07-04 Contents: Historic CC theft, Enforcement, ScanXLS 2007, Spreadsheet audit course, news and downloads
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0704.htm [Previous] [Index] [Next]
Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success | |
IN THIS ISSUE |
|
1) Risk & Security Biggest credit card theft - so far Consequences - the stick Human Error |
|
2) ScanXLS 2007 List all your spreadsheet files with an overview of their contents |
|
3) Spreadsheet Best Practices training,
Dublin Learn how to detect and prevent errors |
|
4) Spreadsheet news New products, free downloads |
|
5) Off Topic Photos and short video clips from Iceland |
|
20 Web links in this newsletter About this newsletter and Archives Disclaimer Subscribe and Unsubscribe information |
_______________________________________________________
My big news this month is the release of version 3 of ScanXLS. I also announce my next public course in spreadsheet checking techniques. There are discounts for buying within the next week!
Patrick O'Beirne
_______________________________________________________ _______________________________________________________
http://www.siliconrepublic.com/news/news.nv?storyid=single8054
45.7 million people were hit in the biggest ever credit card security breach in history. Customers who shopped at the company’s TK Maxx stores in the Ireland, the UK, Canada and Puerto Rico were all targeted and the hackers were able to witness unencrypted credit card data as payments were processed between store tills and the banking networks. The data was accessed on TJX’s systems in the UK and in Massachusetts over a 16-month period and the data accessed covered credit and debit card transactions dating as far back as December 2002. The company also disclosed that another 455,000 customers who returned merchandise without receipts were robbed of their driver's license numbers and other personal information. In Florida, the gang used the cards once to buy $400 gift tokens. These were then convertible later, and there was no way to link a gift token number to the card number used to purchase it.
TJX’s SEC filing is listed at:
http://www.sec.gov/Archives/edgar/data/109198/000095013507001906/b64407tje10vk.htm
Encryption that was later introduced didn't work because the intruder had access to the decryption tool for the encryption software. That probably occurred because the tool was stored on the same computer as the encrypted file. Scoping the damage done is made more difficult because not only did the intruder cover up their tracks by deleting log files, the company also routinely deleted transaction files ... but too late to avoid the hack.
The incident has already cost the firm $5 million in expenses related to the investigation, cleanup and shoring up of security measures, with future costs including compensating potentially huge numbers of fraud victims.
_______________________________________________________
http://www.itpi.org/cs/blogs/itpi
Kurt Milne quotes a VP of security at one of the world's top 15 largest banks, who said:"You have to make people responsible for getting things done, and accountable if they are not. You can have a great change control system, configuration management, control every aspect of the environment -- but if people don't follow the process and you are not going to do anything about it, you are not going to make a lot of progress. As an example, at another company I worked for, we had an end of year production freeze with no changes. Yet four changes were detected to the production system. What happened to the people who made the changes? Nothing. What happened to their bosses? Nothing."
A technology approach to what to do when an unauthorised change is detected might be to send the author an email requiring them to take a test on change control policies and copy their manager with their results.
A more person-oriented approach is to always review changes at a regular meeting with management and trace the reason for every exception back to its root cause. If the process needs to be improved, it gets improved; if not, the author knows that unauthorized changes will get management attention.
_______________________________________________________
Here is a process focus on the causes of error rather than the characteristics of errors:
http://www.bitaplanet.com/alignment/article.php/3661121
Is Your Enterprise An Error Enabler? February 21, 2007 By George Spafford
There are a number of situations that dramatically increase the odds of human error, yet organizations continually fail to manage them. I've snipped just the headings from his article, read it to get the detail:
Increased Complexity
Operating Under Tight Deadlines
Human Fatigue
Task Switching
Insufficient Planning
____________________________________________________________
____________________________________________________________
April 16th 2007 is the release date of the Excel 2007 version of ScanXLS, my spreadsheet to produce a directory of spreadsheet files and measures of their quality. The price will be 99 euro from 8am BST on Mon 16 April. Readers of PraxIS can order it at the old 59.95 euro price until then.
http://www.sysmod.com/scanxls.htm
Differences from ScanXLS 2.3
ScanXLS3 works in Excel 2007 and can process the much larger files in that version, 16384 columns by 1048576 rows.
Sheet Excel lists the Add-Ins available to the current user.
Sheet ScanXLS has added many types of error and suspect constructs. It allows you to specify as many properties and search terms as you wish. It optionally reports a detailed list of cell addresses with errors.
Sheet Links gives the Link Status. A new button Draw Arrows gives a visual indication of the dependencies among the workbooks.
