This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml



Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

ISO's Standard for Certifying Persons: ISO/IEC 17024, 23.6.04

Canadian General Standards Board

In recent years, the face of many professions has changed dramatically. Globalization, altered demographics and the explosion of innovations in information technology have created new opportunities and challenges, and new occupations have arisen to meet the demand. More and more, governments, businesses and an increasingly savvy public are seeking proof of competence through the certification of new and existing professions.

In response to this need for certification, the International Organization for Standardization, Conformity Assessment Subcommittee (ISO/CASCO) initiated the development of ISO/IEC 17024, General requirements for bodies operating certification of persons. This new standard provides a benchmark for certification bodies offering certification of persons in any occupation and facilitates accreditation by national bodies.


This comprehensive standard lays out the general operating requirements for the certification body, including provisions for a management system. It describes conditions for application, examinations, surveillance and recertification. And, it specifies the requisites for independence of training from certification, confidentiality of information, competence of staff and subcontractors, and the need for stakeholder input into certification schemes.


[CLB] Great news. Many organizations consider creating certification programs for their membership. Using an internationally accepted framework for creating these programs and the certification process requirements will assist potential certificate holders in choosing a prgram. In these instances, they will be able to rely at least on the process underlying the program, and hence better rely on the association maintaining it.I wish I'd thought of this!

(0) comments

Prepared Minds Favor Chance, 21.6.04

MIT: Technology Review

[...] The discontinuity emerges from the vast breadth and scope of data that a Merck, a GE, an Airbus, a Wal-Mart, or a GM can reliably generate. There's an extraordinary clash and convergence of opportunity and intent. On the one hand, innovators are seeking laserlike precision in the focus and specificity of their innovation initiatives. On the other, it's become so cheap and easy to collect data on every aspect of an experiment's progress that the question has become, Why not? Data diversity that would once have been dismissed as chaotic noise is now understood to contain meaningful signals. Correlation becomes the crucible for innovation and insight.


So Merck and Wal-Mart won't merely explore provocative correlations; they'll be exploring the provocative correlations of correlations. These meta-analyses will become how prepared minds cultivate chance as well as exploit it. Innovators will spend less time designing clever experiments to generate data and more time scouring the data to generate hypotheses.

Exploring correlation and causality between multiple monitoring modes should spawn even greater opportunities. [...]

Of course, correlation isn’t causality.

(0) comments

Access Patterns Organize Data,

MIT: Technology Review

Old Dominion University researchers have devised a way to organize large bodies of information that is based on the way the human brain organizes information.

The method could eventually allow information repositories like the Internet to self-organize based on the way users access information, and in the process cut search time, make searching more intuitive, and preserve information about the relationships among data.

(0) comments

MIT's Nicholas Negroponte:Which new products or services are likely to make the biggest splash?, 18.6.04

BW Online

Peer-to-peer is key. I mean that in every form conceivable: cell phones without towers, sharing leftover food, bartering, etc. Furthermore, you will see micro-wireless networks, where everyday devices become routers of messages that have nothing to do with themselves.

Nature is pretty good at networks, self-organizing systems. By contrast, social systems are top-down and hierarchical, from which we draw the basic assumption that organization and order can only come from centralism.

(0) comments

Nanotech: Beyond the Hype -- and Fear,

BW Online

[...] before the basic science is even ironed out -- nanotech research could be derailed by outside factors. Already, nascent signs of dot-com style hucksterism are appearing, with companies making nanotech claims of dubious scientific merit. Conversely, Kulinowski adds, others are fearful of the perils of nanomaterials without understanding the underlying science.

[...] There are two broad categories of risk assessment going on right now. One is in biological systems -- starting with the effects on individual cells and up to more sophisticated organisms such as vertebrate animals. There's a lot of work going on this area already -- looking at how nanoparticles affect bacteria or how they accumulate in cells, for example.

[...] The second major category looks at the environment. Do nanomaterials accumulate in water or the earth, and if so, do they pose a risk? Are they changing the balance of a water supply in terms of bacteria. If we're making lots of nanoparticles and they become part of waste stream, what happens to them in the long run?

