TechWeb

"Computer firms are slow to respond to online customer inquiries, and more than one in three share customer data with business partners or affiliates without permission, a study released Monday showed."

This is one of those 'get it' questions, and apparently a lot of companies don't get it....yet.

The one's that survive will.

(0) comments

The Age

Less tolerance for failure in Australian boardrooms means chief executives are more likely to be shown the door here than in other countries, according to a global study.

And that harsh attitude might also be creating boards of directors, and CEOs, with risk-averse mind-sets, the latest Booz Allen Hamilton global survey of chief executive turnover has found.

Business Council of Australia president Hugh Morgan called for a debate on the findings, which he said showed 'Australia is running down its executive management resources faster than is desirable'.

'We are in an age of debate about short-termism and this research adds to the database,' he said. However, Mr Morgan added that debate had to be within the context of Australia's recent corporate success.

The survey of the world's 2500 biggest companies shows that CEO turnover in Australia remains higher than in other parts of the world: one in seven Australian chiefs changed or lost their jobs last year, compared with fewer than one in 10 elsewhere.

With shareholders showing little tolerance for failure and the companies coming under massive scrutiny in a relatively tiny market, Booz Allen Hamilton director Marion Skulley said boards needed to manage growth carefully to avoid becoming risk-averse.

She said this encouraged boards and chief executives to take a more short-term focus. 'We suffer from short-termism and that means keeping on managing on a cost-reduction basis rather than looking at avenues for growth through strategies that are more risky,' Ms Skulley said. [...]

[clb: Canadian CEOs and board directors do little better, also easily suffering the dangers of short-termism.]

(0) comments

CRN

[Report conclusion] No commercial or governmental organization has taken serious steps to study molecular manufacturing and lay the foundations for sensible policy. A few organizations including the NSF are making noises about global policy implications, but are nonetheless engaged in ignoring or denying molecular manufacturing. To begin filling the void, CRN introduced the Wise-Nano project, a collaborative website for researching the facts and implications of advanced nanotechnology. We believe that a cooperative affiliation of international study efforts offers the best opportunity to promote good policy and reduce risk. Wise-Nano.org is an initial step in that direction.

(0) comments

silicon.com

[...]

[Kevin Warwick, professor of cybernetics at Reading University] says the security problems that dog modern computing won't be much different from those that could plague the cyborgs of the future.

"We're looking at software viruses and biological viruses becoming one and the same," he said. "The security problems [will] be much, much greater... they will have to become critical in future."
<>If humans were networked, the implications of being hacked would be far more serious and attitudes towards hackers would be radically changed, he added.

"Now, hackers' illegal input into a network is tolerated," said Warwick, but if humans were connected to the internet and hacks carried out, "this would be pushing the realms of tolerance". [...]

[clb: This is not as sensationalistic as it might first appear. Cybernetic interfaces exist now.]

(0) comments

SIMCOE.COM - online newspaper serving Barrie, Alliston, Collingwood/Wasaga Beach, Midland and Orillia, Ontario

A bill that would lift the veil of secrecy on closed-door council meetings and other matters of public interest is enjoying enormous support at Queen's Park from all but a handful of MPPs.

Garfield Dunlop is one of them.

'It is just a nightmare,' was the Simcoe North MPP's blunt assessment of the legislation, which recently passed second reading. 'They are basically saying everybody that sits on these small, rural-type boards need to be under the watch of the government more. I am completely against that.'

Late last month, a resounding majority of MPPs approved, in principle, the Transparency in Public Matters Act, with 53 members voting in favour of the change.

If passed, the bill would ensure meetings of designated public bodies, including municipal councils and school boards, are open to the public.

'It's an incentive to ensure that the public interest in maintained at all times,' said Sarnia-Lambton MPP Caroline Di Cocco, sponsor of the private member's bill.

Under the act, residents who believe a council or other group has violated open-meeting rules, or is about to do so, could complain in writing to the province's privacy commissioner.

Those found guilty of contravening the act would face fines of up to $2,500.

In addition, any public business conducted behind closed doors inappropriately could be declared null and void, she said.

Dunlop, one of only three MPPs to vote against the bill, labelled it bureaucratic, and warned it would tangle community-run boards in yet another layer of red tape, potentially driving away the valuable volunteers who serve on them.

(0) comments

BBC
Junk mailers get the human touch
Analysis of junk mail shows that many messages exploit the hopes, fears and faiths of users to snare victims.

Spam offering pills and cures now accounts for 47% of messages analysed by filtering firm Clearswift.

Analysts say these tactics of "social engineering" are the greatest internet security risk over the next 10 years.

Serious side

Clearswift analysed 19,000 spam e-mail messages and found that increasing numbers were designed to catch people out by playing on the foibles of human personality.

