PraxIS Feb. 2007

07-02 Contents: Cybercrime, Scams, IQ Forum, ICS, Eusprig 'Best Practice' debate

ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0702.htm   [Previous] [Index] [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success

 

IN THIS ISSUE

1) Risk & Security
    The ISSA / UCD Irish Cybercrime Survey
    'Certified' Cheque Scams
    DST March 11 = Y2.007K ?

2) Quality
    Fourth Information Quality Forum, Dublin

3) ICS News
    When Irish I.T.s are smiling

4) Spreadsheets
    Free contributions to the Eusprig yahoogroup

5) Off Topic
    Google Map Trek
    Solzhenitsyn's advice for life

16 Web links in this newsletter
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information

_______________________________________________________

Welcome to PraxIS

I am writing this from a hotel about 5km from the little village of Vik (pop:300) in Southern Iceland. Nonetheless it has free wireless internet access for guests. I intend to upload a couple of pictures soon to my blog at http://www.sysmod.com/blog

Patrick O'Beirne

_______________________________________________________
_______________________________________________________

1)IT Risk and Security

The ISSA / UCD Irish Cybercrime Survey

Results of the 2006 Survey are now available for download at:
http://www.issaireland.org/cybercrime 39 pages, 1.9MB
Drawing on the expertise of ISSA, the largest global association of security professionals, in co-operation with UCD's newly formed Center for Cybercrime Investigation, this work is not only providing data specific to Ireland but also allowing international comparison.
Their results show that cybercrime is virtually universal, with 98% of their 42 respondents reporting issues. The most common were viruses and other malicious software (90%), misuse of systems (88%), asset theft (63%) and phishing (56%). 76% of respondents reported incidents which cost over € 5,000 to correct, while costs of over € 100,000 were incurred by 22%. The most common consequences of breaches were reported as loss of productivity (89%), loss of data (56%) and the departure of employees through either termination or resignation (44%). Internal detection appears dominated by chance discoveries, such as accidental detection (68%) and discover by non-IT employees (58%), however detection through technology is also significant, identifying issues in 61% of organisations. 62% experienced external reporting of issues, with sources including connected organisations (46%), unconnected organisations (58%) customers (42%), and individuals (39%). Virtually all respondents (97%) reported invoking internal disciplinary processes to deal with problems, while 39% have had employees resign or be terminated. 18% of respondents have engaged law enforcement to deal with an internal employee issue and of those, two-thirds have seen an investigation result in prosecution.

'Certified' Cheque Scams

An artist friend of ours fell victim to the advance-payment fraud. The victim lodges the cheque and the bank accepts it and money appears in the account - to be precise, the numbers on the balance change. In this case the bank clerk actually told the artist that the money was OK as soon as it was in the account, which would indicate a need for some training in that bank. The cheque, of course, bounces a few weeks later and the bank takes the money back plus, as an extra slap, a handling charge. The phone number given below looks like a UK number but is actually a VOIP so they could be on the Internet anywhere. These UK "non-geographic" 0703 range of numbers are what would be considered "premium" rated (costing the caller 50p/min at all times at BT rates), an 0703 UK number can be terminated to a foreign mobile in Australia or the USA. http://www.visualartists.ie The Visual Artists Society of Ireland said: "Most of the emails we are aware of come from the same Steve Gonzalez and use the same approach of sending in excess of the quoted price for the artwork. The phone numbers have all been VOIP. The fraud squad are aware of this scam and requested that people notify them if affected by the scam." Here is a typical example - you can find many examples on the internet with identical or similar language: _______________________________________________________

From: "Steve Gonzalez" 
To: <unsuspectingartist@example.com>
Subject: Purchase ?
 
 I visited your site and i saw these fascinating artworks and i found some
 interest in :-
(the scammer inserts the names of three paintings from the site here) 
 
 So , i will like to buy them for our new house in London .
 
 I must say you really doing a great job ,I have already contacted a
 shipping company that will be shipping them along with our other house
 decorations. Our shipping company will Pick-Up these items once i pay you .
  
 I will be paying you with a  Bank Cheque  which will be easily cashed at
 your bank ,Please let me know your mind about this sales and tell the the
 price for each ? I will be looking forward to your response on how to proceed.
 
 You can contact me directly on +44(0)7031845321
  
 Best Regards,
 Steve Gonzalez 

_______________________________________________________

 

Here's another one, a lottery scam. The bad English is characteristic, but again note the use of VOIP number that unsuspecting victims may believe is a real UK number.

_______________________________________________________

To begin your claims therefore, you are advised to expeditiously 
contact our licensed and accredited claim agent for Overseas Lottery 

Overseas Claims Unit
United Kingdom Lottery Fiduciary
Contact Person: Mr. Williams Robinson
Email: agent_williamsrobinson@yahoo.co.uk 
Phone: +44-704-570-1498/+44-702-409-5561
_______________________________________________________ 

DST March 11 = Y2.007K ?

