This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml



Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

Bankruptcy decision good news for boards, 30.10.04

The Globe and Mail

Boards of directors could breathe a sigh of relief yesterday as the Supreme Court of Canada ruled that directors of a bankrupt Quebec-based retail chain did not owe their allegiance to the company's creditors while it was 'in the nebulous vicinity of insolvency.'

The ruling in the case of Peoples Department Stores Inc. confirmed that directors owe their primary duty to the corporation itself, overturning a dramatic lower court ruling that directors should act in the interests of creditors when a company is financially weak.

(0) comments

New study: Spyware, viruses infect most home computers, 25.10.04


The study by America Online and the National Cyber Security Alliance found that 77 percent of 326 adults in 12 states assured researchers in a telephone poll they were safe from online threats. Nearly as many felt confident they were already protected from viruses and hackers.

When experts visited those same homes to examine computers, they found two-thirds of adults using antivirus software that was not updated in at least seven days.

Two-thirds of the computer users also were not using any type of protective firewall program, and spyware was found on the computers of 80 percent of those in the study. The reasons?

  • perception gap
  • lack of accountability
  • complicated technology
  • lack of awareness

(0) comments

Managing the Gamer Generation, 20.10.04


Gamers approach the business world a bit more like a game. They see the different companies - and maybe the people they work with - as 'players.' They're way more competitive and are very passionate about 'winning.' They are both more optimistic and more determined about solving any kind of problem you can imagine; they think there's always going to be some combination of moves that will result in success. That drives them to be incredibly creative. They're a bit suspicious of company leaders: The game world is not big on following hierarchy. Plus, they are very confident. Like entrepreneurs, they would rather rely on their own abilities to succeed or fail. They're also more comfortable with risks, but aren't reckless.

The book: Got Game: How the Gamer Generation is Reshaping Business Forever

(0) comments

Security policies break the ignorance cycle,


As for highways, so to security: Relieving the growing congestion on interstate highways and city streets will require more than simply building additional roads. Engineering is part of the solution, but economic, political, social and environmental considerations also determine what can and should be done. C-level executives and boards of directors are out of the communications loop when it comes to information security according to results from the Ernst & Young Global Information Security Survey 2004.

Survey results show that people at the highest management levels don't receive adequate, security-related information for making prudent decisions and need to engage more in decision-making communications. [...]

How can organizations break this cycle? The first step is to establish an infrastructure that supports, encourages and requires adequate communication about information security from the top down and bottom up. This can be structured through information security policies used in conjunction with detailed job descriptions and specific information security procedures. Policies and procedures should require top managers to define and communicate an overall strategy, assign responsibility for information security and engage in discussions about appropriate policies. Policies should require internal audits and periodic risk assessments for all information services. They should call for organization-wide information security status reports and compliance reports on laws and regulations (such as Sarbanes-Oxley). They should require incident handling reports and analysis about the adequacy of existing information systems controls.

Such an infrastructure involves many components, which could be mutually reinforcing. For example, a communications infrastructure could include multiple pathways so that important information is more likely to reach top management. This might involve an anonymous voicemail hotline for reports on security vulnerabilities and incidents. Such a hotline could provide an escape valve for channeling important, time-sensitive information, which would otherwise get the reporting individual into trouble with a mid-level manager. Likewise, periodic reports issued to a board of directors' audit committee would ensure that important information gets passed up. This could eliminate the middle management information blocking through other channels, which often occurs out of fear that it might make a person or department look bad.

(0) comments

SANS Unveils Top 20 Security Vulnerabilities,

Symantec Enterprise Security News

Petite histoire... Many of the vulnerabilities have made the list before, but there were some surprises this year, according Ross Patel, director of the Top-20 list.

Vulnerabilities in file-sharing applications and instant messaging, which ranked Nos. 7 and 10 on the Windows list, respectively, represent fairly new categories of risk, Patel said.

'There was almost unanimous concern among experts around file sharing and peer-to-peer,' Patel said. As with IM, file-sharing applications are simple and operational in nature, and security concerns are often overlooked, Patel said.

Web browsers, at No. 6 on the Windows list, were another hot topic.

(0) comments

PIPEDA - A privacy law which perversely protects those who break it, 19.10.04

Toronto Star

With Canada's national privacy law now nearly four years old, the Canadian privacy community has begun to assess the law's strengths and weaknesses. A recent ruling from the Privacy Commissioner of Canada's office involving an inadvertent e-mail disclosure provides a good case study for why the law's fundamental principles remain sound but that enforcement - both in terms of the Commissioner's approach and in limitations found in the law - remain a persistent shortcoming.