(0) comments

Security Pipeline | Trends | Stop Playing Chicken With Cybersecurity, 17.6.04

Security Pipeline | Trends | Stop Playing Chicken With Cybersecurity: "Now, it would be reasonable to ask, 'After all the terrible worm and virus and other types of attacks over the past few years, and the billions and billions of dollars it cost to clean up those messes, and the utterly astounding business risks incurred in such attacks, what company here in the 21st century would be so stupid--so moronically unthinking and irresponsible--as to leave systems unprotected? To leave known flaws unpatched? Who would allow this to happen?' "

(0) comments

Judge tosses online privacy case | CNET News.com, 16.6.04

Judge tosses online privacy case | CNET News.com: "'The online industry has always made the argument that there's no need for legislation protecting online privacy, that through privacy policies and self-regulation they're able to give people the protections they need,' Sobel said. 'This decision really underscores the fact that there appears to be no enforceable protection in place.'"

(0) comments

The Real Threats to Security are Changing,


The Spread of Hybrids

Some hybrids target applications, like SQL, or features, like Active Directory service functions, that are common in particular operating systems. But the vulnerability is increasingly in the application, rather than in the OS itself.

Hybrid malware may use worm techniques for spreading, a virus to do damage, and then implant a Trojan horse to turn the system into a zombie or remotely controlled proxy or remailer.

Spyware and ad-bots can add to these risks, as can the uncontrolled use of peer-to-peer technologies like kazaa. While ostensibly for market research or file sharing -- 'legal' sharing, only, please -- even well-intentioned uses of such software can open gaping holes in network firewalls. It is these leaky holes that create risk by providing potential attackers with both systems information for exploiting, and personal information that can be stolen and used for identity theft.

The good news is that host and enterprise anti-virus software identifies and stops the lion's share of all of these forms of malicious software.

The bad news is that times are changing -- fast.

The speed with which new infectors are popping up is increasing. The cycle time between knowledge of a vulnerability and the release of an exploit is shrinking. We may not be at the point, yet, where exploits pre-date patches but the trends make that a foreseeable event.

Remember that in practical terms, it's not the release date of the patch, but the time it takes to test and then apply the patch that is a bigger concern to enterprise system managers.


(0) comments

TheStar.com - Speak, Canada, speak, on equality, 15.6.04

TheStar.com - Speak, Canada, speak, on equality: "The Supreme Court of Canada has made equality the centerpiece of its jurisprudence, has insisted that equality be measured in terms of effects, not purposes. The focus has been on the social consequences of those who are subject to the law, not the mind of those who wrote the law. "

(0) comments

ITBusiness.ca, 11.6.04

ITBusiness.ca: "'Typically, what really compounds any IT problem is panicking by system administrators and the database admistrators and the people that are on the front lines to keep things running and address problems,' he said. 'It may have taken them a couple of days to do it simply because they weren't panicking. They were taking a step-by-step approach and being quite conservative.'"
While not passing judgement on the whole of the RBC processing and public relations 'situation' of the past week, this from one commentator is worth focusing on.
Perhaps system administration and CIO handbooks need the same cover as the Hitchhikers Guide to the Galaxy....DON'T PANIC.

(0) comments

Cingular systems open door to fraudulent credit card transactions - TechUpdate - ZDNet, 9.6.04

Cingular systems open door to fraudulent credit card transactions - TechUpdate - ZDNet: "Cingular systems open door to fraudulent credit card transactions"
You really have to ask yourself what the systems people were thinking when they designed this. You would think that we are way past the point where programmers can add features based on THEIR PERCEPTION of customer convenience. You really need to talk to real customers.

(0) comments

Nanotechnology pioneer slays 'grey goo' myths,

Innovation Report

Eric Drexler, known as the father of nanotechnology, today (Wednesday, 9th June 2004) publishes a paper that admits that self-replicating machines are not vital for large-scale molecular manufacture, and that nanotechnology-based fabrication can be thoroughly non-biological and inherently safe.

Talk of runaway self-replicating machines, or "grey goo", which he first cautioned against in his book Engines of Creation in 1986, has spurred fears that have long hampered rational public debate about nanotechnology. Writing in the Institute of Physics journal Nanotechnology, Drexler slays the myth that molecular manufacture must use dangerous self-replicating machines.

