$BlogRSDUrl$>
linking INTEGRITYIntegrity - use of values or principles to guide action in the situation at hand.Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR. Federal privacy law to face legal challenge, 30.12.03
The Quebec government is preparing a constitutional challenge against a new federal privacy law that governs how businesses manage and protect customer information
With just two days left before the new federal privacy rules go into force, the Quebec Court of Appeal has cleared the way for the province's attorney-general to contest the 'constitutional validity' of the Personal Information Protection and Electronic Documents Act, a law that will apply to any business in a province that doesn't already have its own private-sector privacy legislation.
The province's position, outlined in a Dec. 17 Quebec Court of Appeal order obtained by the Star and translated into English, is that the federal law 'interferes with Quebec's constitutional competence in matters of civil rights' and that the federal government has exceeded its jurisdiction.
'This puts them in a position to launch a case at any time,' said Michael Geist, a professor of Internet law at the University of Ottawa and technology counsel for law firm Osler, Hoskin, Harcourt LLP.
'The suggestion here is that we may see (a constitutional challenge) very early in 2004.'
[...]
CLB: Businesses which have not yet complied may find this a relief. However, every business should have a substantive privacy policy and general legislative and regulartoy compliance systems in place, regardless of this PIPEDA hiccough. (0) comments E-mail bank rumor sends customers rushing to withdraw cash, 28.12.03
Email / cell cause run on bank
A bank here has launched a police complaint after a malicious e-mail that claimed the institution was going bankrupt began circulating, prompting customers to withdraw all their savings.
Officials at the Bank of Saga, which was targeted in the prank, said the e-mail was sent on Wednesday, stating, 'The Bank of Saga is apparently going to go under on the 26th. It is recommended that people who have savings there withdraw all their money.'
CLB: Could have been anywhere, any bank. Perhaps a form of anti-rumour authentication is required in news. (0) comments Survey: 'Unknown Hackers' Greatest Security Fear, 26.12.03
A survey at a recent security conference reveals that more respondents are concerned about outside intruders posing a threat to network security than current employees.
Reed Exhibitions conducted the survey with Network Intelligence Corp. at the InfoSecurity 2003 event in New York City Dec. 10-11. The survey was answered by 87 of the 2,000 security executives and professionals who attended the event. Some of the highlights:
The network will never be 100% secure, 66% of the respondents answered. On the other extreme, 27% responded that the network will be 100% secure within one to five years.
The most feared potential source of corporate security breaches was 'unknown hackers,' cited by 40%; followed by current employees, feared by 32%. The greatest concern related to security compliance, with the growing number of regulations such as the Sarbanes-Oxley Act, was the threat by current employees, cited by 47%, followed by unknown hackers, cited by 30%.
The majority of breaches in the past year came from unknown hackers, cited by 49%.
(0) comments Audio Integrity Links, 23.12.03
Audio additions to this blog will supplement articles and links. So listen in with your audio media player. Carolyn
(0) comments DHS | Department of Homeland Security | Homeland Security Advisory System, 22.12.03
Homeland Security Advisory System
(0) comments Canada's Security Resources,
National Security Canadian Intelligence Resource Centre:
(0) comments INTEGRATED NATIONAL SECURITY ASSESSMENT CENTRE (INSAC),
A New Level of Cooperation
Oct 16, 2003
Objectives of the Centre
The primary objective of INSAC is to assist in the prevention and disruption of national security threats at the earliest possible stage, thereby weakening threat infrastructures and pre-empting future threat-related activities. This is accomplished through the production of timely assessments, which combine strategic and operational intelligence through the unique and dynamic interaction of participants.
The Centre benefits from the multi-disciplinary backgrounds of its participants as well as the diverse skill sets they possess. It also provides each participant with an effective conduit to their home departments and agencies, including direct access to relevant databases and information holdings. This integrative approach to information sharing and assessment is designed to not only enable a more effective response to security threats, but also to promote a better understanding of the mandates of the departments and agencies involved in the Centre.
Participants in the INSAC process include the:
(0) comments Nobel Institute, 20.12.03The Globe and Mail, 18.12.03
SEDI WEBSITE
Insider trading reports are posted on the Internet at SEDI (System for Electronic Disclosure by Insiders), a joint project of Canada's securities regulators. The site is remarkably handy once you figure out how to get at the information.
