PraxIS February 2006

06-02 Contents: Greylisting, SME IT Security, Software Testing, Quality, Search Engines, FDA Spreadsheet guidance, Choir MIDIs

ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0602.htm   [Previous] [Index [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  

IN THIS ISSUE

1) Risk & Security
     Grey area
     Article on security for Small to Medium Business
     Free guide to fraud prevention for Small to Medium Enterprises
2) Software Testing & Information Quality
     Software Testing SIG Feb 16 Steve Allott, Brian Lambert
     Information Quality Forum Feb 23, Dublin
3) Search Engines get more assertive
     We know what you searched last summer
     Cloaking gets the dagger
     SEO a weak case for standards
4) Spreadsheets
     Spreadsheet Validation in FDA regulated industry
     Spreadsheet Auditing for Free
     Training course in spreadsheet auditing methodology with Ray Butler
     Spreadsheet Check and Control book applause
5) Off Topic
     Free MIDI rehearsal line parts for choirs
19 Web links in this newsletter
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information

_______________________________________________________

Welcome to PraxIS

This month, I am asking for feedback on what you think are the most important things that small business should do to protect themselves from real life security threats.

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

Grey area

My email hosting company uses a technique called 'greylisting' to reduce spam. Briefly, every email from a non-whitelisted (ie approved) address receives an automatic bounce with a 'try again later' error message. The theory is that most spammers don't try again, the "fire-and-forget" methodology. (I don't see why they should not attempt retries now.) Since SMTP (Simple Mail Transport Protocol) is considered an unreliable transport, the possibility of temporary failures is built into the core spec (see RFC 821). Therefore, any compliant message transfer agent (MTA) should attempt retries if given an appropriate temporary failure code for a delivery attempt. Unfortunately, I found one client whose mail system does not do this, so I have to use a different email address for them. And their system does not return 'read receipt' requests, so I have to phone to make sure important emails got through.

Just another chicane in the road caused by spam and antispam sparring.

http://projects.puremagic.com/greylisting/

 

Article on security for Small to Medium Business (SMB)

I've been asked to contribute an article on this to the Irish Computer Society. I'll say all the usual things, but I'd like your - what do YOU think is the #1 thing that a SMB should do, if they do nothing else?

 

Free guide to fraud prevention for SMEs (Small to Medium Enterprises)

http://www.icai.ie/media/mr-details.cfm?id=648 

This 28 page 198K PDF is a European Federation of Accountants guide designed to assist SME entrepreneurs limit the risk of fraud. The publication analyses fraud's impact, provides practical suggestions to identify, detect and prevent fraud and recommends implementing internal control systems tailored to SMEs' specific needs. Case studies are also included to illustrate the range and nature of fraudulent activity.

 

Book: Managing an information security and privacy awareness and training program

by Rebecca Herold, 500 pages, Auerbach Publications, 2005.

http://sysmod.com/az.php?a=0849329639&b=Managing+InfoSec+Awareness 

Gary Hinson says "I am delighted now to have found an excellent textbook on security awareness. If you've read any of my other book reviews, you'll perhaps appreciate how rare it is for me not to find fault. It was a real pleasure to read and is thoroughly recommended." Gary's review is linked from:

http://www.noticebored.com/html/white_papers.html

 

____________________________________________________________
____________________________________________________________   

2) Software Testing & Information Quality

Software Testing SIG Feb 16 Steve Allott, Brian Lambert

SoftTest Ireland's first event of 2006 is on Thursday 16th February in the Institute of Engineers, 22 Clyde Road, Ballsbridge, Dublin 4. Registration will start at 18.00hrs and the seminar will commence at 18.30hrs. Topics:-
"Effective Testing - Using Industry Standard Techniques", Steven K Allott, CaseMaker International
"Test Data generation and analysis using Scripting Tools", Brian Lambert, Ericsson

Contact: Karen E Devine, Administrator and Event Planner, SoftTest Ireland
Tel. 1850 75 25 75  http://www.softtest.ie

 

Information Quality Forum Feb 23, Dublin

http://www.iqnetwork.org  Join the IQ Network (the Information Quality SIG of the ICS, and a Community of Practice of the IAIDQ) in the Helix in DCU to share experiences, learn from Best Practices and meet with others facing the challenges of duff data quality and the need to continue to “Connect the Dots”. To register for the event, go to http://www.iq-research.net . Presentations include "Meeting the Raising Demands of Regulators: Re-engineering the Customer Investigation Process at Credit Suisse and Future Prospects" by Thomas Mügeli, Credit Suisse. and "Business Rules Based Measurement of Data Quality" by Marcus Gebauer, WestLB Bank. Copies of presentations will be available for download from the conference website in pdf format after the event, subject to agreement from copyright owners.

____________________________________________________________
____________________________________________________________

3) Search Engines get more assertive

We know what you searched last summer

http://news.com.com/2100-1025_3-6034626.html

To find out what kind of information the four major search companies retain about their users, CNET News.com surveyed America Online, Google, Microsoft and Yahoo. They asked the same seven questions of each company. Steve Langdon of Google said that given an IP address or cookie value, Google can produce a list of the terms searched by the user of that IP address or cookie value. When asked "Have you ever been asked by an attorney in a civil suit to produce such a list of search terms? A prosecutor in a criminal case?", Langdon said "We do not share information about that.".

 

Cloaking gets the dagger

http://www.mattcutts.com/blog/ramping-up-on-international-webspam/  Matt Cutts is the software engineer at Google responsible for banning websites. He recently removed BMW.de for 30 days because they presented one keyword-loaded page to the search engine robot but a different graphic one to the browser via a javascript redirection. That’s a violation of Google's webmaster quality guidelines, specifically the principle of “Don’t deceive your users or present different content to search engines than you display to users.” It's nice to see sites that use spammy techniques like 'cloaking' hit with a penalty, Obviously BMW appealed and they got back in quickly after cleaning up their act, but a rap on the knuckles helps put manners on some people.