"Runaway replicators, while theoretically possible according to the laws of physics, cannot be built with today's nanotechnology toolset," says Dr. Drexler, founder of the Foresight Institute, in California, and Senior Research Fellow of the Molecular Engineering Research Institute (MERI). He continued: "Self-replicating machines aren't necessary for molecular nanotechnology, and aren't part of current development plans."

The paper, Safe Exponential Manufacturing by Chris Phoenix, Director of Research of the Center for Responsible Nanotechnology, (CRN) and Dr. K. Eric Drexler, also warns that scaremongering over remote scenarios such as "grey goo" is taking attention away from serious safety concerns, such as a deliberate abuse of the technology.

(0) comments

The latest Worst-Case Worm research paper, 8.6.04

Nicholas Weaver and Vern Paxson, International Computer Science Institute, nweaver@icsi.berkeley.edu vern@icir.org

May 5, 2004


Worms represent a substantial economic threat to the U.S.
computing infrastructure. An important question is how
much damage might be caused, as this figure can serve
as a guide to evaluating how much to spend on defenses.
We construct a parameterized worst-case analysis based
on a simple damage model, combined with our understanding
of what an attack could accomplish. Although
our estimates are at best approximations, we speculate
that a plausible worst-case worm could cause $50 billion
or more in direct economic damage by attacking widelyused
services in Microsoft Windows and carrying a highly
destructive payload.

[CLB] Recall the Warhol worm, and all the study done on zero day worms? This paper does not diverge in the basics, merely in quantitive initial assumptions, such as having a small nation state at your disposal. Still, the cost due to worm outbreaks of even a small perentage desicrbed in the paper add up quickly.

(0) comments

Survey: Network attacks double at financial firms',


Admitted attacks on computer networks at global financial institutions more than doubled in the last year, resulting in more monetary losses. Yet a quarter of those companies say they're not spending more on new security systems.

Those are the findings in the 36-page 2004 global security survey [PDF] by New York-based Deloitte Touche.

IT executives from 100 companies were interviewed for the report, and 83% acknowledged their systems have been compromised in the past year, compared to only 39% in 2002. Of those surveyed, 40% said attacks against their networks resulted in financial loss. Despite that, 25% reported flat security budget growth.


The survey did show some positive trends.

Among them, financial institutions showed improvement in complying with regulations, as two-thirds (67%) of respondents indicated they have a program for managing privacy compared to 56% last year. In addition, 69% felt that senior management is committed to security projects needed to address regulatory requirements.


(0) comments

The passions about Reagan,

San Francisco Chronicle

That the great outpouring of affection is accompanied by waves of strong dissent is both predictable and fitting. Ronald Wilson Reagan never shied from controversy in defense of his principles. It was what made him an effective leader as well as the architect of a complex legacy that will be the subject of a spirited dispute enduring beyond all of our lifetimes.

[CLB] Whether you agree or disagree with his principles and decisions as a leader, it's clear that great passion for principle combined with an informed response to the situtations of the world make for great leadership.

(0) comments

GMail Bill Gets a Face-Lift, 5.6.04

Steptoe & Johnson

The buzz over Google's new e-mail service is getting louder. On May 27, the California State Senate approved an amended bill that puts tough restrictions on e-mail providers who wish to scan their customers' e-mail messages for advertising purposes -- and every other email and instant messaging company for good measure. SB 1822, authored by California State Sen. Liz Figueroa (D-Fremont) in response to Google's email service, was recently revised by Sen. Figueroa to remove a key provision from the original bill that would have required providers to obtain the consent of anyone sending a message to a subscriber before the provider could scan messages. But it now regulates all forms of automated scanning of messages -- a technique widely used by providers for security, antispam, and other purposes.

(0) comments

Letter to Wall Street: Start Thinking About Long-term Value,

Inside 1to1

Teaching long term to short-term watchers

It is obvious to everyone that today's publicly owned businesses have a problem when it comes to reconciling Wall Street's demand for short-term results with their ultimate task, as managers, of achieving long-term value. In recent issues of more than one business magazine, the most admired and successful companies listed tend to be the privately held firms, not publicly traded, and therefore not subject to Wall Street's short-term demands. Surely this is a message. Surely this has some significance. Is there anything that financial analysts could do to address this problem? Well -- yes, actually. And that's why we're addressing this open letter to the analyst community.

