Month: April 2017

Trying My Hand at Making a System for Procedurally Generating Stories

Jason Anderson Leave a comment

Last year, I got the idea of making a game where a group of friends could get together, have a game scenario generated for them, and they could start playing.  This is something called procedural generation, wherein game settings, mechanics, assets, and other components are created from an alogorthim, and a bit of randomness.  I thought I would just research this, since creating any sort of video game takes a lot of time and skill.  In this case, I was looking into a system for creating stories.

I’ve read a few things about procedurally generating stories (for instance, Tail-Spin and Minstrel) and I stumbled upon one that may be in my reach.  From a paper titled “Random Word Retrieval for Automatic Story Generation” I found out about something called ConceptNet.  This is a commonsense knowledge database for finding the relations between concepts via semantics.  So you can find one concept (like “dog”) and find corresponding concepts for it (such as “animal”).  The paper talks about the intent of making a system for using ConceptNet to find the relations between words (in a process called “Concept Correlation”) and make a story out of it.  Sadly, they haven’t yet implemented the system.  So what I’m trying to do is make something that will, uh, sort of make a story.

In the paper, they talk about how the system requires a Knowledge-Based System.  Unfortunately, this system is quite tedious and difficult to create (or so the paper says).  So I’m just trying to find the connections between words and concepts.  All that I’ve been able to do, though, is mess with the Python interface to the ConceptNet website, and maybe find some related terms.  Finding the connection between two dis-similar terms is difficult, because the concepts have many branching nodes which connect to other nodes.  Finding the right nodes which connect the two concepts would take a while, because the system would have to iterate over the nodes until they find a match.

The examples I’ve been using have been “dog” and “snow”.  So the system would have to go through each node in the “dog” concept until it found a node which connects to “snow”.  It could be any connection from “dog” -> hasA-> “nose”  -> RelatedTo-> “wet” -> PropertyOf -> “snow”.  Please note that these aren’t actual connections in ConceptNet, but something like this can be found in the database.

So I don’t know how I’m going to tackle this monster, let alone make a story out of it.

Newer Ways of Audit Reporting on Third Party Companies

Jason Anderson Leave a comment

I went to a recent meeting of the North Texas chapter of ISACA, and there was a presentation on SSAE 18.  For those of you who don’t know, SSAE 18 supersedes SSAE 16, and consolidates Service Organization Controls reporting into something more manageable.  Here, I’ll talk about what I’ve learned about SSAE 18, SOC 1, and SOC 2.

In SSAE 18, more emphasis has been put on testing the design of controls for subservice organizations (e.g. third parties for which the organization has contracted out some process) and whether they are doing what they are suppose to be doing.  The auditor, through Service Organization Control (SOC), has to report on the effective use of these controls.  In the case of a SOC 1 report, they would assist in testing the controls as they pertain to the financial statements.  With SOC 2, the auditor reports on the controls with regards to security, availability, integrity, and confidentiality.

Now the auditor has to look for things such as complementary user entity controls, which are the controls that are assumed to be in place for users.  The auditor will have to look at reports from the subservice company to the main organzation.  They will have to see whether the organization is actually verifying the information in the report.  For instance, the auditor will have to see system-generated reports are being validated by the users of these reports.  The processing integrity principle will be used heavily in this situation.

This audit will look at how management has chosen the suitable criteria for the control, and how well they’ve measured the subject matter (note that “subject matter” means the risk relevant to entities using the subservice company).  So an auditor will look at whether the risk is something related to the entity’s business with the subservice company, then check the metrics of the current control, and see whether they are actually related to the control.