The case involved an unnamed Canadian loyalty program that mistakenly revealed the e-mail addresses of 618 people when it sent an e-mail message about a contest. The error was a relatively common one - rather than hiding the names in the e-mail message, the e-mail operator placed all the addresses in the "to" field. The company quickly sent an apology to the affected parties, but eleven recipients still chose to launch a complaint with the federal privacy commissioner.

The assistant privacy commissioner, who assumed responsibility for the complaint, concluded that it was "well founded." Canada's privacy legislation requires consent before the disclosure of personal information and it also compels organizations to provide adequate security safeguards to protect the personal information they collect. In this particular case, the e-mail addresses constituted such personal information. Despite the existence of a privacy policy and some security safeguards, the loyalty program failed to comply with both the disclosure and security principles and thus ran afoul of the law

(0) comments

The State of Information Security, 2004 - Security Policy, 18.10.04

Research Reports - CIO

Security Policy

Survey respondents indicated that user administration (69%), appropriate use of e-mail (56%), system administration (67%), network security administration (55%), system security administration (52%), appropriate use of the Internet (46%) and role-based access control (45%) were most frequently included in their security policy. Eight percent of those surveyed said their organization had no formal security policy, down slightly from 10 percent reported last year. .

Only 37 percent of executives surveyed said that their organization had both measured and reviewed the effectiveness of its security policy and procedures while 31 percent said they reviewed only. One-quarter (24%) of companies surveyed had neither measured nor reviewed the effectiveness of their security policies and procedures.

(0) comments

Why you shouldn't be using passwords of any kind on your Windows networks . . ., 15.10.04

Why you shouldn't be using passwords of any kind on your Windows networks . . .

A self identified senior member of the PSS Security Incident Response team blogs an interesting take on passwords.

(0) comments

Compliance With A Higher Standard, 11.10.04

Compliance Pipeline

Global Reporting Initiative A coalition of analysts at 17 investment firms, representing over $147 billion in assets, met yesterday in Washington. D.C. to urge publicly traded companies around the world to meet a higher standard of reporting on corporate governance, environmental, labor and other key issues.

In a joint statement, the analysts recommend that companies start reporting annually on their key social and environmental policies, practices and performance. The statement notes that companies are facing a growing number of questions and request for reports about these issues from investors, customers, environmental and labor groups, and the public. However, the manner in which companies provide such information now varies widely.

The coalition of analysts suggested that companies base their reporting on the Global Reporting Initiative's (GRI) Sustainability Reporting Guidelines. The GRI is an independent institution that has developed standardized sustainability reporting guidelines with the active participation of representatives from business, accounting, investment, environmental, human rights, research and labor organizations from around the world.

GRI indicators include measures of economic performance (such as total payroll and community donations); environmental performance (such as greenhouse gas emissions and water use); labor practices (such as worker health and safety and diversity); human rights (such as policies around child labor and indigenous rights); society (such as community impacts, bribery, and political contributions); and product responsibility (such as customer health and safety, advertising, consumer privacy).


(0) comments

Do we need a corporate bible?, 10.10.04

Woman's Globe

[...] the main function of a board of directors is to limit harm that occurs to corporations and to limit the harm that they do. Governance does not, in the short term, contribute to performance. Its concern is organizational persistence. Directors may not be able to fine tune the corporations they govern, but they can stop them from driving over a cliff. Directors are there to prevent corporate failure, not to tweak performance. Having said this, I think there are principles of governance that if followed have subtle effects on business sucess. Their main purpose is harm limitation, but by preventing strategic error and ill-considered leadership choices, they can improve performance.

(0) comments

Bastion of business was built to inspire,


After decades of design that turned its back on anything to do with nature - technology allowed us to think we could operate regardless of natural forces - we're now getting back to a realization that it's better to work with the planet than against it.

Indeed, Schulich turns upside-down traditional ideas of the academic building, where classrooms were murky boxes in which teachers ruled with iron fists. Here, students are assumed to be human. That may be a bit of a stretch, it's true, but perhaps the school will give them something to aspire to.

(0) comments

Kenya's Maathai Wins Nobel Peace Prize on Environment, 8.10.04

Bloomberg U.K.

