PraxIS May 2008

08-05 Contents: Data leakage, ICS events, SoftTest, Eusprig, Spreadsheet Safe training and certification

ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0805.htm   [Previous] [Index]  [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  

IN THIS ISSUE

1) Risk & Security
     Aer Lingus 5-euro flights to the US from test data leaked to web
     Data Protection Commissioner Unprotected
     Irish Computer Society Privacy Forum Launch
     ICS Security Professionals Network presents ISO27001

 

2) Software Industry
     SoftTest Ireland for software testers
     Accounting for nothing

 

3) Spreadsheets
     Eusprig 2008
     Safety in Numbers
     The bigger picture

 

4) Off Topic
     $5/hr for Excel skills?!

 

17 Web links in this newsletter
 
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information

_______________________________________________________

Welcome to PraxIS

I am happy to announce the launch this month of my training course for Spreadsheet Safe certification!

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  Information Security Risk

Aer Lingus 5-euro flights to the US from test data leaked to web

Aer Lingus blamed a technical fault for an error which saw up to 300 people book 5-euro business-class flights to the US. However, the airline will provide economy-class seats to the customers who made the reservations between 7.30am and 9am, when a promotional fare test webpagewas mistakenly put up live. The flights of course were not 5 euro but about 150 euro each when taxes and charges were added.

http://www.rte.ie/news/2008/0418/aerlingus.html

Data Protection Commissioner Unprotected

http://www.mulley.net/2008/05/07/data-protection-commissioner-cant-protect-their-data-leaked-annual-report-for-2007/

The office of the Data Protection Commissioner, which aims to protect people's privacy, has been the subject of a data leak. Blogger Damien Mulley accessed their 2007 annual report on the Commissioner's website, which was not due to be released until 11am the next day. The report also contains a list of top 10 threats to privacy.

http://www.dataprotection.ie/docs/Home/4.htm

15 Case studies published by the DPC. Examples include

Case Study 4: NewTel Communications - Ordered to suspend marketing (three times in three years)

Case Study 10: Member of staff at Revenue accessing and using personal data of a taxpayer. DPC staff said they believe this breach may not have been an isolated incident.

Case Study 14: Ryanair - Remedial action taken for customers to unsubscribe from marketing
"[Ryanair] invited recipients who wished to unsubscribe to send a blank email to an email address which began with the word ‘leave’ and which consisted of a string of over seventy characters comprising a varied mix of letters and digits."

http://www.siliconrepublic.com/news/news.nv?storyid=single10966

Irish Computer Society Privacy Forum Launch

http://www.ics.ie  Irish Computer Society

On May 27th the Irish Computer Society will launch the ICS Privacy Forum, a dedicated networking space for data protection professionals or those with an interest in data protection and privacy issues. The ICS Privacy Forum aims to facilitate information sharing and discussion among professionals of all backgrounds on data protection issues that impact on their work. These might include emerging trends, opportunities or challenges in the data protection field. It will enable graduates of the ICS Data Protection Practitioner Certificate to keep their knowledge up-to-date.

The inaugural meeting of the ICS Privacy Forum will be held at 6pm on Tuesday, 27 May 2008 at the Irish Computer Society’s headquarters at Mount Street Crescent, Dublin 2. Speakers are Billy Hawkes, Data Protection Commissioner; Michael O’Farrell, Senior Manager, Risk Advisory Services, Ernst & Young; David Tarleston-Hodges, Author of ICS Data Protection Certificate, Training Manager, QT&C Ltd.

ICS Security Professionals Network presents ISO27001

http://www.ics.ie/events  ISO27001: Asset Management & Information Classification

Bored of making long lists? How to secure your information assets and still keep a social life. Michael Brophy (CEO Certification Europe) will present a practical approach to managing information assets and classifying information.

When: 15th May, 12.30pm Start. Registration/refreshments from noon
Where: ICS Headquarters, Crescent Hall, Mount St Crescent, Dublin 2
Cost: Free to members. 25euro to non-members

Risk in Perspective

This sign has sharp edges (also, the bridge is out ahead)

Sometimes, people may have different perspectives of health & safety :-)

____________________________________________________________
____________________________________________________________   

2) Software Industry

SoftTest Ireland for software testers

http://www.SoftTest.ie  The next meeting will be 17:30 on Thursday May 15th in IBEC Baggot St, featuring:

Business Process Testing by Johan Adriaansen, Citco Global Securities Services Ltd.

