This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml



Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

Culture Matters, 25.10.05


The Ethics Resource Center's recently released 2005 National Business Ethics Survey is welcome confirmation of the trends we have been seeing: if an organization wants to reduce the risk of unethical conduct, it must focus more effort on building the culture than on building a compliance infrastructure.

Based on interviews with over 3,000 employees and managers nationwide, the survey disclosed that despite the increase in the number of ethics and compliance program elements being implemented, desired outcomes, such as reduced levels of observed misconduct, have not changed since 1994. Even more striking is the revelation that while formal ethics and compliance programs have some impact, it is the organizational culture that has greater influence in determining program outcomes.

Only lagging companies still measure the success of their ethics and compliance programs only by tallying the percentage of employees that have certified reading the Code and attended ethics and compliance training. The true indicator of success is whether the company has made significant progress in achieving key program outcomes. The NBES listed several key outcomes that can be used to determine the success of a program:

  • Reduced misconduct observed by employees;
  • Reduction of pressure to engage in unethical conduct;
  • Increased willingness of employees to report misconduct;
  • Greater satisfaction with organizational response to reports of misconduct.

    What's going to move these outcomes in the right direction? Not the mere presence of codes of conduct, reporting systems, and compliance training.

    What the NBES uncovered is that only by influencing key elements of the culture will the organization see positive movement in program outcomes.

    [Read on for more on relating Ethics-Related Actions to your compliance programme.]

    (1) comments
  • Say good-bye to choice, 10.10.05

    Security Watch: CNET reviews:

    You know when an industry has matured; that's when companies begin purchasing one another at a rapid clip. This happened back in the 1980s when fledgling security supercompanies Symantec and McAfee went on a purchasing spree; and, it's happening again, only the players are slightly different. Within the last two years, Symantec purchased six security-related companies, Computer Associates bought six, Microsoft four, and McAfee and Trend Micro picked up two each. Some of the swallowed-up company names should be familiar: Groove, Qurb, PestPatrol, PowerQuest, and Tiny Personal Firewall. But here's the amazing thing: 11 of the 20 purchases occurred within 2005 alone. What does all this mean to you and me? Well, for one thing, less choice when it comes to security software. [..]

    Here's a chart of who's who in the security space today.
    (Alphabetical order)SymantecComputer AssociatesMicrosoftMcAfeeTrend Micro
    @Stake (security auditing)Bought in 2004    
    BrightMail (e-mail)Bought in 2004    
    BindView (security)Bought in 2005    
    Concord Communications (wireless, VoIP) Bought in 2005   
    Foundstone (security auditing)   Bought in 2004 
    FrontBridge (network security)  Bought in 2005  
    Giant Software (antispyware)  Bought in 2004  
    GeCAD (antivirus)  Bought in 2003  
    Groove (P2P)  Bought in 2005  
    Intermute (antispyware)    Bought in 2005
    Kelkea (IP filtering)    Bought in 2005
    Netegrity (security) Bought in 2004   
    PestPatrol (antispyware) Bought 2004   
    PowerQuest (drive utilities)Bought in 2003    
    Qurb (antispam) Bought in 2005   
    Sybari (antivirus, antispam)  Bought in 2005  
    Sygate (firewall)Bought in 2005    
    Tiny Personal FireWall (firewall) Bought 2005   
    Veritas (backup)Bought in 2004    
    Wireless Security Group (wireless)   Bought in 2005 
    TotalsBought 6Bought 6Bought 4Bought 2Bought 2


    (0) comments

    Improvisation and Technology - A Discussion, 3.10.05

    Applied Improvisation Network

    Hi Tech and Improv

    At the recent AIN conference, I convened an Open Space session to explore how hi tech 'things' and improv 'things' could enhance each other. Scribed and blogged here are some of the results and resource links.

    (0) comments

    Security vendors ready CVSS vulnerability scoring system ,

    Computer Business Review

    The proposed new scoring system for IT security vulnerabilities known as CVSS has reached a stage that several vendors are planning ways of promoting enterprise adoption of the Common Vulnerability Scoring System. [Guide (ppt pdf)]

    CVSS has said to have been tested by about 30 companies since February, and now Assuria, CERT/CC, Cisco Systems, IBM, Internet Security Systems, JPCERT/CC, netForensics, Pentest, Qualys, Sintelli, Skybox Security and Unisys have all agreed to test the system and look into applicable usage.

    The CVSS system promises to transform the way in which network threats are evaluated and dealt with, in the way that the common rating system it provides should make for a framework against which enterprises can start to prioritize their patch routines and better manage risk, Ed Cooper, VP of marketing for Skybox the vendor of security risk management software said.

    He explained that the system uses a scale of 1 to 10 to rate the severity of vulnerabilities. It also lets organizations input site specific information that will provide them with a risk score which is customized to their operating environment.

    Different systems for scoring vulnerabilities are in use today, and these systems use different metrics. CVSS weighs various criteria in a formula that includes measures of the impact of a vulnerability on system availability, data confidentiality and integrity, as well as the potential for collateral damage.

    [T]the group is working together to build on the first-generation framework that has already been developed, in order to come up with a system that is usable and accepted across the industry.

    CVSS has three components and includes a baseline vulnerability severity, which is then adjusted with temporal and environmental modifiers, so that any given bug has a different score depending on the time and the enterprise's own network. As such, it provides a scoring mechanism that rates how secure a network is and stands as a basis for comparison against comparable peer network.

    The new rating system is being backed by the Forum of Incident Response and Security Teams, and the body will encourage IT executives to start testing the index as one way to address the issues caused by the numerous incompatible scoring systems currently in place.

    (0) comments



    Integrity Incorporated

    Site Feed

     Feedblitz email:

     RSS: http://linkingintegrity.blogspot.com/atom.xml


    "We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
    Compromise need not mean cowardice. .."

    John Fitzgerald Kennedy, "Profiles in Courage"


    07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08