<http://cwflyris.computerworld.com/t/1236769/297768/49603/2/> Daylight Saving Time: When clocks spring forward this year, will IT fall down?

Signed into law in August 2005, the federal Energy Policy Act of 2005 moved the start of DST from the first Sunday in April to the second Sunday in March and delayed the return of standard time in the autumn by a week, to the first Sunday in November. The idea: Shifting the time change by a few weeks can save on energy use. For IT, that means every software and hardware system relying on time stamps should now be checked, evaluated and tested -- and, if need be, patched with software updates or modified to work properly. But with a wide range of security issues, compliance requirements, spam-fighting efforts and other concerns already on their to-do lists, many IT administrators are only now evaluating what the DST change will mean and how they need to respond. This could affect calendaring applications, billing software and security programs as well as travel and trading schedules. "This is a minor problem compared to the big code changes required in the recent past for issues like Y2k or the euro conversion," said Will Cappelli, an analyst at Gartner. "However, significant business damage and liabilities, as well as nuisance, could occur from applications performing their processing at the incorrect time if organizations do nothing."

http://www.dstinfo.com/site/2007/01/vendor_links_1.html A list of various vendors and their DST information A comment on the ComputerWorld website said "we're still using Office 2000 on our desktops, and everyone's existing Outlook appointments between March 11 and 30 are shifted down one hour" This story was also covered in The Register: http://www.theregister.co.uk/2007/02/06/gartner_daylight_savings/ Stop the US daylight saving madness!

____________________________________________________________ ____________________________________________________________

2) Fourth Information Quality Forum, Dublin

The IQ Network, in conjunction with the Irish Computer Society, the International Association for Information and Data Quality (IAIDQ) and DCU School of Computing, invites delegates from industry, academia and the research community to attend the fourth Information Quality Forum. This event builds on the successful track record of similar events in 2005 and 2006. Presentations will include practitioner oriented case studies and research contributions in the area of Information Quality.

Speakers include: John Brazil, HSE Health Protection Surveillance Centre Tony O Brien, Nottingham Business School Andrew Kinnear, AKMA Consulting UK / IAIDQ UK Daragh O Brien, IAIDQ/IQ Network / eircom Cinzia Cappielo, Politecnico di Milano, Italy Dr Markus Helfert/ Mouzhi Ge, Dublin City University

A wide range of topics will be covered, such as: How poor Information Quality can get you sued - mapping IQ Best Practices to legal principles An insight into the role of Information Quality Management in managing communicable diseases The challenge of maintaining sustainable Data Quality in Business systems.

Date: Thursday, 22nd February 2007 Time: Full event agenda will be published shortly Venue: The Helix, Dublin City University, Dublin 9 Cost: Free to members of the ICS or IAIDQ. 120 for non-members of the ICS or IAIDQ (includes one year s free membership of either organisation). Limited number of free places available to third level students interested in Information Quality.

How to register: Register your details online at www.iqnetwork.org

____________________________________________________________ ____________________________________________________________

3) When Irish I.T.s are smiling

ICS Informed Survey finds Strong Career Satisfaction among IT Professionals

Results of the first survey in the ICS Informed research series, published Feb 2007 by the Irish Computer Society, reveal that IT professionals in Ireland are a well-paid, contented group. 81% of surveyed IT workers claim to be satisfied or very satisfied with their choice of career. A similar percentage would recommend the IT profession to a friend, stating as reasons that it pays well, allows continuous learning and development, and presents a broad range of opportunities in a dynamic industry. The survey, which was conducted by Amárach on behalf of the ICS, revealed that despite the strong career satisfaction evident among technology workers, one in five companies has experienced difficulty in attracting adequate numbers of applicants for recent IT vacancies.

According to Jim Friars, CEO of the ICS, the widespread career contentment and jobs availability highlighted in the survey is at odds with the current shortage of students opting for IT careers. Gerard O Neill, founder and CEO of Amárach Consulting, states that: We are living in a time in which the youth of Ireland increasingly relies on information technology to successfully pursue social networking on a daily basis. Yet at the same time this generation, perhaps the most tech savvy that Ireland has ever produced, is turning away from the means by which this lifestyle and way of communicating is facilitated. As a result, not only will the economy lack the necessary skills to compete at a global level, but so too will they.

The ICS Informed series of surveys continues in spring 2007, with upcoming surveys addressing the themes of infrastructure and IT budgets. IT professionals both members and non-members of the ICS are invited to register for the survey panel. Those interested can register at www.ics.ie/informed

ICS members can download Survey 1 Key Findings at this location, while copies of the full report are available to survey participants on request.