Why automation fails, why we should keep trying. Walk through Business Process Testing, why it is so powerful, and examples.

Surviving in an Agile Environment by Markus Clermont of Google Switzerland.

How we try to ensure the quality of our software in the presence of short release-cycles, iterative development, prototyping and the
absence of formal processes and documentation.

Accounting for nothing

http://www.msofficeaccounting.co.uk/ 

Microsoft Office Accounting Express 2008 Download Microsoft Office Accounting Express 2008, a free accounting software for new and home-based small businesses. The home page has an animation, you have to wait for it to load before the 'skip intro' button appears, but free is free. It features Core Accounting (Nominal ledger, Sales Ledger, Purchase Ledger, invoicing, payments and banking), but not stocks, orders, modelling or multi-user access.

http://www.pcw.co.uk/personal-computer-world/software/2207529/microsoft-office-accounting-3685035 Review of MSOAE

A data migration wizard is currently included for Sage Line 50 v11 and v12 and Sage Instant Accounts v12, plus an import tool from Excel

http://www.accountingweb.co.uk/cgi-bin/item.cgi?id=175535 Accountingweb discussion from accountants

____________________________________________________________
____________________________________________________________

3) Spreadsheets

Eusprig 2008

http://www.uwic.ac.uk/eusprig/2008/

The 9th EuSpRIG Annual Conference, theme "In Pursuit of Spreadsheet Excellence" will be at the University of Greenwich, London UK July 10-11 2008. It's only two months to go!

Spreadsheet Safe

Safety in Numbers

The primary sponsor of EuSpRIG 2008 is an innovative programme Spreadsheet Safe™.

In response to the growing requirements of business to reduce the risks posed by unsafe spreadsheets, Q-Validus, in conjunction with its training and testing partners, BPP Learning Media and BTL Learning & Assessment, has developed Spreadsheet Safe™, a training and certification programme designed to help spreadsheet end-users and organisations assure and maintain good spreadsheet design, usage and control.

I am an Authorised Spreadsheet Safe Trainer and will be offering the full training and certification programme.

What does it cover?

http://www.spreadsheetsafe.com/product/syllabus/
The syllabus is aimed at the person who uses Excel to get an important job done. If you're not sure about the skill levels of your current users, ask me about a pre-course test that will let you know how familiar people are with these essential basics. If you need more advanced coverage, ask me about that too.

Who is behind it?

The Spreadsheet Safe™ syllabus was developed in conjunction with a number of the world’s leading experts in the area of spreadsheet design, and control. I was one of their Subject Matter Experts (SMEs).

The Spreadsheet Safe™ certification programme is designed by Q-Validus™, whose management team has decades of experience in developing and delivering global certification programmes As a trainer myself, I appreciate the clarity of thought they bring to making complex topics accessible to the ordinary computer user. I was privileged in working with them to learn how economically they can construct the kind of penetrating questions that elicit the real state of a person's skill.

What does Spreadsheet Safe™ do?

• Raises standards in spreadsheet development, maintenance and control
• Delivers the skills and knowledge required to validate work and ensure the integrity of the information
• Increases awareness of key issues and potential problems in spreadsheet use
• Ensures high awareness of spreadsheet audit routines
• Mitigates risk around spreadsheet use
• Gives confidence in the validity and credibility of spreadsheets
• Demonstrates a commitment to best practice
• Certifies to an international standard
 

What's in the Spreadsheet Safe package?

In the package you get the training manual, access to the online courseware, and you must sit the certification test within 2 weeks. For 375 euro (less discounts for several candidates from the same company) I offer a one-day package of training and test, where from 9am to 3:30pm candidates work through the syllabus and then after a break will sit the certification test which is a 45 minute test of 32 items.

A sample extract from the training manual is available from http://www.spreadsheetsafe.com/product/snapshot/

How much preparation is enough?

