<$BlogRSDUrl$>
 

This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml

 

linking INTEGRITY

Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

Federal privacy law to face legal challenge, 30.12.03

The Quebec government is preparing a constitutional challenge against a new federal privacy law that governs how businesses manage and protect customer information

With just two days left before the new federal privacy rules go into force, the Quebec Court of Appeal has cleared the way for the province's attorney-general to contest the 'constitutional validity' of the Personal Information Protection and Electronic Documents Act, a law that will apply to any business in a province that doesn't already have its own private-sector privacy legislation.

The province's position, outlined in a Dec. 17 Quebec Court of Appeal order obtained by the Star and translated into English, is that the federal law 'interferes with Quebec's constitutional competence in matters of civil rights' and that the federal government has exceeded its jurisdiction.

'This puts them in a position to launch a case at any time,' said Michael Geist, a professor of Internet law at the University of Ottawa and technology counsel for law firm Osler, Hoskin, Harcourt LLP.

'The suggestion here is that we may see (a constitutional challenge) very early in 2004.'
Geist said such a challenge would create uncertainty in a business community struggling to understand and comply with rules designed to protect the privacy of customers and employees."

[...]

CLB: Businesses which have not yet complied may find this a relief. However, every business should have a substantive privacy policy and general legislative and regulartoy compliance systems in place, regardless of this PIPEDA hiccough.


(0) comments

E-mail bank rumor sends customers rushing to withdraw cash, 28.12.03

Email / cell cause run on bank

A bank here has launched a police complaint after a malicious e-mail that claimed the institution was going bankrupt began circulating, prompting customers to withdraw all their savings.

Officials at the Bank of Saga, which was targeted in the prank, said the e-mail was sent on Wednesday, stating, 'The Bank of Saga is apparently going to go under on the 26th. It is recommended that people who have savings there withdraw all their money.'

CLB: Could have been anywhere, any bank. Perhaps a form of anti-rumour authentication is required in news.


(0) comments

Survey: 'Unknown Hackers' Greatest Security Fear, 26.12.03

A survey at a recent security conference reveals that more respondents are concerned about outside intruders posing a threat to network security than current employees.

Reed Exhibitions conducted the survey with Network Intelligence Corp. at the InfoSecurity 2003 event in New York City Dec. 10-11. The survey was answered by 87 of the 2,000 security executives and professionals who attended the event. Some of the highlights:

The network will never be 100% secure, 66% of the respondents answered. On the other extreme, 27% responded that the network will be 100% secure within one to five years.

The most feared potential source of corporate security breaches was 'unknown hackers,' cited by 40%; followed by current employees, feared by 32%. The greatest concern related to security compliance, with the growing number of regulations such as the Sarbanes-Oxley Act, was the threat by current employees, cited by 47%, followed by unknown hackers, cited by 30%.

The majority of breaches in the past year came from unknown hackers, cited by 49%.



(0) comments

Audio Integrity Links, 23.12.03

Audio additions to this blog will supplement articles and links. So listen in with your audio media player. Carolyn

(0) comments

DHS | Department of Homeland Security | Homeland Security Advisory System, 22.12.03

Homeland Security Advisory System



High Condition (Orange).

A High Condition is declared when there is a high risk of terrorist attacks. In addition to the Protective Measures taken in the previous Threat Conditions, Federal departments and agencies should consider the following general measures in addition to the agency-specific Protective Measures that they will develop and implement:

  • Coordinating necessary security efforts with Federal, State, and local law enforcement agencies or any National Guard or other appropriate armed forces organizations;
  • Taking additional precautions at public events and possibly considering alternative venues or even cancellation;
  • Preparing to execute contingency procedures, such as moving to an alternate site or dispersing their workforce; and
  • Restricting threatened facility access to essential personnel only.




  • (0) comments

    Canada's Security Resources,

    INTEGRATED NATIONAL SECURITY ASSESSMENT CENTRE (INSAC),

    A New Level of Cooperation

    Oct 16, 2003


    The Centre draws personnel and input from the broader Canadian intelligence community, including those involved with defence, immigration, transport, communications, customs, critical infrastructure, foreign affairs and law enforcement to prepare timely, client-focussed and value-added intelligence. The assessments produced by the Centre are then distributed to the Government of Canada and recipient departments who forward them, as appropriate, to their partners, including those at the provincial, municipal and territorial levels, to improve warning, response and incident mitigation capabilities.

    Objectives of the Centre

    The primary objective of INSAC is to assist in the prevention and disruption of national security threats at the earliest possible stage, thereby weakening threat infrastructures and pre-empting future threat-related activities. This is accomplished through the production of timely assessments, which combine strategic and operational intelligence through the unique and dynamic interaction of participants.

    The Centre benefits from the multi-disciplinary backgrounds of its participants as well as the diverse skill sets they possess. It also provides each participant with an effective conduit to their home departments and agencies, including direct access to relevant databases and information holdings. This integrative approach to information sharing and assessment is designed to not only enable a more effective response to security threats, but also to promote a better understanding of the mandates of the departments and agencies involved in the Centre.

