Tuesday, 10 January 2012

More on what is plagiarism…

Today I will continue with checklists.

T^his follows as a response to accusations that I plagiarized material in one of my books.

I will look in particular at the section from the following pages.

  • 95
  • 96
  • 99

This was attributed to Appendix 8A: Lan Audit Guide of Information Technology Audits by Xenia Ley Parker (June 15, 2007) in the Security Errata page.

The reason, my book was published in 2008 (though I had already submitted this section in 2007). The section in Xena Parker’s book is not actually from that author in any event. There is an attribution from Xenia Ley Parker to JHU. These checklists do not start in 2007. They actually go back to the 90’s.

I have uploaded a couple old DeMorgan documents (I am still searching the original ASX ones and will have these loaded as soon as I have found them).

There are a couple for today:

  1. 01 Audit definitions.pdf
  2. Audit manual.pdf

I have loaded and hyperlinked these documents above.

Lucky for the wayback machine. The windows section was used as my submission to SANS for the Windows NT 4.0 security book. I will link this when I actually find it, but finding things from the 90’s, well it takes time (and I still have work as well strangely enough and an added 4-5 hours a day right now was not in my plan).

The two manuals above became a DeMorgan template. I was only one of several people who worked to create these and they were edited to become FAR better by the others than I could have hoped for.

In particular, I have to note the following people from the Australian Stock Exchange (and they are but a few of around 20 people involved in making those documents including others from outside the exchange and a few at PWC who also helped and Dave Maunsel who moved to Andersons to become an Andriod).

  • Chris Fox
  • Lesley Gear

The original goes to 1996 with the majority of it in 1997.

A real bugger for what I am being accused of plagiarizing as my document dates a decade before hers. Even used at BDO, this goes to 2005. Now, she has not plagiarized this, she has attributed the source she used. She attributed these to JHU (John Hopkins) which is also wrong. JHU placed these online in 2010 in the current format and around 2007 before.

I mentioned Treasury yesterday. I have to find a way to load old emails and more in such a way onto this site that offers them as proof. However, first I will remove Xena Parker’s supposed authorship of these documents in 2007 and that from around the time of JHU.

To do this, have a look at the 2000 Treasury report linked here. It only contains a small section of the ASX document, but this is a simple online section of the checklist predating Parker’s attribution to JHU in any event. We see the JHU document properties come to March 2007, well after mine.


Also see: http://www.scribd.com/doc/1218262/5/Audit-Objectives-and-Tests

So, the question is just how did these checklists get around?

Well simple. They were issued to over 100 companies in Australia, India and the USA. More, we loaded them onto Auditnet.org. I do not think you can access these without a membership from there, but I will do my best in the coming days to link these. More, in starting DeMorgan, we subcontracted a good deal. We handled a good deal of security work for IBM and CSC under a sub-contract arrangement. IBM said they did everything for the 2000 Olympics, in fact DeMorgan ran systems such as the OCAs (Olympic Co-ordination Authorities) and even some of the Police and traffic interfaces.

So all of these documents were issued as PWC, IBM, CSC and other documents.

I should have self-referenced this, but I did not. In future, I will do more to ensure that I do so. My crime here is not that I stole the works of Xena Parker, but that I did not attribute my own work (and more that I did not note those who had helped me create this.

More importantly, I have not attributed those who helped me, made updates and who actually made these documents of use (they where so full of spelling and grammatical errors the first time). The early versions of this have flowed around for over 15 years now. They are not recent as is supposed.

Those people from the ASX who reviewed my work also need a mention. The grammatical errors in my early work was appalling.

Lesley Gear in particular truly helped. I was a good techie back than, but I could not write a report to save myself. When we worked together in the 90’s, she really helped me get on track and she added a good deal of insight and help into these checklists.

Well, just how did this stuff get to JHU?

I would guess from the auditors. I have not spoken to Chris for years now, he has moved to Queens and I do not get to NY as much as I have in the past. Chris was and is an auditor. He was my handler you may say when I was in the Australian Stock Exchange. He used to (with Lesley’s help) take the mash I created and make it legible (and intelligible).

Chris worked for the Big 4 for some time and then others with more reach. We used and re-used each others work. These were the real Wild Wild days of the web. So, really, these documents are a collaboration. So many auditors and managers have reviewed them that they are not the original.

He was my means to be able to survive a political animal such as the exchange and I learned many lessons from him.He took technical knowledge from me and I had a polished product when he had reviewed it.

The original emails are available as are the documents if anyone wants to analyze them more.

Showing permissions 1

Here is the email from the SQL cheat sheet section. I used some material there. Nothing complex on any of these and I guess I should really formally obtain permission to use the web pages and materials of others.

I actually do have more formal permission sheets these days and publishers are more stringent than they used to be just a few years back. This is of course one of the reasons why.


More emails like this later in the week. Right now, I am already behind on work and I promised a Metasploit step by step in parts. So… to it.

More tomorrow…

No comments: