$BlogRSDUrl$>
linking INTEGRITYIntegrity - use of values or principles to guide action in the situation at hand.Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR. Transforming the cybersecurity culture - 2005 Resolutions, 28.12.04
SearchSecurity.com
To make information security truly an enterprise-wide effort, the director of New York's Office of Cyber Security and Critical Infrastructure Coordination has come up with resolutions for 2005 that create a foundation harder for hackers to crack. [...] Here's how each employee, from those in the CEO's office to the mailroom, can resolve to do his or her part:
One way to gauge if the security philosophy is sinking in is to test employees. "We'll have employees receive a phishing scam particular to what they do," Pelgrin said. "If they fall prey to it, they'll get a warm and fuzzy training session on what could have happened." (0) comments Establish a configuration control board in your organization, 17.12.04
TechRepublic Security Solutions
A configuration control board (CCB)--also known as a configuration management board--is a group that should play an essential role in an organization's overall network strategy. Typically chaired by the CIO, these boards usually include voting representatives from every department in the company.
The overall goal of a CCB is to make decisions that increase the operational efficiency and usefulness of the network's ability to support the business process of the company. Security is an integral part to the CCB process, and members should take every opportunity to address security concerns during every phase of configuration management.
[CLB: This is not wholly a governance board. A parallel stakeholders board can be form including execs from c-level, the board, shareholders, and the CCB to overview and manage all busness governance issues. ] (0) comments Study finds corporate 'old boys' have positive impact on governance reform,
The Globe and Mail
When University of Toronto assistant professor Tim Rowley set out on his latest research project, he intended to illustrate the undue influence of Canada's 'old boys' network' on corporate boards of directors.
Instead, he came to the surprising conclusion that while there is an elite of interconnected directors at Canada's largest firms, they have had a positive impact as leaders of corporate governance reform.
'The assumption has always been that the old boys' club is a bad thing. And in many cases, it probably points to recruiting practices that aren't desirable,' said Prof. Rowley, who is also director of the Clarkson Centre for Business Ethics & Board Effectiveness at the U of T's Rotman School of Management. 'But when it comes to governance, our research indicates they actually drive good governance.'
[...] "But I think it has evolved now to a point where the old boys have become sold on the importance of good corporate governance. And because they are old boys . . . they can bring to the table more authority in dealing with and addressing these issues."
Indeed, he says he has seen "old boys" adopt new governance ideas "more easily than some of the new boys" because their business experience has demonstrated their value.
[...] The U of T study looked only at the group of 16 directors who sat on five or more boards of S&P/TSX index companies as of September this year. The researchers graphed the web of connections between the companies they oversee, and placed one director at the centre of the web: Torstar Corp. chief executive officer Robert Prichard.
(0) comments Alberta: Review of Public Sector Outsourcing,
Information and Privacy Commissioner Frank Work announced that his office will be working jointly with the Government of Alberta to examine the implications of public sector outsourcing for the personal information of Albertans. “Outsourcing” in this context refers to contracting out business functions that involve Albertans’ personal information.
--OIPC (0) comments Phishing Web sites grew by 33 percent in November, 14.12.04
IT World Canada
The number of phishing Web sites associated with online identity theft scams grew by 33 per cent in November, after dropping off in September and early October, according to data compiled by the Anti-Phishing Working Group (APWG) and shared with IDG News Service.
The group received reports of 1,518 active phishing sites during November, up from 1,142 in October. Reports of phishing Web sites have grown by an average rate of 28 per cent monthly since July, as scam artists broadened their efforts to lure customers of companies that do business online.
[CLB: Phishing will continue to grow more serious over the next 12 months.] (0) comments Roads Gone Wild - a Comment on Control Systems which include People,
Wired 12.12
No street signs. No crosswalks. No accidents. Surprise: Making driving seem more dangerous could make it safer.
The common thread in the new approach to traffic engineering is a recognition that the way you build a road affects far more than the movement of vehicles. It determines how drivers behave on it, whether pedestrians feel safe to walk alongside it, what kinds of businesses and housing spring up along it. 'A wide road with a lot of signs is telling a story,' Monderman says. 'It's saying, go ahead, don't worry, go as fast as you want, there's no need to pay attention to your surroundings. And that's a very dangerous message.'
[...] planners have redesigned several major streets, removing traffic signals and turn lanes, narrowing the roadbed, and bringing people and cars into much closer contact. The result: slower traffic, fewer accidents, shorter trip times. "I think the future of transportation in our cities is slowing down the roads. When you try to speed things up, the system tends to fail, and then you're stuck with a design that moves traffic inefficiently and is hostile to pedestrians and human exchange."
[CLB: Fascinating article - worth the read.]
