This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml



Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

Transforming the cybersecurity culture - 2005 Resolutions, 28.12.04


To make information security truly an enterprise-wide effort, the director of New York's Office of Cyber Security and Critical Infrastructure Coordination has come up with resolutions for 2005 that create a foundation harder for hackers to crack. [...] Here's how each employee, from those in the CEO's office to the mailroom, can resolve to do his or her part:

  • Recognize the relationship between physical and cybersecurity

    -Realize cyberevents can have physical consequences.

    -Help improve communication and cooperation between cybersecurity and homeland security entities.

  • Don't be overwhelmed by the challenges faced in cybersecurity

    -Break it up into digestible chunks.

    -Just get started.

    -Understand that one size does not fit all.

  • Don't be afraid to admit to a cybersecurity incident

    -Recognize 100% security does not exist and that when an attack occurs, do not engage in the "blame game."

    -Remember, too, that it's only through sharing information on attacks that we can truly help each other be better prepared.

  • Practice good cybersecurity principles

    -Don't open e-mails from untrusted sources.

    -Don't forward jokes/chain letters/photos received from unknown sources via e-mail.

    -Don't divulge a password for any gift or goodie.

    -Don't fall prey to phishing scams, which are becoming increasingly more sophisticated.

  • Empower the information security officer

    -Take cybersecurity seriously.

    -Get personally involved. Hold periodic meetings with your ISO; regularly have your ISO brief the executive team on new cyberthreats; recognize staff who demonstrate responsible cybersecurity behavior; ensure that your ISO has reviewed and signed off in writing on new systems before production; have cybersecurity as a standing item at executive meetings.

  • Be a role model for the next generation in good cybersecurity practices

    -Practice what you preach and adhere to these cyberprinciples yourself -- ensure that you have a strong password; take responsibility to become knowledgeable about sound cybersecurity practices; encourage a culture that cybersecurity is everyone's responsibility; build cybersecurity issues into your presentations.

    -Promote cyberethics.

  • Collaborate with others

    -Work with the public and private sectors to enhance our collective security.

    -Recognize you can't do it alone.

  • Promote the idea that good cybersecurity is everyone's responsibility

    -Ensure you understand your responsibility in using computing technology safely and securely.

    -Recognize that the average home users' computer processing power today well surpasses what was previously available to only the largest corporations or government agencies.

    -Don't assume that "someone else" is taking care of it (e.g. the IT department, government, etc)

  • Promote National Cyber Security Awareness Month -- October 2005

    -Develop a cybersecurity awareness campaign within your organization.

  • Don't be afraid to challenge the status quo

    -Question principles that were once core to good security practices. What was good 10, or even five, years ago may no long be what's good for cybersecurity today. For instance, employees were once told to never open an e-mail from someone they don't know -- this was a basic sound cybersecurity practice. But with the advent of spoofing, we can no longer rely solely on whether you know or think you know the sender. We need to question these principles to see if they still pass the test of time, and modify them when needed.

  • Have a passion for cybersecurity

    -This one speaks for itself, but it includes learning about threats, attacks and what you can do personally to prevent them.

One way to gauge if the security philosophy is sinking in is to test employees. "We'll have employees receive a phishing scam particular to what they do," Pelgrin said. "If they fall prey to it, they'll get a warm and fuzzy training session on what could have happened."


Post a Comment



Integrity Incorporated

Site Feed

 Feedblitz email:

 RSS: http://linkingintegrity.blogspot.com/atom.xml

"We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
Compromise need not mean cowardice. .."

John Fitzgerald Kennedy, "Profiles in Courage"


07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08