SC Magazine
Lexus cars may be vulnerable to viruses that infect them via mobile phones. Landcruiser 100 models LX470 and LS430 have been discovered with infected operating systems that transfer within a range of 15 feet.

'If infected mobile devices are scary, just thinking about an infected onboard computer..,' said Eugene Kaspersky, head of anti-virus research at Russian firm Kaspersky. 'We do know that car manufacturers are integrating existing operating systems into their onboard computers (take the Fiat and Microsoft deal, for instance).'

[CLB] Viruses, worms, and yet unidentified forms of malware will follow where chips and software go. Here, into cars and their control systems. Mobile phones and soon digital cameras. Etc. And as the use of computing components expands, and with it, an expanding perimeter to monitor and secure, we will see malware follow. The perimeter will expand to include biotechnology, and its growing linkage to nanotech computation and our own DNA. We've barely scratched the surface in the security and privacy sectors designing protection systems. And we're in a race to do so. Today, it's your car. Tomorrow, it will be your heart. And soon thereafter, your thoughts.

(0) comments

Along with the joys and benefits of surfing the net, making online purchases, paying bills and sending e-mail to family and friends, come significant risks that home computer user should not ignore. Uncontrolled use of home and home-office computers by children, their friends or non-technical adults, can wreak extensive damage to the system, cause financial loss and reveal private information. The Information Security Survival Kit for Home Users, a free downloadable document released today by the IT Governance Institute (ITGI), provides checklists of simple precautions that can reduce the risks of using home computers.

(0) comments

Click for details about each prediction: Compliance Pipeline

1. Good governance is its own reward
   
2. Companies will invest in automation
   
3. SOX becomes the new ISO/the age of the compliance officer
   
4. Foreign companies get a temporary SOX reprieve - will this include Canada...
   
5. Auditors get more sophisticated at detecting risk
   

(0) comments

Computerworld

With technology now widely viewed as a key -- even, in some cases, the key -- to business success, you might expect that boards would be aggressively courting CIOs. But that's not the case. Last year, public relations firm Burson-Marsteller checked with more than 3,000 businesses, including the Fortune Global 500, to see how many had installed CIOs on their boards of directors. The answer: a depressing 5% (see QuickLink 45626).

Businesses that do have CIOs on their boards of directors tend to outperform their competitors, with profits averaging 6.4% above their industry averages, according to the study, which included senior IT executives such as vice presidents within the CIO category.

The argument for and against [summary]

• Board breakdown is a strong indication of a CEO's priorities
  
• But, 60% of CIO's report to the CFO or COO
  
• Governance priorities at the board level should include issues about technology
  
• Board membership tends to generates networking opportunities
  
• Most CIO's tend to speak in terms of technology and not business
  
• However, they tend to think across the organization, about all functions of a business
  
• So it's important for CIO's to assert themselves concerning business matters, and to do so in business terms

(0) comments

Compliance Pipeline

So, what's the worst that can happen when corporations fail to stay on top of their compliance game, whether intentional or otherwise? Just ask SunTrust Bank.

Last year, 'accounting irregularities' were investigated, people were fired and the bank had to restate its earnings upward for the first half of the year. The problems were blamed on inadequate control procedures, insufficient documentation, and a failure to detect errors in loan-loss calculations.

But last week it got worse. InformationWeek reports that the SEC has launched a probe into SunTrust and issued subpoenas seeking documents that might shed more light on the accounting procedures. Moreover, the bank said it will probably not be able to comply with section 404 of the Sarbanes-Oxley Act, which requires top execs to attest to the effectiveness of their internal controls. Duh!

With potential fines looming and perhaps more heads to roll, you might be saying to yourself, 'Hey, SOX has some sharp teeth.' But the worst might be yet to come.

Fines can seem like small potatoes compared to the impact such problems can have on a company's reputation. Optimize Magazine reports that new surveys conducted by PricewaterhouseCoopers show that corporate executives more frequently regard reputation risk as the greatest threat to a company's market value. In the Q&A consultant Carlo di Florio, we learn that while most companies are very concerned with reputation, they fail to make use of the available technology and focus more on the people and processes. The goal, he says, is to design a technology architecture that enables compliance, lets processes to work efficiently, delivers the information needed to make the right decision at the right time.

Technology also plays role in aiding the people and process side of compliance. Ethics training, risk assessment, red flag hotlines, and trend analysis can all be enhanced with technology.

With top brass now being held accountable for keeping their corporate noses clean, using technolgy may be the only way to make sure that the processes and policies are followed correctly. Sending out edicts won't cover their backsides.

(0) comments

University of Pennsylvania: Office of University Communications:

Researchers Define Who We Are When We Work Together and Evolutionary Origins of the “Wait and See” Approach

According to an evolutionary psychologist at the University of Pennsylvania, our success at cooperation results from three distinct personality types.

'In any given group of people, youl find three kinds of people: Cooperators, Free Riders, and what we call Reciprocators. Cooperators do the most work and Free Riders do as little as possible, but most of us are Reciprocators. We hold back a bit to determine the chances of success before devoting our full energy to a project,' said Robert Kurzban, an assistant professor in Penn's Department of Psychology. 'We found that these traits remained fairly stable among people, and you could reliably predict how a group might perform if you know the percentage of each type of person in that group.'

[...]"Our findings show that the vast majority of people, about 63 percent, are Reciprocators, and in any group you are likely to have a substantial number of Reciprocators," Kurzban said. "The simplest way to make use of a Reciprocator potential is to keep everyone apprised with information about the successful contributions of others within the group. This way you show them that there is something to gain from their efforts."

(0) comments

CBC

A major problem has been discovered in B.C. Hydro's new automated customer service line -- one that allows unlimited access customer account details.

Anyone can obtain the billing status of any B.C. Hydro customer, including recent payments and and account balances, by simply entering that customer's phone number.

(0) comments

DMNews.com

The European Union's committee of data privacy commissioners adopted a plan to create corporate privacy notices that are easy for consumers to understand and to compare with the notices of other companies, it was announced yesterday.

The approach calls for companies throughout Europe to use 'very short,' 'condensed' or 'complete' privacy notices in their literature. The ruling is not mandatory, but the goal is for all companies in Europe to use the same format. Consumers long have complained that privacy notices are too long and difficult to decipher.

(0) comments