How to Build a Better Intersection: Chaos = Cooperation
[CLB: In other words, decentralised interworking principles repurposed for road and other physical transportation design systems. About time! Learn even more: Traffic Engineering] (0) comments TheStar.com - CIBC breach spotlights hole in privacy law, 13.12.04
TheStar.com - CIBC breach spotlights hole in privacy law: "In a global networked world, limiting privacy protection to physical presence potentially eviscerates the effectiveness of privacy legislation. The U.S. recognized this several years ago when it enacted the Children's Online Privacy Protection Act. That statute, focused solely on the protection of children's online privacy, purports to regulate any Web site, wherever it is located, provided that it targets U.S. children.
Canadians, both young and old, deserve similar protection. If the current law does not address the issue, Canada should move quickly to plug its jurisdictional privacy hole." (0) comments The dangers of reactive security,
SearchSecurity.com
How to be security proactive according to Computer Associates Executive Security Advisor Diana Kelley during an Infosecurity New York conference presentation last week.:
Step 1: Understand business and technology requirements
Step 2: Understand the constraints
Think legacy systems, processes and policies. Mainframes, client/server applications, DOS-based applications. What is of value to your business? What's the cost of loss?
Step 3: Select the right technology
Technology is about getting business done. Build detailed requests for proposal based on the above requirements. Know what you need before you talk to a vendor.
Step 4: Build a plan
Based on the above information, create an action plan. Inventory and assign value to the assets and protect them around business needs. Buy-in from all interested parties is important.
Step 5: Test and train
Systems, applications and people have a tricky way of behaving in production environments. Before roll out ensure that the solution works within a relational context. Untrained users are one of the biggest vulnerability vectors. Get sign off. Consider 'human' ways to engage the entire organization in the security process.
Step 6: Implement
Roll out new solutions and processes into production. Communicate changes clearly to affected parties. Manage and monitor effectiveness of the solutions. Use reporting and metrics as proof points.
[And what were the dangers?]
"Reactive security is like the little Dutch boy plugging holes in a leaking dike," said [...] Kelley. "Eventually you're going to run out of fingers."
Essentially, reactive security fails to protect, fails to respond in time, doesn't meet compliance regulations and is an example of overspending while under-protecting assets, Kelley said.
(0) comments Call for a single national securities regulator, 12.12.04
TheStar.com
[...] At the heart of [central bank governor David] Dodge's comments was the call for a single national securities regulator to replace all the provincial and territorial bodies.
'We need a national regulator. It's an idea whose time came years and years ago,' said Thomas Caldwell, chairman of Caldwell Financial Ltd., a Toronto investment firm. Canada's multiple securities regulators have made it expensive in efficient for investors, he said.
Foreigners interested in investing in Canada are, indeed, put off by the various levels of securities regulations, Myers agreed. 'Canada's patchwork regulation is more in line with the 1960s than an economy in the 21st century,' he said.
'If Canada cannot show the world it has a single regulator that is effectively enforcing regulations and meeting the standards of international capital markets, even Canadian companies may go elsewhere to raise capital.'" (0) comments Government Uses Color Laser Printer Technology to Track Documents, 11.12.04
Yahoo! News
Next time you make a printout from your color laser printer, shine an LED flashlight beam on it and examine it closely with a magnifying glass. You might be able to see the small, scattered yellow dots printer there that could be used to trace the document back to you.
According to experts, several printer companies quietly encode the serial number and the manufacturing code of their color laser printers and color copiers on every document those machines produce. Governments, including the United States, already use the hidden markings to track counterfeiters.
[...] The dots' minuscule size, covering less than one-thousandth of the page, along with their color combination of yellow on white, makes them invisible to the naked eye, Crean says. One way to determine if your color laser is applying this tracking process is to shine a blue LED light--say, from a keychain laser flashlight--on your page and use a magnifier.
[...] However, they could also be employed to track a document back to any person or business that printed it. Although the technology has existed for a long time, printer companies have not been required to notify customers of the feature.
Lorelei Pagano, a counterfeiting specialist with the U.S. Secret Service, stresses that the government uses the embedded serial numbers only when alerted to a forgery. "The only time any information is gained from these documents is purely in [the case of] a criminal act," she says.
John Morris, a lawyer for The Center for Democracy and Technology, says, "That type of assurance doesn't really assure me at all, unless there's some type of statute." He adds, "At a bare minimum, there needs to be a notice to consumers."
(0) comments Nobel Winner Maathai Sounds Alarm Over Planet, 10.12.04
Yahoo! News
'The state of any country's environment is a reflection of the kind of governance in place, and without good governance there can be no peace,' said [Wangari Maathai, Kenya's deputy environment minister and the first African woman to win the Peace Prize]. (0) comments
Archives07.03 08.03 09.03 10.03 11.03 12.03 01.04 02.04 03.04 04.04 05.04 06.04 07.04 08.04 09.04 10.04 11.04 12.04 01.05 02.05 03.05 04.05 05.05 06.05 07.05 08.05 09.05 10.05 11.05 12.05 01.06 02.06 03.06 04.06 05.06 06.06 08.06 09.06 10.06 11.06 01.07 02.07 03.07 04.07 07.07 08.07 09.07 10.07 05.08 06.08 |