06-05 Contents: MS April Patch, Security Awareness, OISSG ISSAF 0.2, Incompetence, ICS Events, Eusprig 2006
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0605.htm [Previous] [Index] [Next]
Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success | |
IN THIS ISSUE |
|
1) Risk & Security Microsoft April Patch problems Security Awareness Yahoogroup Open Information Systems Security Assessment Framework Draft 0.2 |
|
2) IT Quality Unconscious Incompetence Grumpy IT Managers |
|
3) ICT news in Ireland Irish National Developers Conference 2006 ICS Conferences at ICT Expo |
|
4) Spreadsheet Control Eusprig 2006 Conference, Cambridge, UK, July 5-7, 2006 Reviews: Spreadsheet Check and Control - " a unique book" ScanXLS user feedback |
|
5) Off Topic Tippling and Taxes |
|
16 Web links in this newsletter About this newsletter and Archives Disclaimer Subscribe and Unsubscribe information |
_______________________________________________________
This issue is a little shorter and a little earlier because I shall be away for the first two weeks of May. All feedback on content is welcome!
Patrick O'Beirne
_______________________________________________________ _______________________________________________________
When I get updates from MS, I have it set to "Notify me but don't automatically download or install them" rather than just installing willy-nilly. In April I discovered a request to install a beta version of a "Microsoft Genuine Advantage" tool. Does that sound like a good idea? What it does is report your OS license status to MS. And it cannot be uninstalled (officially, anyway). Needless to say I declined to take advantage of it - who needs to install beta software?
http://support.microsoft.com/default.aspx/kb/918165 You may experience problems in Windows Explorer or in the Windows shell after you install security update MS06-015
Other articles on the April problems are:
http://windowssecrets.com/comp/060427/ Brian Livingston reports that Microsoft re-released on Apr. 25 a security patch that had been issued 14 days earlier in the company's monthly Patch Tuesday schedule. In Internet Explorer, typing www.website.com does not work. Typing website.com does not work. The only way for IE to bring you anywhere is to type http://www.website.com.
http://blog.washingtonpost.com/securityfix/2006/04/ms_expands_antipiracy_program.html With no notice, Microsoft began installing Genuine Advantage to users in English-speaking countries and Malaysia on Apr. 25.
http://news.zdnet.com/2100-1009_22-6063529.html "In discussion forums on Microsoft's Web site, users report several issues with Outlook Express after installing the latest update .. can cause trouble on computers that run certain Hewlett-Packard photo-sharing software or the Kerio firewall." The MS06-015 update installs a new executable to validate shell extensions before they are loaded into the Windows Shell or Windows Explorer.
http://groups.yahoo.com/group/security-awareness/
The security awareness group provides a forum to discuss awareness program methodologies and share security awareness tips. Awareness tips are written with the average person as the intended audience. This forum often posts links to free awareness videos and training materials from governmental sources. Over the last three years, I found it a useful source of starting materials.
I mentioned OISSG in the Jan 2005 PraxIS and now they have released a 1,262 page draft update.
The Information System Security Assessment Framework (ISSAF) is a peer reviewed structured framework that details specific evaluation or testing criteria for a number of areas. A draft version of this framework is available at OISSG website at: http://www.oissg.org/issaf
The Open Information Systems Security Group (OISSG) was established with the objective of evolving a set of Open Standards, Guidelines and Best Practices Collection in the area of information security. The ISSAF seeks to integrate the following management tools and internal control checklists:
____________________________________________________________
____________________________________________________________
Dunning and Kruger's 2000 Ig Nobel Prize-winning report reminds me of Ray Panko's research into overconfidence among spreadsheet users.