Oct. 8 (Bloomberg) -- Wangari Maathai of Kenya won this year's Nobel Peace Prize for her work to promote democracy, protect the environment and improve social conditions, becoming the first African woman to receive the award.

Kenyan human rights and environmental activist Wangari Maathai , seen in this June 15, 2004 file photo, was named as the Nobel Peace Prize laureate for 2004, by the Norwegian Nobel Committee in Oslo, Friday Oct. 8th 2004.(AP Photo/Tor Richardsen, Scanpix) Maathai, 64, founded the Green Belt Movement, which has planted 30 million trees since its beginning in 1977. She fought for democratic change under the regime of Kenya's former President Daniel arap Moi, was elected to parliament in 2002 and is now assistant environment minister.

"Peace on earth depends on our ability to secure our living environment," Ole Danbolt Mjoes, director of the Nobel Committee, said at the committee's Oslo headquarters. "Maathai stands at the front of the fight to promote ecologically viable social, economic and cultural development in Kenya and in Africa."

(0) comments

Warming signs: thinner glaciers and saltier oceans, 7.10.04


Earth has a message for global warming skeptics: Its effects are starting to appear where it really counts. Antarctic glaciers are melting faster than scientists had thought. The tropical 'firebox' that drives the atmosphere's weather machine is running hotter. These two developments could significantly change our planet's weather patterns.

The Pacific is experiencing unprecedented number and intensity of typhoons. (NOAA)Links >>>>

  • Woods Hole Oceanographic Institution: Abrupt Climate Change - Bigger Hurricanes: A Consequence of Climate Change?
  • National Snow and Ice Data Center: All Cracked Up from the Heat? Major hunk of an Antarctic ice shelf shatters and drifts away
  • NASA: Scientists Report Increased Thinning of West Antarctic Glaciers

    (0) comments
  • No 'systemic problems', 6.10.04

    The Globe and Mail

    Canada's new audit watchdog said Wednesday a survey the country's four top accounting firms found no evidence of systemic problems with the quality of external audits, but also suggested “scope for further improvement” remains.

    The Canadian Public Accountability Board — which reviewed the work of Deloitte & Touche LLP, Ernst & Young LLP, KPMG LLP and PricewaterhouseCoopers LLP — also made a number of recommendations aimed at helping the firms improve the quality of future work.

    The CPAB's recommendations cover topics ranging from independence and ethics to human resources polices, monitoring of quality control, and how firms monitor and manage higher risk clients.

    For example, the report noted each of the four firms has extensive independence policies and procedures that have been updated to reflect recent changes in the profession's standards.

    “We have recommended some further enhancements or clarification to certain firms' policies — for example, the requirement to document on every audit any threats to independence and the safeguards employed to reduce such threats to an acceptable level,” the report said.

    As well, the report recommended that the firms make available to partners and staff a list of clients with whom audit independence must be maintained.

    “Such lists are an important safeguard against inadvertent independence violations arising from either investments or the provision of certain non-audit services,” the report said.

    Some firms, the report added, have yet to adopt a “code of conduct” that partners and staff need to sign annually. Similarly, some have yet to establish a formal “whistleblower” policy that would let employees report what they feel is unethical conduct or poor professional judgment without fear of reprisal.

    (0) comments

    Who's Afraid of the Big, Bad Board?,


    Boards of directors increasingly are turning their attention toward IT. And while board-level oversight can be scary, evidence is mounting that CIOs, their departments and their enterprises can - and should - thrive in the spotlight. [...]

    Corporate boards are increasingly aware of how dependent their companies have become on IT, and they are paying closer attention than ever before to its workings, even more so than they did during Y2K, according to Richard Nolan, a business professor at the University of Washington. At the same time, computer crashes, denial-of-service attacks and the need to automate compliance with new government regulations have heightened their sensitivity to IT risk and the need for board-level scrutiny. "There are so many opportunities where things can go wrong for CIOs," says Bob Weir, CIO of Northeastern University in Boston. As if managing a company's central nervous system wasn't enough responsibility, CIOs have become stewards for an enterprise's information assets and, in some cases, for as much as 60 percent of its capital spend, according to Nolan.