Here are some tips:
(0) comments Time wise,
While most insider trades are legal, some can raise eyebrows nonetheless, particularly given their timing
"Insiders are not always careful about when they trade. A Report on Business examination of trading in more than 130 stocks whose prices moved on news in recent months yielded a surprising list of cases that inspire questions about when insiders should avoid the market.
The 25 examples highlighted today and tomorrow include trades done before news (both good and bad) or so soon afterward that people were still figuring out how to react. Company officials sold shares before dismal earnings reports and bought-deal financings that depressed share prices. Others bought shares or acquired them by exercising stock options before happier announcements. The chairman of a mining company sold a week before a lacklustre quarterly report. The controlling shareholder of a communications company topped up his holdings days before a stock buyback was announced.
This was not hard-core insider abuse concealed by offshore accounts or secret nominees.
It was open, presumably honest trading, duly reported to the authorities. The reports can be viewed on any computer linked to the Internet. They may tell you that the people who run a company have been in the market at times when you wonder whether they had an extra edge, but you won't know for sure unless you can read minds" (0) comments Watchdog pledges patience,Realizes new privacy law takes getting used to. Repeat offenders may face having names publicized Canada's new privacy watchdog has two words for businesses scrambling to understand and comply with the country's new privacy legislation: Don't panic.
(0) comments Canada - Conflict of Interest and Post-Employment Code for Public Office Holders,
Message from the Prime Minister
"The attached document is a revised Conflict of Interest and Post-employment Code for Public Office Holders. This is the first updating of the Code since 1994. The objective of the Code is to enhance confidence in our system of government. Our government must uphold the public trust to the highest possible standard. This responsibility falls uniquely on all of us as public office holders.
This Code sets the standards that Canadians will expect of us all. Its principles are intended to guide us in our official duties and responsibilities, and should always inspire us to pursue and uphold the public interest.
By acting always in accordance with the principles and specific provisions of this Code, public office holders will provide Canadians with a greater assurance that our government is acting in an honest and transparent manner.
CLB: Good early move in these times for a new world leader.
(0) comments Rules may limit security cameras, 17.12.03
Schools should use them only where needed and never in secret, Ontario's privacy watchdog says.
To ensure surveillance isn't abused and privacy is respected, Cavoukian said school boards should adopt a clear, formal policies -- before cameras are installed, if possible -- that include the following guidelines:
(0) comments Get security right the first time, 15.12.03
By Curtis Franklin Jr.
Successfully securing government organizations depends on knowing the systems, identifying the risks, and keeping people and procedures in mind The first thing to understand about IT security is that technology alone can’t save you. It’s tempting to think that a fabulous new product, whether hardware or software, will come to the rescue, solving security problems while leaving users happy and productive.
Unfortunately, the best security products can only implement the policies and procedures put into place and enforced by administrators. These policies and procedures provide the greater part of security for any IT resource. Indeed, the greatest amount of security administrators’ time and effort goes into developing, implementing, and enforcing policies and procedures.
CLB: Great quick snapshot of good security practice. Worth a review for infosec professionals working in SME environments.
(0) comments New audit rules count for IT departments, 11.12.03
Audit, Software, and Process >> Compliance Standards:
"The far-reaching implications of the Sarbanes-Oxley Act, the U.S. accounting law designed to repair the faults that the Enron scandal exposed, have taken many technology managers by surprise and a large number find themselves unprepared, according to Paul Zonneveld, a Calgary-based chartered accountant with Deloitte & Touche LLP and co-author of a new guide to the technology component of the legislation.
Mr. Zonneveld says technology departments will be under pressure to impose rigorous controls on their internal processes as a result of recently released rules on how audits should be conducted under the act. " (0) comments Inviting Investigation Inhouse, 6.12.03
Service firms buzzing with investigative work:
By Monica Perin Houston Business Journal Until recently, it was uncommon for public companies to invite a law firm or forensic accounting team to conduct a no-holds-barred independent investigation of internal records and activities.