Some appeal to greed by offering the latest "Rolex" watch at a bargain price. Others prey on the naïve by carefully mimicking the look and feel of messages and websites of well-known banks.

These so called phishing scams try to convince users to hand over their online bank details.

Using other well designed and carefully written messages, criminals try to persuade unaware people to click on a link or open a malicious attachment file.

One junk message even offers Christian mortgages in an attempt to shore up its credibility.

SPAM BY SUBJECTS

Healthcare: 46.9%

Direct Products: 20.8%

Finance: 10.2%

Scams: 7.1%

Pornography: 6.9%

Gambling: 0.5%

Others: 7.6%

Source: Clearswift, October 2004

Some e-mails use subject lines such as "your account details" that are easy to spot, but others are harder to see through. Many people have found that one wrong click opens the door for a deluge of more spam and viruses.

"It makes sense for spammers to target our weak spots," said Alyn Hockey, technical director of Clearswift.

"Though their success rate remains minimal, their constantly evolving tricks means organisations have to increasingly rely on robust e-mail security software to filter out their rubbish,"he said.

With the upcoming Christmas season, online security experts recommend internet users to take extra precautions, not only with e-mail but also with suspicious e-cards.

In early November analyst group Gartner said that the exploitation of people, rather than vulnerabilities in technology, was going to be the biggest security problem that organisations would face over the next few years.

(0) comments

1. SEI's IT Security Governance efforts
   
2. NIST's standards efforts
   
3. GAO's IT Audit's efforts
   
4. CISWG's audit efforts
   
5. PWC IT papers
   
6. IIA's IT Audit seminar program
   
7. NIST Security Configuration Checklist Program
   
8. Canada: The Canadian Governmental Security Policy, the Management of ITS standard, and other governmental security standards are available at: 1, 2, 3
   
9. USA: The Chief Information Officers (CIO) Council, IT Security Auditing (PDF)
   
10. National Security Awareness Day (NSAD)
    
11. Center for Internet Security (CIS)
    
12. Jim Kaplan's Karl web site
    
13. The IT Process Institute (ITPI)
    
14. The IIA's IT Audit newsletter and web site
    

(0) comments

What Is BizPaL?

BizPaL is a web-based service that will allow business clients to easily generate a customized list of the permits and licences they require from all levels of government.

Who?

The BizPaL Pilot Project is being developed with a lead group of government partners who will provide information on the permits and licences needed in their priority industry sectors. Once implemented, this partnership will be self-governing and self-funding. The Pilot Project includes the governments of: Kamloops, Halton, Whitehorse, Yukon, British Columbia, and Ontario; and Industry Canada. Once it is up and running, BizPaL will be available to all governments in Canada.

Read more about the pilot on BizPaL.ca and in the review article on IT World Canada.

(0) comments

IT World Canada
Balancing access and accountability with privacy

Placing appropriate controls on health data users, while conferring rights on data subjects …that, in a nutshell, is what the Personal Health Information Protection Act, 2004 (PHIPA) accomplishes.

The Ontario government-enacted law that came into force on November 1 applies to all individuals and organizations involved in health care services delivery. These include physicians and other healthcare practitioners – referred to in the Act as “health information custodians” – as well as any agent, who is authorized to collect, use and disclose personal health information on behalf of that custodian.

PHIPA has comprehensive provisions for healthcare practitioners and others to ensure personal health information of patients is kept confidential and secure.

But the scope of the Act goes much further.

It addresses two fundamental requirements – the need for privacy and the equally important need for seamless sharing of health information within the circle of care, whenever necessary, to ensure proper delivery of services.

These are often viewed as competing needs though they certainly need not be.

[....]

(0) comments

Canadian Law Site

Statutes that Address Whistleblowing

Ontario's two main environmental statutes, the Environmental Protection Act, R.S.O. 1990, c. E.19 and the Environmental Bill of Rights, S.O. 1993, c. 28, contain extensive protections for employees who have been discharged, disciplined or harassed for complying with Ontario's environmental legislation.

Under both statutes, employees who have had reprisals taken against them are authorized to file a complaint with the Ontario Labour Relations Board, which will first try to effect a settlement or, if unsuccessful, hold an inquiry into the complaint. If the Board finds the employee's complaint justified, it has broad powers to order rectification, reinstatement or compensation. Because Ontario's Environmental Protection Act prohibits an employer from taking reprisals against an employee for complying with the Act, an employer who contravenes this section could be prosecuted under s. 186 of the Act, which states that every person who contravenes the Act is guilty of an offence.

