PraxIS Apr. 2007

07-04 Contents: Historic CC theft, Enforcement, ScanXLS 2007, Spreadsheet audit course, news and downloads

ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0704.htm   [Previous] [Index] [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  

IN THIS ISSUE

1) Risk & Security
     Biggest credit card theft - so far
     Consequences - the stick
     Human Error
2) ScanXLS 2007
     List all your spreadsheet files with an overview of their contents
3) Spreadsheet Best Practices training, Dublin
     Learn how to detect and prevent errors
4) Spreadsheet news
     New products, free downloads
5) Off Topic
     Photos and short video clips from Iceland
20 Web links in this newsletter
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information

_______________________________________________________

Welcome to PraxIS

My big news this month is the release of version 3 of ScanXLS. I also announce my next public course in spreadsheet checking techniques. There are discounts for buying within the next week!

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

Biggest credit card theft - so far

http://www.siliconrepublic.com/news/news.nv?storyid=single8054

45.7 million people were hit in the biggest ever credit card security breach in history. Customers who shopped at the company’s TK Maxx stores in the Ireland, the UK, Canada and Puerto Rico were all targeted and the hackers were able to witness unencrypted credit card data as payments were processed between store tills and the banking networks. The data was accessed on TJX’s systems in the UK and in Massachusetts over a 16-month period and the data accessed covered credit and debit card transactions dating as far back as December 2002. The company also disclosed that another 455,000 customers who returned merchandise without receipts were robbed of their driver's license numbers and other personal information.  In Florida, the gang used the cards once to buy $400 gift tokens. These were then convertible later, and there was no way to link a gift token number to the card number used to purchase it.

TJX’s SEC filing is listed at:

http://www.sec.gov/Archives/edgar/data/109198/000095013507001906/b64407tje10vk.htm

Encryption that was later introduced didn't work because the intruder had access to the decryption tool for the encryption software. That probably occurred because the tool was stored on the same computer as the encrypted file. Scoping the damage done is made more difficult because not only did the intruder cover up their tracks by deleting log files, the company also routinely deleted transaction files ... but too late to avoid the hack.

The incident has already cost the firm $5 million in expenses related to the investigation, cleanup and shoring up of security measures, with future costs including compensating potentially huge numbers of fraud victims.

_______________________________________________________

 

Consequences - the stick

http://www.itpi.org/cs/blogs/itpi

Kurt Milne quotes a VP of security at one of the world's top 15 largest banks, who said:

"You have to make people responsible for getting things done, and accountable if they are not. You can have a great change control system, configuration management, control every aspect of the environment -- but if people don't follow the process and you are not going to do anything about it, you are not going to make a lot of progress. As an example, at another company I worked for, we had an end of year production freeze with no changes. Yet four changes were detected to the production system. What happened to the people who made the changes? Nothing. What happened to their bosses? Nothing."

A technology approach to what to do when an unauthorised change is detected might be to send the author an email requiring them to take a test on change control policies and copy their manager with their results.

A more person-oriented approach is to always review changes at a regular meeting with management and trace the reason for every exception back to its root cause. If the process needs to be improved, it gets improved; if not, the author knows that unauthorized changes will get management attention.

_______________________________________________________

 

Human Error

Here is a process focus on the causes of error rather than the characteristics of errors:

http://www.bitaplanet.com/alignment/article.php/3661121

Is Your Enterprise An Error Enabler? February 21, 2007 By George Spafford

There are a number of situations that dramatically increase the odds of human error, yet organizations continually fail to manage them. I've snipped just the headings from his article, read it to get the detail:

Increased Complexity
Operating Under Tight Deadlines
Human Fatigue
Task Switching
Insufficient Planning

 

____________________________________________________________
____________________________________________________________

2) ScanXLS 2007

New version 3 of ScanXLS

April 16th 2007 is the release date of the Excel 2007 version of ScanXLS, my spreadsheet to produce a directory of spreadsheet files and measures of their quality. The price will be 99 euro from 8am BST on Mon 16 April. Readers of PraxIS can order it at the old 59.95 euro price until then.

http://www.sysmod.com/scanxls.htm

Differences from ScanXLS 2.3

ScanXLS3 works in Excel 2007 and can process the much larger files in that version, 16384 columns by 1048576 rows.