"Unskilled and Unaware of It: How Difficulties in Recognizing One's Own
Incompetence Lead to Inflated Self-Assessments"
http://www.apa.org/journals/features/psp7761121.pdf
Justin Kruger and David Dunning
Cornell University
People tend to hold overly favorable views of their abilities in many social and intellectual domains. The
authors suggest that this overestimation occurs, in part, because people who are unskilled in these
domains suffer a dual burden: Not only do these people reach erroneous conclusions and make
unfortunate choices, but their incompetence robs them of the metacognitive ability to realize it. Across 4
studies, the authors found that participants scoring in the bottom quartile on tests of humor, grammar, and
logic grossly overestimated their test performance and ability. Although their test scores put them in the
12th percentile, they estimated themselves to be in the 62nd. Several analyses linked this miscalibration
to deficits in metacognitive skill, or the capacity to distinguish accuracy from error. Paradoxically,
improving the skills of participants, and thus increasing their metacognitive competence, helped them
recognize the limitations of their abilities.
http://www.cutter.com/trends/fulltext/advisor/2006/btt060420.html In an article by Ken Orr, Fellow, Cutter Business Technology Council, entitled "What to Keep and What to Throw Away", he said:
"Recently, my colleagues on the Cutter Business Technology Council got into a very heated exchange on the state-of-the-art in software development. A couple of members of the Council were particularly disturbed by the level of knowledge in fundamental principles that some of their recent computer science graduates were exhibiting. [...] Almost everyone on the Council chimed in with their own disaster stories with development that involved very smart but very narrow software developers who knew a great deal about object patterns, J2EE, or Hibernate, but almost nothing about data modeling, requirements definition, or relational database theory. Some time in the last decade, major elements of what professional developers need to know somehow got dropped from the CS curriculum. "
I particularly liked his observation on a huge (600-700 pages) book on SOA, "most of which was devoted to making what is a relatively straightforward idea exceedingly obtuse."
I have a number of correspondents who also comment to me on the difficulty of managing the ever more complex software architectures of today. The Irish Computer Society have started a group of Information Architects for people who have this top-level view.
____________________________________________________________
____________________________________________________________
The first Irish National Developers Conference will be hosted by the Ireland Net Developers Alliance in association with the Irish Computer Society this May. The event is aimed at developers, project managers, technical architects and company directors, or anyone with an involvement in software development.
Guest speakers will share their experiences on collaborative development software and techniques and will give delegates an opportunity to hear about cutting edge advances in the field.
The keynote speaker, Scott Guthrie from Microsoft US, co-founded the ASP.NET Team and leads the design team responsible for architecting the product. Prior to ASP.NET, Scott was a member of the IIS and Windows NT development teams. He will talk on Atlas, the promising .Net technology for rich web applications.
For more information visit http://www.developers.ie
Venue: Morrison Hotel, Lwr Ormond Quay, Dublin 1 Date: Wednesday & Thursday 4th, 5th May Time: Wednesday 4th: 7pm - 9pm Thursday 5th: 9am - 6pm Cost: Registration fee 50 euro.
Thursday & Friday 3rd & 4th May, RDS, Dublin
The Irish Computer Society and its training and certification body ICS SKILLS will hold annual conferences in tandem with ICT Expo 2006. The ICS events, which are open to the public, will be held in the RDS Dublin on Thursday and Friday 4th-5th May.
A multi threaded programme of conferences will cater for the interests of various special interest groups. Many of the ICS Networks are represented with conferences on issues relating to technology for the sales force, information quality, public sector and health informatics scheduled. The Annual ICS SKILLS IT Trainers Conference will bring together trainers, courseware and test providers, test centres and ICS SKILLS programme candidates.
More details on speaker topics is available at www.ics.ie/expo
____________________________________________________________
____________________________________________________________
The Sixth annual conference and AGM of the European Spreadsheet Risks Interest Group ( www.eusprig.org ) will be sponsored by Mobius Systems. The Mobius offering on Spreadsheet Compliance has been described as "an answer to spreadsheet hell" by the Bloor Analyst Group on their IT-Director.com web site.