In my opinion, ten days preparation is enough provided you already know about formatting, passwords, range names, data import and export, SUM, IF and Lookup functions, error values, charting, (un-) hiding, the auditing toolbar, the Excel error checking indicators, and data validation. You can prepare for the examination well in advance by reading my book 'Spreadsheet Check and Control' and other good books on Excel. If you've never had a training course in Excel or read a book on it, it's going to be tough. Be frank with yourself and recognise that while you can leave some topics to a final course just before the exam, there is only so much new stuff you can absorb in a day. This is the kind of serious certification that employers demand, not a perfunctory test meant to pass anyone who simply wants a certificate. Success in this certification test means that the candidate is able in a minute or two to recognise a good or bad practice and describe how an error can be detected or prevented. To be that good you need an everyday familiarity with Excel and an automatic recognition of the situations that give rise to errors and how to reduce their incidence through planning, layout, and testing.

http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control Spreadsheet Check and Control is available worldwide from Amazon and directly from us with free shipping to EU:

http://sysmod.buy.ie/catalog/product_info.php?products_id=188 

For further information check out www.spreadsheetsafe.com  and http://www.sysmod.com/spreadsheetsafe

The bigger picture

There are software utilities for greater efficiency in spreadsheet error checking. I provide training in spreadsheet auditing aimed at power developers and IT auditors. I can perform the audit if what you need is a first look to evaluate the business case for more institutionalised practices of development and testing. Contact me to take this further.

Effective spreadsheet control needs not just control tools but people enabled to reflect on and improve their own work. This has been an interest of mine ever since the days I gave training courses in the Personal Software Process (PSP).

Theory X & Y

Theory X states that workers need to be closely supervised and comprehensive systems of controls developed. According to Theory Y, employees may be ambitious, self-motivated and anxious to accept greater responsibility, and exercise self-control, self-direction, autonomy and empowerment.
http://en.wikipedia.org/wiki/Theory_X_and_theory_Y

Bottom Up

The spreadsheet controls market is dominated by the top-down process-heavy supervisory methodologies that check up on the kind of spreadsheets that people are creating. Inevitably this creates a blizzard of reports that require filtering with an experienced eye to determine what is worth looking at. A bottom-up approach should eventually reduce the amount of supervisory effort by empowering knowledge workers to adopt responsibility for their work.

Back in 2001 Barry Boehm predicted that "The ranks of 'sorcerer’s apprentice' user-programmers will swell rapidly, giving many who have little training or expertise in how to avoid or detect high-risk defects tremendous power to create high-risk defects."
http://www.cebase.org/www/AboutCebase/News/top-10-defects.html 
Software Management article (Jan 2001) "Software Defect Reduction Top 10 List"

The Regulator's View

http://www.eusprig.org/conf2007report.htm
At the 2007 EuSpRIG Conference, Dean Buckner of the UK Financial Services Authority reported once again that user training is still shockingly neglected. Many people in the industry who spent most of their working lives working on spreadsheets had often received just one or two days' training on Excel.

http://www.accountingweb.co.uk/cgi-bin/item.cgi?id=170552
"I'm not seeing any change to the dumb solutions. It's still spreadsheet hell," Buckner said. "For each visit I do at a bank, I have a look at a little bit of code. You can guarantee you will always see a little bit of stupid code."
In his presentation he said that accreditation is seen as burdensome, risky and difficult – it implies generally accepted view on good practice, for a start. As the Spreadsheet Safe syllabus contains the view of a number of world experts on good practice in spreadsheets, it addresses the concerns that Buckner raised.

How does this relate to conventional software engineering?

http://www.sysmod.com/psp.htm  The Personal Software Process (PSP)
The Personal Software Process is a disciplined approach to improving one's software development process. Through a series of eleven cumulative exercises, developers learn to track time and defects, estimate, and improve quality through design and code reviews. All we are expecting spreadsheet creators to do is the defect management part of this process – to be able to recognise defects, correct them, and prevent them where possible.

_______________________________________________________
_______________________________________________________

FEEDBACK

Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

4) Off Topic

Competitive market - $5/hr for Excel skills

http://www.scriptlance.com/projects/1209998212.shtml?ref=dcm

It's tough to make a living as a freelance - an initial bid of $75 for a simple comparison facility has been gradually beaten down to the latest one of $10. Mind you, the language of that offer does not inspire confidence, but many of the $20+ bids look to be from genuine contractors, even though they charge only $5 per hour.
 

_______________________________________________________
_______________________________________________________

Copyright (c) Systems Modelling Limited, http://www.sysmod.com . Reproduction allowed provided this copyright notice is included.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I moderate posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm

DISCLAIMER
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________