The CEO's Tech Toolbox

Here are some tech trends for the CEO to stay abreast of:

Mapping Strategic Direction

"Ritz-Carlton" Service

And A Key List for the CEO:

Uber-Personal Assistant

Next-Generation Collaboration

Podcasting

Seamless Wireless

TiVoToGo

Mesh Networks

Radio Frequency Identification (RFID)

Business Activity Monitoring (BAM) Software

Real-Time Identity Theft Notification

Prediction Markets

__posted by Carolyn L Burke @ 9:18 a.m.
subscribe to Integrity

(0) comments

TheStar.com

A former Supreme Court justice will help the federal government weigh the benefits of merging the offices of the information and privacy commissioners..

The Liberals have asked Gerard La Forest to assess the strengths and weaknesses of the current model, with each portfolio handled by a separate commissioner. He also will review practices in other jurisdictions.

Tory MP David Chatters said the government should not talk of a merger when Parliament has not been consulted

Back story from The Star

(0) comments

TechTarget

[...]

Strategies for compliance

• Identify systems containing personal information and enhance mechanisms to detect unauthorized conduct on networks. Because breach notification statutes are triggered when personal information is compromised, organizations should identify the systems on which such data is stored and enhance the means used, such as logging capabilities, to detect when a breach has occurred.
  
• Encrypt personal information. The majority of the state statutes only require notification if a breach compromises unencrypted personal information. Organizations that encrypt personal information will not only better protect consumers but also avoid onerous notification obligations.
  
• Amend incident response plan to require that key decision-makers are immediately alerted when breaches are detected. Because the statutes are likely triggered as soon as an intrusion has been detected by the IT department, organizations should ensure that incident response plans provide for timely reporting of incidents to those responsible for making notification decisions.
  
• Adopt a corporate incident response policy that provides for notification. As noted, the statutes are modeled on California's law and generally provide more flexibility when 'a person or business maintains its own notification procedures as part of an information security policy for the treatment of personal information.' Companies now have significant incentive to develop their own form of incident response plans.
  
• Ensure that third-party contracts involving the transfer of personal data include appropriate information security provisions. Breach notification laws provide no exception for when data within the possession of a third-party is compromised. Organizations should ensure that their contracts contain provisions requiring that vendors or subcontractors provide immediate notification of suspected breaches, and allowing the organization both to participate in the investigation of incidents and exercise control over decisions regarding external reporting.
  
  
  __posted by Carolyn L Burke @ 1:49 p.m.
  subscribe to Integrity
  (0) comments

Computerworld

Your company's CEO might be a pretender, and that may be a good thing, according to Robert Sutton, professor of management science and engineering at Stanford University.

CEOs are secretly aware of their own fallibility while also realizing that any sign of indecisiveness could be fatal to their careers

Sutton, the author of a 2001 study of corporate innovation, 'Weird Ideas that Work,' says that a close look at the evidence shows that CEOs probably deserve less credit for their company's fortunes than they receive and that the best of them manage a tough balancing act: secretly aware of their own fallibility while also realizing that any sign of indecisiveness could be fatal to their careers.

'In just about every study I've ever seen ... the amount of control a leader has over the company is exaggerated,' Sutton said during a keynote address at the AO05 Innovation Summit at Stanford yesterday. Although top executives of the largest companies are often considered uniquely powerful, their effectiveness actually dwindles as companies get larger, he said.

the CEO as a captain, steering the corporate ship, isn't so much a fallacy as it is a 'half truth,'

'If you look at these Fortune 500 companies where they get paid a fortune, they have the least impact,' Sutton said.

The notion of the CEO as a captain, steering the corporate ship, isn't so much a fallacy as it is a 'half truth,' according to Sutton, who has devoted a chapter to the topic in his upcoming book, Hard Facts, Dangerous Half Truths, and Total Nonsense.

In fact, leaders -- even great ones -- often have no clear idea where they are going, he said. And they make mistakes.

The best executives, like Intel Corp.'s former CEO Andy Grove, will admit that they face a dilemma in needing to appear decisive while at the same time being conscious of their limitations. 'You have to pretend,' Sutton said. 'It's sort of a dilemma, but if you want to accept a leadership job, you've got to accept the hypocrisy of it."

In a 2003 interview with the Harvard Business School, Grove acknowledged that no business leader has "a real understanding of where we are heading."

When you plant a seed in the ground, you don't dig it up every week to see how it works.

In the interview, Grove added that it is important not to be weighed down by the burden of making important decisions without a clear picture of things. "Try not to get too depressed in the journey, because there's a professional responsibility. If you are depressed, you can't motivate your staff," he said.