The Canadian Environmental Protection Act, R.S.C. 1985, c. C-15.3 ('CEPA') also contains a whistleblowing provision. It declares that no federal government employee shall be disciplined, dismissed or harassed for reporting on the release of certain toxic substances to a CEPA inspector. These provisions have been criticized for applying to only a limited number of violations under CEPA, for protecting only reports to a CEPA inspector, rather than the media or other officials, and for extending only to federal public servants, rather than all employees in the federal sphere (Environment Canada, CEPA Issue Elaboration Paper #10 -- Public Participation for Environmental Protection, 1994, pp. 119-20).

Ontario's Occupational Health and Safety Act, R.S.O. 1990, c. O.1 prohibits employers from taking reprisals against a worker because the worker has complied with the Act, sought its enforcement, or given evidence in a proceeding brought under the Act. Alleged contraventions are dealt with either by binding arbitration pursuant to a collective agreement, if one exists, or by filing a complaint with the Ontario Labour Relations Board. If a penalty for contravention is not established in the collective agreement, the Board can substitute such other penalty that to the Board seems "just and reasonable in all the circumstances".

The employment standards provisions in the Canada Labour Code, R.S.C. c. L-2, which apply to employers under federal jurisdiction, contain similar protections for employees who have testified, given information to an inspector, or sought enforcement of the Code. Employers who contravene these provisions are guilty of a summary conviction offence and liable to a fine of up to $15,000.

The Canadian Human Rights Act, R.S.C. 1985, c. H-6, prohibits any person from threatening, intimidating, or discriminating against an individual because that individual has made a complaint, given evidence, or assisted in the initiation or prosecution of a complaint under the Act.

(0) comments

Yahoo! News

A former technology company executive charged with hiring hackers to attack a competitor's Web site has joined the FBI (news - web sites)'s most-wanted list, the latest sign of the federal law enforcement agency's growing interest in cyber-crime.

[...] Others on the list include: a man charged with defrauding Internet auction sites out of nearly $1 million; another man charged with stealing at least $40,000 from 18 victims who thought they bought computers, televisions, musical instruments and other high-priced items at online auctions; and an ex-convict and aspiring screenwriter, who was indicted on charges of videotaping movies at private screenings in Los Angeles before they were publicly released.

[...] The list, which currently includes 16 suspects, is located at http://www.fbi.gov/mostwant/alert/alert.htm.

(0) comments

Industry Canada

The successful integration of e-business into the Canadian economy is dependent upon the level of trust and confidence businesses and consumers have in the digital environment.

To build this trust, the Federal Government aims to clarify marketplace rules through policies in the areas of privacy protection, online security and appropriate Internet content.

[clb: And so, today the government has made the following announement concerning PIPEDA and substantively similar provincial legislation.]

Date: 2004-11-03 OTTAWA, November 3, 2004 -- The Government of Canada today announced that organizations in Alberta and British Columbia that are subject to either province's private sector privacy laws are exempt from the Personal Information Protection and Electronic Documents Act (PIPEDA). This exemption applies to the collection, use and disclosure of personal information within either province. PIPEDA will continue to apply to the collection, use and disclosure of personal information related to the operations of a federal work, undertaking or business (e.g. banks, airlines, telecommunications companies) in both provinces, as well as to the cross-border collection, use and release of personal information. Both Alberta and British Columbia have privacy legislation that is considered substantially similar to PIPEDA. This helps ensure the existence of an effective national standard for privacy protection, which also meets accepted international norms. Clear, consistent rules for the protection of personal information increase consumer and business confidence in online commerce. PIPEDA came into full effect January 1, 2004. It applies to all personal information collected, used or disclosed by private sector organizations in the course of commercial activity. Its privacy provisions are based on the Canadian Standards Association's Model Code for the Protection of Personal Information (CAN/CSA-Q830-96). The Act's key provisions state: organizations are required to seek the consent of individuals prior to collecting, using or disclosing their personal information; organizations must protect personal information with security safeguards appropriate to the sensitivity of the information; and individuals may access personal information about themselves held by an organization and have it corrected, if necessary. For more information on PIPEDA, please visit http://www.strategis.ic.gc.ca/privacy. For more information on compliance, organizations should refer to the Office of the Privacy Commissioner's online guide at http://privcom.gc.ca/information/guide_e.asp. For more information, please contact: Media Relations Industry Canada (613) 943-2502

(0) comments

Information integrity strikes a chord

This past summer, while the Royal Bank was battling its IT demons, the company ultimately had only one concern - was the information stored on its servers trustworthy? As it turns out, customer account balance snafus notwithstanding, the bank did have faith in its data and the recovery which, though time consuming, was successful.

(0) comments

The Globe and Mail

The Ontario Securities Commission is preparing a proposal that would require chief executive officers to certify their companies' internal accounting controls, similar to controversial provisions introduced in 2002 under the U.S. Sarbanes-Oxley Act.

(0) comments