
http://www.isaca.org.uk/northern/Presentations.htm Spreadsheet Auditing for Free (1.56Mb pdf) by Ray Butler
In the presentation, he mentions my book 'Spreadsheet Check and Control' - thanks, Ray!
You have a chance to hear him - and me - go into much more detail on methodology and best practices in spreadsheet audit, review, design, and testing. We're doing a joint course on April 27 in the UK, so reserve your place now!
http://www.sysmod.com/spreadsheet_auditing.htm now taking bookings
for:
Ireland: (Irish Computer Society, Dublin) Thursday 20 April 2006
UK: (University Women's Club, London), Thursday 27 April 2006 - Joint event
with Ray Butler
The intended audience is anyone who builds or reviews spreadsheet models, such as managers, accountants, actuaries, financial modellers, or IT analysts in enterprise IT audits. You need to have an intermediate or advanced knowledge of Excel. You should leave the seminar with the confidence to use the tools and methods shown to risk-assess and test spreadsheets in your organisation.
• Where to start and what are the most efficient techniques to use
• How you can cut down a huge system of spreadsheets to a manageable audit task
• The symptoms that indicate potential or actual problems
• How a company can create an inventory of its critical spreadsheets, assess
them for risk, and prioritize scarce resources
• How the top spreadsheet auditing software tools compare, including little-used
secrets of Excel's auditing features
• Includes a copy of "Spreadsheet Check and Control", my new book of 47
professional checking techniques
• Reinforce your learning with an optional hour of hands-on practice using
demonstration versions of auditing software
To book online, visit http://sysmod.buy.ie/catalog/product_info.php?products_id=189
'It's super. I kept saying to myself, "Wow, I didn't know you could do that." A great job.' Ray Panko, University of Hawai'i.
'An essential guide for serious spreadsheet users. ' P M Cleary, University of Wales Institute Cardiff, Wales
'An excellent book on a key subset of Information Quality' Amazon.co.uk reviewer Celtic_Tigger
'Probably one of the most important spreadsheet books ever written.' Simon Murphy, Codematic.net, author of XLAnalyst.
'Spreadsheet Check and Control does what no other book before has attempted to do; provide standards for designing spreadsheets that lend themselves to a logical review by management and internal auditors.' Jim Kaplan, AuditNet.org.
May I ask readers to add a review to the Amazon web site in your country? In Germany, France and Canada especially.
http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control
I shall be adding more material to the reader support web page www.sysmod.com/sbp/ (access requires a username and password provided in the book), If you have improvement suggestions, please let me know so I can make this a better resource.
http://sysmod.buy.ie/catalog/product_info.php?products_id=188 Where to buy the book - free shipping to EU in Feb 2006.
_______________________________________________________
_______________________________________________________
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
_______________________________________________________ _______________________________________________________
Out of hours, I maintain the web sites of the Guinness Choir and the Wexford Festival Singers. I occasionally need to make rehearsal tapes or CDs for the SATB parts. A great source for these is CyberBass.com who has free midi files of many of the major choral works. I have also used Windows Media Player to play these at half speed (and re-record using OPD2D or Audacity) for those of us who find clusters of semiquavers difficult. In this Mozart celebration year, I expect a great demand on his site. If you download some files, do support Vince with a Paypal donation so he can buy more scores.
http://www.cyberbass.com/Major_Works/Mozart_W_A/
And to finish off with a dreadful joke from the Choral Ireland mail list :
Knock, knock.
Who's there?
A tenor.
How do I know you're a tenor?
I can't find the key!
_______________________________________________________
_______________________________________________________
Copyright 2006 Systems Modelling Limited,
http://www.sysmod.com .
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received
this newsletter from anybody else, we urge you to sign up for your personal copy
by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the
EuroIS list makes it easy for you to discuss issues raised, to share experiences
with the rest of the group, and to contribute files to a common user community
pool independent of the sysmod.com web site. I will be moderating posts to the
EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen
to reflect our focus on practical solutions to IS problems, avoiding hype. If
you like acronyms, think of it as "Patrick's reports and analysis across
Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at
http://www.sysmod.com/praxis.htm
DISCLAIMER
This newsletter is prepared in good faith and the information has been taken
from observation and other sources believed to be reliable. Systems Modelling
Ltd. (SML) does not represent expressly or by implication the accuracy,
truthfulness or reliability of any information provided. It is a condition of
use that users accept that SML has no liability for any errors, inaccuracies or
omissions. The information is not intended to constitute legal or professional
advice. You should consult a professional at Systems Modelling Ltd. directly for
advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to
anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers
a moderated discussion list for readers and a free shared storage area for
user-contributed files. The archives of this group are on YahooGroups website
http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________