    Native Voices Foundation.  Painting Seneca
<br /> Eli Thomas and Hunter Mt, N.Y. The trend toward board-level IT oversight may sound threatening to CIOs, especially since it's largely being driven by negatives such as risks and regulation. And it is true that since the majority of corporate directors are current or former CEOs and financial types, they don't always know a great deal about the costs, risks and benefits of implementing technology. Therefore, some board members may lack the qualifications to ask the right questions about IT. In some situations, they might focus too heavily on cost issues and not be able to help their CIO evaluate, say, whether he or she has a sound program in place for training sales staff on a new CRM tool to ensure that the deployment doesn't tank.

    Yet, many IT executives are discovering that board scrutiny can be of benefit to them. CIOs whose boards pay attention to IT say it gives them greater visibility within the enterprise, puts IT on a level playing field with other functions represented by board-level committees - such as finance and HR - and provides support for evaluating projects, risks and investments. CIOs such as DTE Energy's Lynne Ellyn and FedEx's Rob Carter say executives who don't have such board-level attention should push for it, either through the audit committee or through a separate IT oversight committee. [...]

    Three very convincing arguments for board-level IT oversight

    1. The extent of corporate IT spending To convince your CEO or CFO that your board should be more concerned with technology, tell them exactly how much money the company spends on IT. But don't just throw the number on the table. If your company has never evaluated its total IT spending, the figure may frighten your higher-ups. Discuss the tally in terms of how it enables the corporate strategy and the return the company is seeing from it.
    2. The company's dependence on technology Pick a couple of key business processes and explain how and where they are enabled by technology. Describe how your company could suffer if a key IT enabler of that process failed as well as how your company could benefit from increased automation. The degree to which systems support business processes will also help explain the size of your company's IT spending.
    3. The role of IT in Sarbanes-Oxley compliance Financial reporting, access to data and data integrity require effective information systems. "You can't separate the increased focus on governance and controls from systems and information technology," says John Crowther, vice president and CIO of Diebold. "Going forward, they'll be even more tightly linked. Therefore, it's important to have someone address the executive committee and the board on the performance of those systems and their ability to meet the various requirements of Sarbanes-Oxley," he says.

    (0) comments

    Ansari X Prize Winner - SpaceShipOne, 4.10.04


    Brian Binney wins the Ansari X PRIZE $10 M dollars for his team!


    (0) comments

    Best practices for choosing an outside IT auditor,


    Whether it's for ISO/IEC 17799, SAS70, or regulatory compliance, there are six key points to keep in mind when selecting an IT auditor.

    1. Don't dismiss non-technical background candidates
    2. Look for certifications
    3. Look for experience
    4. Look for strong communications skills
    5. Don't assume a brand name is always better
    6. Ask to see their work

    (0) comments

    Does Post-Enron legislation go too far ~ One opinion: revise to give small companies leeway, 3.10.04


    Sarbanes-Oxley is goring business

    The corporate reform legislation that followed the Enron and WorldCom scandals is a classic case of a pendulum that has swung too far.

    The law, known as Sarbanes-Oxley after the lawmakers who wrote it, quickly enacted a series of measures intended to curb abuse. They ranged from demands for more oversight and independence on boards of directors to requirements that chief executives certify the accuracy of financial statements. [...]

    Whistleblower support: Below are companies offering hotlines for reporting workplace fraud and abuse

  • The Network
  • Shareholder.com
  • Integrity Interactive
  • EthicsPoint
  • Global Compliance Services

    (0) comments
  • Competition Bureau investigation leads to convictions in business directory scam, 1.10.04

    Government of Canada Press Release

    [...] The individuals sent out mail pieces that falsely appeared to be bills or invoices from Bell Canada or the Yellow Pages, when in fact they were solicitations to have their business details appear in internet-based directories operating under the scales of justice names Yellow Business Pages.com and Yellow Business Directory.com. Between May and December 2000, they sent mail to virtually all businesses and non-profit organisations in Canada and generated sales of over $1 million. [...]

    The Competition Bureau is an independent law enforcement agency that ensures all Canadians enjoy the benefits of a fair and competitive economy, low prices, product choice and quality service. It oversees the application of the Competition Act, the Consumer Packaging and Labelling Act, the Textile Labelling Act, and the Precious Metals Marking Act.


    (0) comments



    Integrity Incorporated

    Site Feed

     Feedblitz email:

     RSS: http://linkingintegrity.blogspot.com/atom.xml


    "We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
    Compromise need not mean cowardice. .."

    John Fitzgerald Kennedy, "Profiles in Courage"


    07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08