The basic problem is that even though shareholders are in fact quite interested in the long-term value a company creates for them, at present there is no better, more reliable indicator of long-term value creation than short-term financial performance. The discounted-cash-flow (DCF) method for valuing a business is based on forecasting the firm's future cash flows, but in the end even the most sophisticated predictions rely mostly on aggregate business trends and market projections, and all future trends begin with today's events.

On the other hand, all the operating cash flows at any business come originally from customers. If you add up the lifetime values of all current and future customers, the customer equity you calculate should exactly equal the enterprise's overall discounted cash flow. Moreover, when analyzed this way, the firm's future cash flows can be divided not just into operating entities and business units, but also into the revenues expected from different types of customers. So customer equity can actually be broken down, analyzed, predicted and validated all the way down to the molecular level of the individual customer.

For a business, customers are the scarce resource. They are scarcer than capital. If you have a customer for your business, you can almost certainly obtain the capital needed to serve him. But the market -- any market -- contains only a finite number of customers, who are difficult to obtain and expensive to replace. So it is vital for any business to create the most value possible from its customers. Return on Customersm (ROC) is a metric designed to gauge the rate at which a business does, in fact, create enterprise value from any customer or group of customers.


(0) comments

Wall Street On the Run,


[...] Wall Street research has gone awry, Tarasoff began in his letter. The emphasis on the All-America Research Team 'was an insidious development for our profession because it focused much of the research community's attention on the wrong goals and led to a number of unfortunate practices that survive to this day.' Thus, effective immediately, the firm would abolish several of those unfortunate practices, starting with its rating system. No more buy, hold, or sell ratings on the stocks covered by Cowen. Its analysts would still have investment opinions, Tarasoff hastened to add, but they would express those opinions 'the old-fashioned way, using the full richness of the English language.'

Cowen was also abolishing a second pillar of modern securities analysis: the quarterly earnings note. 'Most of these voluminous postmortems serve no purpose and consume considerable resources,' Tarasoff wrote. 'This policy will ensure that our analysts write only when they have something important to say.' Finally, in place of ratings and earnings notes, S.G. Cowen would stress 'good investment ideas' and 'proprietary information flow.' That is, the firm would publish research only when it had some unique value and could not easily be duplicated by competitors.

(0) comments

Build privacy into the products, 4.6.04


Speaking at the Infosecurity Canada conference in Toronto Wednesday, Ann Cavoukian said it was important to distinguish privacy, which relates to personal control of the use and disclosure of information, from security, which controls access to information that's used in a business context.

"Security's an important part of privacy. Without security, you can't have privacy. But you can certainly have security without privacy."

In a security-centric world, "the biggest challenge is limiting the use of information for the purposes stated," Cavoukian said. She said people are not only concerned about the growth of a huge database of their personal information, but this private information may be subverted by attackers.

If privacy of health-related data is affected online by hackers, for instance, "you're talking about life and death consequences."


As North America witnesses the rise of chief privacy officers, one of the fastest growing designations, companies must decide who within an organization will be responsible for this job, Cavoukian said. Ideally, the function should rest with a "customer-friendly" department like marketing or business development, she said.

Karbaliotis predicted chief privacy officers will grow in importance because these will be individuals "willing to stand for the company and say 'We're doing this right.'

"Maybe it shouldn't be the security officer. Maybe it shouldn't be the chief technology officer."

Instead the right candidate should understand technology, business processes, the legislative environment and be involved in business planning, he said.

The 9/11 crisis allowed an increasing degree of security to marginalize privacy, but now "we need a new paradigm," urged Cavoukian, and added security and privacy are necessary for freedom to prevail.

[JW] They have an idea about what security means, but I don't think that most businesses . . . still comprehend what privacy really means.

(0) comments

Privacy Is Your Business, 3.6.04

CIO Magazine

[JW] JetBlue found themselves on the wrong end of litigation and bad publicity after neglecting senior level involvement in privacy and data management.

(0) comments



Integrity Incorporated

Site Feed

 Feedblitz email:

 RSS: http://linkingintegrity.blogspot.com/atom.xml

"We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
Compromise need not mean cowardice. .."

John Fitzgerald Kennedy, "Profiles in Courage"


07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08