    Participants in the INSAC process include the:

  • Canada Customs and Revenue Agency
  • Canadian Security Intelligence Service
  • Communications Security Establishment
  • Department of National Defence
  • Office of Critical Infrastructure Protection and Emergency Preparedness
  • Royal Canadian Mounted Police
  • Transport Canada
  • Department of Foreign Affairs
  • Public Safety and Emergency Preparedness (Solicitor General)
  • Citizenship and Immigration Canada

    (0) comments
  • Nobel Institute, 20.12.03

    The Globe and Mail, 18.12.03

    SEDI WEBSITE

    Insider trading reports are posted on the Internet at SEDI (System for Electronic Disclosure by Insiders), a joint project of Canada's securities regulators. The site is remarkably handy once you figure out how to get at the information.

    Here are some tips:

  • Click on 'Access public filings,' then on 'View summary reports.'
  • Then select 'Issuer name' and 'Date of transaction.'
  • Then select a data range and fill in the first few letters of the company name.
  • Press Enter again.
  • Click on the word 'View' next to the company name.
  • This should yield a list of all trades reported by company insiders for the period you chose.

    (0) comments
  • Time wise,

    While most insider trades are legal, some can raise eyebrows nonetheless, particularly given their timing

    "Insiders are not always careful about when they trade. A Report on Business examination of trading in more than 130 stocks whose prices moved on news in recent months yielded a surprising list of cases that inspire questions about when insiders should avoid the market.

    The 25 examples highlighted today and tomorrow include trades done before news (both good and bad) or so soon afterward that people were still figuring out how to react. Company officials sold shares before dismal earnings reports and bought-deal financings that depressed share prices. Others bought shares or acquired them by exercising stock options before happier announcements. The chairman of a mining company sold a week before a lacklustre quarterly report. The controlling shareholder of a communications company topped up his holdings days before a stock buyback was announced.

    This was not hard-core insider abuse concealed by offshore accounts or secret nominees.

    It was open, presumably honest trading, duly reported to the authorities. The reports can be viewed on any computer linked to the Internet. They may tell you that the people who run a company have been in the market at times when you wonder whether they had an extra edge, but you won't know for sure unless you can read minds"


    (0) comments

    Watchdog pledges patience,


    Realizes new privacy law takes getting used to. Repeat offenders may face having names publicized


    Canada's new privacy watchdog has two words for businesses scrambling to understand and comply with the country's new privacy legislation: Don't panic.


    (0) comments

    Canada - Conflict of Interest and Post-Employment Code for Public Office Holders,

    Message from the Prime Minister

    "The attached document is a revised Conflict of Interest and Post-employment Code for Public Office Holders. This is the first updating of the Code since 1994. The objective of the Code is to enhance confidence in our system of government. Our government must uphold the public trust to the highest possible standard. This responsibility falls uniquely on all of us as public office holders.

    This Code sets the standards that Canadians will expect of us all. Its principles are intended to guide us in our official duties and responsibilities, and should always inspire us to pursue and uphold the public interest.

    By acting always in accordance with the principles and specific provisions of this Code, public office holders will provide Canadians with a greater assurance that our government is acting in an honest and transparent manner.



    Paul Martin

    Prime Minister of Canada


    CLB: Good early move in these times for a new world leader.


    (0) comments

    Rules may limit security cameras, 17.12.03

    Schools should use them only where needed and never in secret, Ontario's privacy watchdog says.

    To ensure surveillance isn't abused and privacy is respected, Cavoukian said school boards should adopt a clear, formal policies -- before cameras are installed, if possible -- that include the following guidelines:

  • Video cameras should be placed only in identified areas of schools where surveillance is necessary to deter or detect problems.
  • Equipment should never monitor areas where students and staff have a reasonable expectation of privacy, such as in change rooms and washrooms.
  • Students and staff should be notified about the surveillance program through clearly worded signs.
  • Schools should not use hidden cameras.
  • Strict controls are needed to ensure the security and the integrity of the recorded images.
  • Tapes that have not been used as part of an investigation should be erased after not more than 30 days.

    (0) comments
  • Get security right the first time, 15.12.03

    By Curtis Franklin Jr.

    Successfully securing government organizations depends on knowing the systems, identifying the risks, and keeping people and procedures in mind

    The first thing to understand about IT security is that technology alone can’t save you. It’s tempting to think that a fabulous new product, whether hardware or software, will come to the rescue, solving security problems while leaving users happy and productive.

    Unfortunately, the best security products can only implement the policies and procedures put into place and enforced by administrators. These policies and procedures provide the greater part of security for any IT resource. Indeed, the greatest amount of security administrators’ time and effort goes into developing, implementing, and enforcing policies and procedures.

    CLB: Great quick snapshot of good security practice. Worth a review for infosec professionals working in SME environments.