The interview illustrated that Grove was "getting even more honest" as his involvement in the day-to-day management of Intel lessened, Sutton said.

Sutton and co-author Jeffrey Pfeffer have tackled other "half truths" in their book, which is to be published next year. Their aim is to shine the light of empirical research on a number of widely held management beliefs, including the idea that leaders should always keep a close eye on their workers, Sutton said.

Sometimes the best managers are the ones who do the least, Sutton said, quoting an aphorism he attributed to 3M Co.'s retired senior vice president of research and development, Bill Coyne: "When you plant a seed in the ground, you don't dig it up every week to see how it works."

(0) comments

Chimera Consulting

7S Framework

It's all very well devising a strategy, but you have to be able to implement it if it's to do any good. The Seven S Framework first appeared in 'The Art Of Japanese Management' by Richard Pascale and Anthony Athos in 1981. They had been looking at how Japanese industry had been so successful, at around the same time that Tom Peters and Robert Waterman were exploring what made a company excellent. The Seven S model was born at a meeting of the four authors in 1978. It went on to appear in 'In Search of Excellence' by Peters and Waterman, and was taken up as a basic tool by the global management consultancy McKinsey: it's sometimes known as the McKinsey 7S model.

Managers, they said, need to take account of all seven of the factors to be sure of successful implementation of a strategy - large or small. They're all interdependent, so if you fail to pay proper attention to one of them, it can bring the others crashing down around you. Oh, and the relative importance of each factor will vary over time, and you can't always tell how that's changing. Like a lot of these models, there's a good dose of common sense in here, but the 7S Framework is useful way of checking that you've covered all the bases.

The 7S's

Strategy A set of actions that you start with and must maintain

Structure How people and tasks / work are organised

Systems All the processes and information flows that link the organisation together

Style How managers behave

Staff How you develop managers (current and future)

Superordinate Goals Longer-term vision, and all that values stuff, that shapes the destiny of the organisation

Skills Dominant attributes or capabilities that exist in the organisation

If you want more on the 7S model, read Richard Pascale's subsequent "Managing on the Edge" (1990).

__posted by Carolyn L Burke @ 8:19 a.m.
subscribe to Integrity

(0) comments

InformationWeek

The perception of CIOs is evolving from managers of back-office systems to executives with knowledge of business processes.

While very few CIOs sit on the boards of directors of the world's largest companies, 75% of global executives believe CIOs have a role to play on those boards, according to a new study released this week by executive search firm Korn/Ferry International.

The online survey of more than 2,000 executives, in a number of top-level positions from a variety of industries, found that 46% believe CIOs 'absolutely' have a role to play on a company's board of directors, and 29% say they 'somewhat' believe CIOs have a role to play on such boards. Only 3% say 'not at all' when asked whether they believe CIOs have a role to play on the board.

[...]

It's likely that more CIOs will be seriously considered for board membership as the perception of their role evolves from that of managers focused primarily on regulatory compliance, back-end operations like E-mail and document storage, and administration, to that of executives who understand business processes and the competitive environment and who provide companies with a competitive advantage, says Richard Spitz, global managing director of Korn/Ferry's Technology Market.

In the Korn/Ferry online survey,

96% of executives say they believe technology has improved efficiency at their companies.

34% of executives say they're "highly likely" to consider working for a technology company in their next job, and 33% say they're "likely" to.

51% of the executives say they thought technology spending in the current economy was beginning to improve, while twenty-eight percent think it appears to be relatively stable.

62% of the executives believe the technology industry is fully recovered from the dot-com recession "somewhat," 9% believe it "fully," 13% are "neutral" on the question, 14% don't believe it "much," and 2% don't believe it "at all.

__posted by Carolyn L Burke @ 7:35 a.m.
subscribe to Integrity

(0) comments

C Y B E R C R I M E

(0) comments

The Terasem Movement

"Geoethical" means widely agreed-upon principles for guiding the application of curative technologies that can have a general environmental (including people) impact, much like bioethical principles (autonomy, beneficence, nonfeasance, justice) guide the application of curative technologies that specifically impact one or more patients. Nanotechnology raises geoethical issues because the nanomedical treatment of individuals may have a wide socio-environmental impact.

GRAIN stands for Genomics, Robotics, Artificial Intelligence and Nanotechnology.

Terasem: Life faces three types of risks -- from disease, from society and from natural catastrophes. The Terasem Movement is based upon the belief that each of these risks can and should be substantially ameliorated. We believe that nanotechnology developed geoethically, cyberconsciousness developed with personhood, and an overriding commitment to diversity and unity are the tools needed to ameliorate the risks to life.