The Eusprig conference theme is Managing Spreadsheets: Improving corporate performance, compliance and governance. The venue is Fitzwilliam College, University of Cambridge, Cambridge UK. The programme chair tells me the conference programme is already full and the papers will be announced shortly. Bookings can be made at the UWIC web site:
http://www.uwic.ac.uk/eusprig/2006/index.htm
Dennis Cantellops is the author of the US FDA Laboratory Information Bulletin 'Spreadsheet Design, Verification and Validation'. DFS/ORA. Laboratory Information Bulletin. No. 4349. It is available from http://www.wimmersystems.com/lib4349.pdf
He has said of my book:
Spreadsheet Check and Control is a unique book which encourage developers and users to use safety features in the development of spreadsheet applications. It provides techniques for the testing for accuracy to detect and prevent errors which make this book an excellent source of reference for the development of spreadsheets. Also, mention spreadsheet policies which is a must in any organization.
In the category for "Review", includes excellent sections for "Testing" and "Data Integrity". It provides useful safety procedures for testing to reduce errors.
Dennis Cantellops, QAM US FDA, San Juan District 466 Fernandez Juncos Ave. San Juan, P.R.
http://sysmod.buy.ie/catalog/product_info.php?products_id=188 Our offer - free shipping to EU in May 2006.
http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control Available worldwide from Amazon.
A reader has posted this review on Amazon UK: "Asking the right questions, March 27, 2006"
This book begins by acknowledging the presence of "an elephant in the room" - that diverse herds of end-users put their careers on the line by making business critical decisions on the basis of hand-crafted spreadsheets. To those of us with self-critical faculties, however, there is a running sense of unease about the risks being run. If end-users stay up-to-date on Excel training and willingly share their insights about better quality then these problems can be kept under control - but does this sound like your work environment?
"Spreadsheet Check and Control" demonstrates painful familiarity with past mistakes and methods to minimise them in the future. It takes a "quality matters" perspective and gets down and dirty with low-level Excel details. The reader can retain his or her business expertise - this book tackles that fuzzy mix of professional skills (architect + programmer + auditor) needed to translate your business expertise to spreadsheets while sleeping easier at night over that errant error that could spell doom. If you're realistic enough to admit that you can make spreadsheet errors, then why not be proactive and try to reduce the frequency and severity of these errors by reading this book?
http://www.sysmod.com/scanxls.htm is my Excel utility to scan directories for spreadsheets, build a cross-reference of their dependencies, and help assess their quality. Recent user comments include:
_______________________________________________________
_______________________________________________________
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
_______________________________________________________ _______________________________________________________
The Annals of Improbable Research report on a study called "Violence-Related Injury and the Price of Beer in England and Wales." The study supplies (among other things) the logic for an intriguing alternative method by which the British chancellor of the exchequer might reduce the number of assaults: stop young people having jobs.
For details see http://improbable.com/2006/04/13/guardian-column-4/
_______________________________________________________
_______________________________________________________
Copyright 2006 Systems Modelling Limited,
http://www.sysmod.com .
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received
this newsletter from anybody else, we urge you to sign up for your personal copy
by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the
EuroIS list makes it easy for you to discuss issues raised, to share experiences
with the rest of the group, and to contribute files to a common user community
pool independent of the sysmod.com web site. I will be moderating posts to the
EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen
to reflect our focus on practical solutions to IS problems, avoiding hype. If
you like acronyms, think of it as "Patrick's reports and analysis across
Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at
http://www.sysmod.com/praxis.htm
DISCLAIMER
This newsletter is prepared in good faith and the information has been taken
from observation and other sources believed to be reliable. Systems Modelling
Ltd. (SML) does not represent expressly or by implication the accuracy,
truthfulness or reliability of any information provided. It is a condition of
use that users accept that SML has no liability for any errors, inaccuracies or
omissions. The information is not intended to constitute legal or professional
advice. You should consult a professional at Systems Modelling Ltd. directly for
advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to
anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers
a moderated discussion list for readers and a free shared storage area for
user-contributed files. The archives of this group are on YahooGroups website
http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________