____________________________________________________________ ____________________________________________________________

4) Spreadsheets

Microsoft Warns Excel Users of 'Zero Day' Attacks

http://www.technewsworld.com/story/55604.html Following reports of zero day attacks, Microsoft has alerted Excel users to use caution when opening or saving file attachments. Nothing new there then.

Free contributions to the Eusprig yahoogroup

A set of Best Practice Spreadsheet Modelling Standards that are developed and maintained by an Australian Firm called BPM Analytical Empowerment can be downloaded as a free PDF at www.bpmhome.com To make this clearer by example, Nicolas Boston of BPM made available a "Best Practice Example Spreadsheet Model" as an example of a model built in accordance with the Best Practice Spreadsheet Modelling Standards. The focus is on the layout, application of formats and styles, naming conventions and sheet classifications rather than the content (or mathematical logic) within the model. He stresses that it is important that people navigate the model via the hyperlinked table of contents, as opposed to the sheet tabs. Of course, the Eusprig,org web site has other Best Practice guides for download including the original PWC/IBM Best Practices paper and Phil Bewig's "How do you know your spreadsheet is right?"

We had a good debate at a Eusprig conference when David Colver took the contrarian point of view and provided a counter example to every "best practice" we proposed. Admittedly some were a little contrived, but his point belongs to the sceptical software developers' world (eg James Bach http://www.satisfice.com/blog/archives/27 )

Ray Panko replied with a self-described 'rant' about the lack of metrics supporting such advice: I'm a bit frustrated by what I see is our field's ignoring of spreadsheet error research and human error research by people who create best practice guidelines. Most guidelines implicitly or explicitly reflect beliefs about human error making and human error detection that are contrary to all of the science in the area. I've created a quick rant on the subject. If you want to see it, visit my spreadsheet research website, http://panko.cba.hawaii.edu/ssr/ and click on the link "A Rant on the Lousy Use of Science in Best Practice Recommendations for Spreadsheet Development, Testing, and Inspection"

The next EuSpRIG conference will be held July 11-13 2007, at the University of Greenwich, London, UK. The deadline for paper submissions (refereed Proceedings) is February 28, 2007. http://www.uwic.ac.uk/eusprig/2007/CfP.htm The Call for Papers

Spreadsheet Check and Control: 47 best practices to detect and prevent errors As yet another Best Practice Guide, the ECDL/ICDL syllabus created in consultation with Eusprig experts emerged in my book 'Spreadsheet Check & Control' http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control Available worldwide from Amazon. http://sysmod.buy.ie/catalog/product_info.php?products_id=188 Our offer - free shipping to the 27 EU member countries. _______________________________________________________
_______________________________________________________

FEEDBACK Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM Thank you! Patrick O'Beirne, Editor _______________________________________________________
_______________________________________________________

5) Off Topic

http://www.theregister.co.uk/2007/02/08/google_crosses_road/ Want to cross the road? Don't ask Google Maps

Here's the scenario: you're in Oz's fine city of Sydney and you need to get from the Shelbourne Hotel at 200 Sussex Street to Google's headquarters across the road at 201 Sussex Street. Using Google Maps, a 30-second walk becomes a 10.4km epic road trip.

Solzhenitsyn's advice for life

(Thanks to Rob Slade for this quote) What about the main thing in life, all its riddles? If you want, I'll spell it out for you right now. Do not pursue what is illusory--property and position: all that is gained at the expense of your nerves decade after decade, and is confiscated in one fell night. Live with a steady superiority over life-- don't be afraid of misfortune, and do not yearn after happiness; it is, after all, all the same: the bitter doesn't last forever, and the sweet never fills the cup to overflowing. It is enough if you don't freeze in the cold, and if thirst and hunger don't claw at your insides. If your back isn't broken, if your feet can walk, if both arms can bend, if both eyes see, and if both ears hear, then whom should you envy? And why? Our envy of others devours us most of all. Rub your eyes and purify your heart--and prize above all else in the world those who love you and who wish you well. Do not hurt them or scold them, and never part from any of them in anger; after all, you simply do not know: it might be your last act before your arrest, and that will be how you are imprinted in their memory! - The Gulag Archipelago, Solzhenitsyn

_______________________________________________________
_______________________________________________________

Copyright (c) Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice. We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com - it's free! For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material. Patrick O'Beirne, Editor

_______________________________________________________

ABOUT THIS NEWSLETTER "Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems". Please tell a friend about this newsletter. We especially appreciate a link to www.sysmod.com from your web site!

______________________________________________________

ARCHIVES To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm DISCLAIMER This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances. _______________________________________________________

PRIVACY POLICY: We guarantee not to sell, trade or give your e-mail address to anyone. To subscribe to this Newsletter send an email to EuroIS-subscribe (at) yahoogroups (dot) com To unsubscribe from this Newsletter send an email to EuroIS-unsubscribe (at) yahoogroups (dot) com EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/

______________________________________________________