Sheet Excel lists the Add-Ins available to the current user.

Sheet ScanXLS has added many types of error and suspect constructs. It allows you to specify as many properties and search terms as you wish. It optionally reports a detailed list of cell addresses with errors.

Sheet Links gives the Link Status. A new button Draw Arrows gives a visual indication of the dependencies among the workbooks.

Sheet PQLinks is new, listing the external Pivot Table and Database Query links with the connection string and query text where available.

____________________________________________________________
____________________________________________________________

3) Spreadsheet Best Practices training course, Dublin

Spreadsheet Audit Training Course, Dublin 22 May

The next public one-day training course will be run on Tue May 22 in the training PC room of the Irish Computer Society. Mount St. Crescent, Dublin 2, Ireland. There is an early bird discount of 100 euro until 8am April 22, so talk to your training budget manager now!

http://www.sysmod.com/spreadsheet_auditing.htm

also deliver this course in-house tailored to your organization’s specific needs. Individual support can be given and confidential spreadsheets assessed. Contact me for more details on the syllabus.

Participants will learn by a combination of lectures and practical hands on work:

_______________________________________________________

 

Spreadsheet Check and Control: the book on how to detect and prevent errors

http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control Available worldwide from Amazon.

http://sysmod.buy.ie/catalog/product_info.php?products_id=188 Our offer - free shipping to EU.

____________________________________________________________
____________________________________________________________

4) Spreadsheet news

ExSafe from ROISoft debuts

http://www.it-analysis.com/business/compliance/content.php?cid=9403

In an article entitled "Spreadsheet security? What spreadsheet security!" Phil Howard of Bloor Research mentions the new tool ExSafe from ROI-Soft, an Irish company:

http://www.roi-soft.com ExSafe adds cell level security and even protection of Excel's temporary files.

I already use SpACE from HMRC and EXChecker from Compassoft in my training courses. Other new products are:

http://www.prodiance.com Prodiance Spreadsheet IQ is also available on CNET www.download.com 

http://www.lyquidity.com Lyquidity ComplyXL, also Sarah Seddon's blog at http://www.irishdev.com/blogs/sarahseddon

_______________________________________________________

 

The missing equation editor for Excel

http://www.Excelcalcs.com Free XLC software gives MS Excel the capability of displaying cell formulae as mathematical equations.

_______________________________________________________

 

Keyboard shortcuts for Excel

Rickard Warnelid pointed me to his useful list of handy Excel keystroke abbreviations for common commands on his web site http://www.NavigatorPF.com

Other versions are available at:

http://www.mvps.org/dmcritchie/excel/shortx2k.htm  Excel 2000

http://blogs.msdn.com/excel/archive/2006/02/23/538311.aspx  Excel 2007 - 214 keyboard shortcuts, links to:

http://www.isamrad.com/dgainer/1_02-23-2006.pdf 

_______________________________________________________

 

Frankensheet & Mirth

What do you think these words might mean?

Flufferpoint, Spreadalanche, Defart, Frankensheet, Quack-Scholes, Reporticane

They are all winners of the Juice Analytics Sniglets Contest:

http://feeds.feedburner.com/~r/juiceanalytics/~3/106999101

 

_________________________________________________________
_______________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) Off Topic

I have now uploaded some of the photographs and videos I took during my visit to Iceland in February.

Photographs on Flickr: http://www.flickr.com/photos/probeirne

VVideos on YouTube: http://www.youtube.com/PROBeirne

The videos are short captures of Strokkur geysir, Gulfoss waterfall, and feeding the ducks on Reykjavik pond.

__________________________________________________________
_______________________________________________________

Copyright (c) Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I moderate posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________