But today, such investigations have become a growth industry for some law and accounting firms in Houston and across the country.
(0) comments The risks of insecure firing practises, 4.12.03
Man sentenced for hacking into Web site Associated Press
PITTSBURGH -- A former employee of American Eagle Outfitters has been sentenced to 1.5 years in U.S. federal prison for posting passwords on-line to the retailer's Web site and orchestrating an Internet attack.
Kenneth Patterson, 38, of Greensburg, must also pay more than $64,000 (U.S.) in restitution as part of his September guilty pleas to password trafficking and computer damage. He could have been sentenced to a maximum 11 years in prison and fined as much as $350,000.
Mr. Patterson's attorney, Martin Dietz, said he was pleased that the judge's sentence was less than prosecutors had been seeking.
'The government tried to blame Ken Patterson for all [American Eagle's] losses,' Mr. Dietz said.
Federal prosecutors said that Mr. Patterson posted user names and passwords for American Eagle users on an Internet hackers' group bulletin board and detailed instructions on how to hack into the company's system after he was fired last year.
Prosecutors said that Mr. Patterson then launched a series of 'denial of service' attacks -- which are intended to hamper or shut down a computer system by flooding it with data -- against American Eagle during the 2002 holiday shopping season.
CLB: Security best-practice includes employee hiring and exit processes. In this case, it appears that the American Eagle employee was not fired in a secure manner. In this case, the insecure process results in financial losses to company, and potentially extensive losses to the company's customers. Best practice for securely firing an employee usually involve several departments within an oganization, working to simultaneously: escort employee out of work environment (physical security), conduct an exit interview (HR), remove all digital and physical access (IT security, physical security), appropriately inform sensitive business relationship owners of employee status change (manager, marcom), file all union, legal, and regulatory required paperwork as soon as possible (HR, accounting, legal). Related policies: HR, IT, Marcom, Legal, Privacy.
(0) comments Security groups look at community needs, security governance,
Security groups look at community needs, security governance: "Five task forces formed this week at the National Cyber Security Summit have until March 1 to develop specific measures that will be implemented under the Homeland Security Department's supervision, but officials have already identified several steps to make progress in the near-term."
(0) comments Cutting the risk for directors,
NATIONAL POST: D. Udo Nixdorf, Financial Post
The growth of Directors and Officers Insurance is a cornerstone tool to improve corporate governance, which is necessary to satisfy the demands of corporate and organizational stakeholders and legislatures alike.
The old-time boards of directors are often pictured as a cozy group of insiders who were theoretically entrusted to look out for shareholders and provide objective diligence on the actions of management. But in practice, many may have had a hard time doing so. Dissatisfaction led to both federal and provincial legislation that made directors personally vulnerable for certain organizational economic losses.
Currently, more than 160 separate statutory provisions in Canada impose personal liability on a corporate director, many without requiring wrongdoing or fault, even a breach of a standard of care or bad faith. For organizations to attract quality directors, directors need protection, especially since directors fees are completely out of proportion to the risk and liability they assume.
Directors and Officers Insurance, introduced some 20 years ago, protects directors from legal actions or suits regarding management decisions of which they may not even be aware. Certainly they need protection for liabilities such as wages, accrued vacation pay and taxes that the organization cannot pay. Stakeholders today are demanding, even threatening legal action to get improved governance.
[...] (0) comments Information Sharing, 3.12.03
Think Tank Urges Information Sharing
Network Could Help Combat Terrorism By Jonathan Krim Washington Post Staff Writer Wednesday, December 3, 2003 "Crucial data about individuals that could thwart terrorist attacks are not being sufficiently shared among local, state and federal law enforcement agencies" (0) comments
Archives07.03 08.03 09.03 10.03 11.03 12.03 01.04 02.04 03.04 04.04 05.04 06.04 07.04 08.04 09.04 10.04 11.04 12.04 01.05 02.05 03.05 04.05 05.05 06.05 07.05 08.05 09.05 10.05 11.05 12.05 01.06 02.06 03.06 04.06 05.06 06.06 08.06 09.06 10.06 11.06 01.07 02.07 03.07 04.07 07.07 08.07 09.07 10.07 05.08 06.08 |