Information Systems, Security, and Fraud

I note that John Halliday (a colleague at BDO Kendalls – Director IS Audit) has written an overview article on information systems security and fraud. This is a good short article raising the link between IS security, governance structures, and organisational fraud. John is promising a series of articles in this newsletter, so I am sure there is more to come here.

From what I understand, this article also dovetails nicely with a seminar that was run on 18th April 2005.

Password Security and Caffeine Addiction

I note a completely unscientific study (by Verisign) – but it’s probably indicative – that indicates that 2 of every 3 San Francisco pedestrians were prepared to provide their passwords in exchange for a voucher for a Starbucks coffee. Which is a remarkably similar result to that found in a UK poll. I wonder whether you’d get the same results by offering a Caramello Koala here in Australia?

SME IT Health Checklist

One of the things I do in my “spare” time is chair the Information Technology & Management Centre of Excellence for CPA Australia (since 2002). This has responsibility for looking at over-the-horizon issues in information technology (as they relate to the accounting profession).

One of the interesting articles we published recently (thanks to Shauna Kelly who wrote it, I did review it before publishing although I think my most incisive comment was “I see” and “Great!”) was an IT Health Checklist for SME’s. A good starting point, at the very least – unfortunately you’ll need to be an Australian CPA or know a CPA to get the actual PDF (hey, there must be a CPA around here somewhere)…

Due Care and Attention Before Sending That Document

Just saw this article on zdnet which talks about how the US Army kind of mucked up when it released a confidential report but didn’t convert it to PDF properly. So the censor’s pen wasn’t quite black enough – easier to see than holding it up against the light, I guess.

Of relevance to those of us not in the US military though – never (well, almost never) send a document to a client or external party with track changes on or with dodgy metadata in it (you’ll see dodgy metadata under /file/properties in your Microsoft documents – if you do that and it looks like something you don’t want a client to see, then change your templates). Better yet, do what I do and send them as PDF documents (try CutePDF) – just be better at that than the US Army is.