    (0) comments

    New audit rules count for IT departments, 11.12.03

    Audit, Software, and Process >> Compliance Standards:

    "The far-reaching implications of the Sarbanes-Oxley Act, the U.S. accounting law designed to repair the faults that the Enron scandal exposed, have taken many technology managers by surprise and a large number find themselves unprepared, according to Paul Zonneveld, a Calgary-based chartered accountant with Deloitte & Touche LLP and co-author of a new guide to the technology component of the legislation.

    Mr. Zonneveld says technology departments will be under pressure to impose rigorous controls on their internal processes as a result of recently released rules on how audits should be conducted under the act. "


    (0) comments

    Inviting Investigation Inhouse, 6.12.03

    Service firms buzzing with investigative work:


    By Monica Perin
    Houston Business Journal

    Until recently, it was uncommon for public companies to invite a law firm or forensic accounting team to conduct a no-holds-barred independent investigation of internal records and activities.

    But today, such investigations have become a growth industry for some law and accounting firms in Houston and across the country.


    (0) comments

    The risks of insecure firing practises, 4.12.03

    Man sentenced for hacking into Web site Associated Press


    PITTSBURGH -- A former employee of American Eagle Outfitters has been sentenced to 1.5 years in U.S. federal prison for posting passwords on-line to the retailer's Web site and orchestrating an Internet attack.

    Kenneth Patterson, 38, of Greensburg, must also pay more than $64,000 (U.S.) in restitution as part of his September guilty pleas to password trafficking and computer damage. He could have been sentenced to a maximum 11 years in prison and fined as much as $350,000.

    Mr. Patterson's attorney, Martin Dietz, said he was pleased that the judge's sentence was less than prosecutors had been seeking.

    'The government tried to blame Ken Patterson for all [American Eagle's] losses,' Mr. Dietz said.

    Federal prosecutors said that Mr. Patterson posted user names and passwords for American Eagle users on an Internet hackers' group bulletin board and detailed instructions on how to hack into the company's system after he was fired last year.

    Prosecutors said that Mr. Patterson then launched a series of 'denial of service' attacks -- which are intended to hamper or shut down a computer system by flooding it with data -- against American Eagle during the 2002 holiday shopping season.


    CLB: Security best-practice includes employee hiring and exit processes. In this case, it appears that the American Eagle employee was not fired in a secure manner. In this case, the insecure process results in financial losses to company, and potentially extensive losses to the company's customers. Best practice for securely firing an employee usually involve several departments within an oganization, working to simultaneously: escort employee out of work environment (physical security), conduct an exit interview (HR), remove all digital and physical access (IT security, physical security), appropriately inform sensitive business relationship owners of employee status change (manager, marcom), file all union, legal, and regulatory required paperwork as soon as possible (HR, accounting, legal). Related policies: HR, IT, Marcom, Legal, Privacy.



    (0) comments

    Security groups look at community needs, security governance,

    Security groups look at community needs, security governance: "Five task forces formed this week at the National Cyber Security Summit have until March 1 to develop specific measures that will be implemented under the Homeland Security Department's supervision, but officials have already identified several steps to make progress in the near-term."


    (0) comments

    Cutting the risk for directors,

    NATIONAL POST: D. Udo Nixdorf, Financial Post

    The growth of Directors and Officers Insurance is a cornerstone tool to improve corporate governance, which is necessary to satisfy the demands of corporate and organizational stakeholders and legislatures alike.

    The old-time boards of directors are often pictured as a cozy group of insiders who were theoretically entrusted to look out for shareholders and provide objective diligence on the actions of management. But in practice, many may have had a hard time doing so. Dissatisfaction led to both federal and provincial legislation that made directors personally vulnerable for certain organizational economic losses.

    Currently, more than 160 separate statutory provisions in Canada impose personal liability on a corporate director, many without requiring wrongdoing or fault, even a breach of a standard of care or bad faith. For organizations to attract quality directors, directors need protection, especially since directors fees are completely out of proportion to the risk and liability they assume.

    Directors and Officers Insurance, introduced some 20 years ago, protects directors from legal actions or suits regarding management decisions of which they may not even be aware. Certainly they need protection for liabilities such as wages, accrued vacation pay and taxes that the organization cannot pay. Stakeholders today are demanding, even threatening legal action to get improved governance.

    [...]


    (0) comments

    Information Sharing, 3.12.03

    Think Tank Urges Information Sharing
    Network Could Help Combat Terrorism



    By Jonathan Krim

    Washington Post Staff Writer

    Wednesday, December 3, 2003

    "Crucial data about individuals that could thwart terrorist attacks are not being sufficiently shared among local, state and federal law enforcement agencies"


    (0) comments
    
    

     

    Google

    Integrity Incorporated

    Site Feed

     Feedblitz email:


     RSS: http://linkingintegrity.blogspot.com/atom.xml

    
    

    "We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
    Compromise need not mean cowardice. .."

    John Fitzgerald Kennedy, "Profiles in Courage"

    Archives

    07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08