Sheet PQLinks is new, listing the external Pivot Table and Database Query links with the connection string and query text where available.
____________________________________________________________
____________________________________________________________
The next public one-day training course will be run on Tue May 22 in the training PC room of the Irish Computer Society. Mount St. Crescent, Dublin 2, Ireland. There is an early bird discount of 100 euro until 8am April 22, so talk to your training budget manager now!
http://www.sysmod.com/spreadsheet_auditing.htm
also deliver this course in-house tailored to your organization’s specific needs. Individual support can be given and confidential spreadsheets assessed. Contact me for more details on the syllabus.
Participants will learn by a combination of lectures and practical hands on work:
Where to start and what are the most efficient techniques to use
How you can cut down a huge system of spreadsheets to a manageable audit task
The symptoms that indicate potential or actual problems
How to create an inventory of critical spreadsheets, assess them for risk, and prioritize scarce resources
Little-known secrets of Excel's auditing features
Reinforce your learning with an optional hour of hands-on practice using demonstration versions of auditing software on your own laptop
_______________________________________________________
http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control Available worldwide from Amazon.
http://sysmod.buy.ie/catalog/product_info.php?products_id=188 Our offer - free shipping to EU.
____________________________________________________________
____________________________________________________________
http://www.it-analysis.com/business/compliance/content.php?cid=9403
In an article entitled "Spreadsheet security? What spreadsheet security!" Phil Howard of Bloor Research mentions the new tool ExSafe from ROI-Soft, an Irish company:
http://www.roi-soft.com ExSafe adds cell level security and even protection of Excel's temporary files.
I already use SpACE from HMRC and EXChecker from Compassoft in my training courses. Other new products are:
http://www.prodiance.com Prodiance Spreadsheet IQ is also available on CNET www.download.com
http://www.lyquidity.com Lyquidity ComplyXL, also Sarah Seddon's blog at http://www.irishdev.com/blogs/sarahseddon
_______________________________________________________
http://www.Excelcalcs.com Free XLC software gives MS Excel the capability of displaying cell formulae as mathematical equations.
_______________________________________________________
Rickard Warnelid pointed me to his useful list of handy Excel keystroke abbreviations for common commands on his web site http://www.NavigatorPF.com
Other versions are available at:
http://www.mvps.org/dmcritchie/excel/shortx2k.htm Excel 2000
http://blogs.msdn.com/excel/archive/2006/02/23/538311.aspx Excel 2007 - 214 keyboard shortcuts, links to:
http://www.isamrad.com/dgainer/1_02-23-2006.pdf
_______________________________________________________
What do you think these words might mean?
Flufferpoint, Spreadalanche, Defart, Frankensheet, Quack-Scholes, Reporticane
They are all winners of the Juice Analytics Sniglets
Contest:
http://feeds.feedburner.com/~r/juiceanalytics/~3/106999101
_________________________________________________________
_______________________________________________________
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
_______________________________________________________ _______________________________________________________
I have now uploaded some of the photographs and videos I took during my visit to Iceland in February.
Photographs on Flickr: http://www.flickr.com/photos/probeirne
VVideos on YouTube: http://www.youtube.com/PROBeirneThe videos are short captures of Strokkur geysir, Gulfoss waterfall, and feeding the ducks on Reykjavik pond.
__________________________________________________________
_______________________________________________________
Copyright (c) Systems Modelling Limited,
http://www.sysmod.com .
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received
this newsletter from anybody else, we urge you to sign up for your personal copy
by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com
For those who would like to do more than receive the monthly newsletter, the
EuroIS list makes it easy for you to discuss issues raised, to share experiences
with the rest of the group, and to contribute files to a common user community
pool independent of the sysmod.com web site. I moderate posts to the EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen
to reflect our focus on practical solutions to IS problems, avoiding hype. If
you like acronyms, think of it as "Patrick's reports and analysis across
Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at
http://www.sysmod.com/praxis.htm
DISCLAIMER
This newsletter is prepared in good faith and the information has been taken
from observation and other sources believed to be reliable. Systems Modelling
Ltd. (SML) does not represent expressly or by implication the accuracy,
truthfulness or reliability of any information provided. It is a condition of
use that users accept that SML has no liability for any errors, inaccuracies or
omissions. The information is not intended to constitute legal or professional
advice. You should consult a professional at Systems Modelling Ltd. directly for
advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to
anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers
a moderated discussion list for readers and a free shared storage area for
user-contributed files. The archives of this group are on YahooGroups website
http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________