 

SEO a weak case for standards

It has been argued that good HTML style is a necessary part of Search Engine Optimisation (SEO). Mike Davidson was curious why his ego-centric googling did not place his own site higher in the rankings. So he performed some tests using a madeup word (the Google Vacuum Tests) and discovered that as long as the text renders properly, it's good enough.

http://www.mikeindustries.com/blog/archive/2006/01/the-roundabout-seo-test Mike D. writes: "Although good semantics are somewhat valuable in optimization, simple things like proper titles, descriptive filenames, and incoming links are dramatically more important. For good SEO, making your site sticky enough to attract quality incoming links is by far and away the thing to concentrate on."

____________________________________________________________
____________________________________________________________

4) Spreadsheets

Spreadsheet Validation in FDA regulated industry

The pharmaceutical industry has long been used to regulation. One of the pioneers in Excel spreadsheet validation, Derek Wimmer's DACS product, has now been taken over by CompasSoft, along with the auditing tool EXChecker. On Wimmer Systems's websites I discovered some well thought out documents originating from the US Food & Drug Administration (FDA).

http://www.SpreadsheetValidation.com  Derek Wimmer's site has  'Spreadsheet Design and Validation for the Multi-User Application for the Chemistry Laboratory Part I' (314K PDF) by Dennis Cantellops, Evelyn Bonnin and Anne Reid.

http://www.WimmerSystems.com has 'Spreadsheet Design, Verification and Validation, Use and Storage of Single-User Workbook Files in the US FDA Laboratories Part II' (1.4MB PDF) by Dennis Cantellops. Their Spreadsheet Specification and Reporting Tool is currently in beta and they are looking for people to evaluate it.

 

Spreadsheet Auditing for Free

Ray Butler, a long-time campaigner on spreadsheet risks, has made available his Jan 2006 presentation to ISACA Northern England where he shows how to use the built-in features of Excel to audit spreadsheets for errors.

http://www.isaca.org.uk/northern/Presentations.htm Spreadsheet Auditing for Free (1.56Mb pdf) by Ray Butler

In the presentation, he mentions my book 'Spreadsheet Check and Control' - thanks, Ray!

You have a chance to hear him - and me - go into much more detail on methodology and best practices in spreadsheet audit, review, design, and testing. We're doing a joint course on April 27 in the UK, so reserve your place now!

 

Training course in spreadsheet auditing methodology

http://www.sysmod.com/spreadsheet_auditing.htm  now taking bookings for:
Ireland: (Irish Computer Society, Dublin)  Thursday 20 April 2006
UK: (University Women's Club, London), Thursday 27 April 2006 - Joint event with Ray Butler

The intended audience is anyone who builds or reviews spreadsheet models, such as managers, accountants, actuaries, financial modellers, or IT analysts in enterprise IT audits. You need to have an intermediate or advanced knowledge of Excel. You should leave the seminar with the confidence to use the tools and methods shown to risk-assess and test spreadsheets in your organisation.

• Where to start and what are the most efficient techniques to use
• How you can cut down a huge system of spreadsheets to a manageable audit task
• The symptoms that indicate potential or actual problems
• How a company can create an inventory of its critical spreadsheets, assess them for risk, and prioritize scarce resources
• How the top spreadsheet auditing software tools compare, including little-used secrets of Excel's auditing features
• Includes a copy of "Spreadsheet Check and Control", my new book of 47 professional checking techniques
• Reinforce your learning with an optional hour of hands-on practice using demonstration versions of auditing software

To book online, visit http://sysmod.buy.ie/catalog/product_info.php?products_id=189 

 

Spreadsheet Check and Control book applause

'It's super. I kept saying to myself, "Wow, I didn't know you could do that." A great job.' Ray Panko, University of Hawai'i.

'An essential guide for serious spreadsheet users. ' P M Cleary, University of Wales Institute Cardiff, Wales

'An excellent book on a key subset of Information Quality' Amazon.co.uk reviewer Celtic_Tigger

'Probably one of the most important spreadsheet books ever written.' Simon Murphy, Codematic.net, author of XLAnalyst.

'Spreadsheet Check and Control does what no other book before has attempted to do; provide standards for designing spreadsheets that lend themselves to a logical review by management and internal auditors.' Jim Kaplan, AuditNet.org.

May I ask readers to add a review to the Amazon web site in your country? In Germany, France and Canada especially.

http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control

I shall be adding more material to the reader support web page www.sysmod.com/sbp/ (access requires a username and password provided in the book), If you have improvement suggestions, please let me know so I can make this a better resource.

http://sysmod.buy.ie/catalog/product_info.php?products_id=188 Where to buy the book - free shipping to EU in Feb 2006.

_______________________________________________________
_______________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) Off Topic

Free MIDI rehearsal line parts for choirs

Out of hours, I maintain the web sites of the Guinness Choir and the Wexford Festival Singers. I occasionally need to make rehearsal tapes or CDs for the SATB parts. A great source for these is CyberBass.com who has free midi files of many of the major choral works. I have also used Windows Media Player to play these at half speed (and re-record using OPD2D or Audacity) for those of us who find clusters of semiquavers difficult.  In this Mozart celebration year, I expect a great demand on his site. If you download some files, do support Vince with a Paypal donation so he can buy more scores.

http://www.cyberbass.com/Major_Works/Mozart_W_A/

And to finish off with a dreadful joke from the Choral Ireland mail list :

Knock, knock.
Who's there?
A tenor.
How do I know you're a tenor?
I can't find the key!

_______________________________________________________
_______________________________________________________

Copyright 2006 Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________