With regard to risks from disease, the Terasem Movement is premised upon the belief that nanomedicine is the key to eliminating human suffering and greatly extending human lifetimes. Nanomedicine is also the key to recovery from cryopreservation for individuals who die before their illnesses can be technologically cured.

The Terasem Movement believes that social causes of suffering and death, such as wars, pollution and anomie, arise due to inadequate attention paid to the overriding importance of diversity and unity. In addition, nanotechnology can create adequate clean wealth to remove many scarcity-based causes for conflict.

Natural catastrophes run the gamut from tsunamis to collisions with space objects. The Terasem Movement believes that our conscious life is precious and unique in the universe. Consequently, we believe it is essential to propagate our consciousness far beyond earth and that self-replicating nanotechnology is currently the only practical means of doing so.

(0) comments

McAfee

McAfee, Inc. released the McAfee® Virtual Criminology Report, which examines how a new class of criminals are using the Internet in new, systematic and professional ways to commit illegal acts. According to the findings, information theft is the most damaging category of Internet crime, while viruses have been the most costly for businesses.

The report, commissioned by McAfee, discusses how organized crime and cybercrime are developing, and looks at the future threat this activity could pose to home computers, government computer networks, and to computer systems in the business sector. The report reveals a hierarchy of cybercriminals, discussing the recent evolution of the amateur cyber delinquent to the professional cyber gang.

'As companies and consumers continue to move towards a networked and information economy, more opportunity exists for cybercriminals to take advantage of vulnerabilities on networks and computers,' said Chris Christiansen, program vice president, IDC. 'Understanding who these criminals are and how they attack provide great insight into implementing and practicing good security hygiene.'

Prior to 2000, cybercriminals acting alone committed the majority of cybercrimes, usually in an attempt to attain notoriety within the cyber world. However, in recent years, a shift has occurred as criminals and not just amateurs are committing cybercrimes. This is due in large part to the potentially huge financial gains that can be made from the Internet with relatively little risk. The report goes on to examine the different tactics and tools used by these cybercriminals, and future areas of attack.

Some of the report's most compelling highlights include:

The FBI estimates that cybercrime cost about $400 billion in 2004.

In an investigation, codenamed "Operation Firewall," U.S. and Canadian authorities announced the arrest of 28 people from six countries involved in a global organized cybercrime ring. They operated Websites to buy and sell credit card information and false identities. They bought and sold almost 1.7 million stolen credit card numbers. Of these stolen credit cards, financial institutions have estimated their losses to be $4.3 million.

The use of pseudonyms or online identities provides an anonymity that is attractive to criminals. Sources estimate that perhaps only 5% of cybercriminals are ever caught or convicted.

The full report is available AS A PDF at: McAfee® Virtual Criminology Report

__posted by Carolyn L Burke @ 8:09 a.m.
subscribe to Integrity

(0) comments

Computerworld

Based on a recent study conducted by Ponemon Institute, we can provide some insight on what customers' expectations are when they receive notification. Here are key issues companies should consider in order to maintain the trust and confidence of their customers or employees in the event of a data security breach.

Timeliness is important. Notify the victims as quickly as possible. A few days of delay can cause a significant drop in confidence in your organization.

Talk to your customers, employees and contractors. Individuals were much more likely to view communication as truthful when a company representative contacted them by telephone. Written communication was viewed with a higher degree of skepticism and concern.

Document the issue. Individuals want to know as much as possible about the incident. While companies may be unable to share all the details about a breach at the time of notification, it is important to provide enough information so that an individual can take appropriate action.

Don't sugarcoat the message. A spoonful of sugar won't make the bad news go down easily. People expect the notice to be truthful, clear and concise.

Provide support. People expect the organization to help them with problems created by the breach. Specifically, companies should have trained personnel to help if a data breach ultimately results in identity theft or other related crimes.

Show me the money. Consumers expect to receive financial compensation in the event that they experience monetary or productivity losses as a result of the company's breach.

Personalization creates trust. Make sure the notification has accurate information about how the breach may affect the customer. Above all, don't misspell a customer's name or have an incorrect address on a notification.

Adjust the message to fit the severity of the breach. Not all breaches are the same. Make sure your notification communicates the necessary actions that are relevant to the type of breach that occurs. Again, make sure individuals have help in resolving any problems created by the breach.

It is also important to notify all potential victims. Some companies have made the mistake of not informing customers in states without a notification law. The media, government agencies and lawmakers will not view such practices favorably.

For more information, please contact research@ponemon.org. Larry Ponemon is chairman of Ponemon Institute, a think tank dedicated to ethical information management practices and research. He is an adjunct professor of ethics and privacy at Carnegie Mellon University's CIO Institute and is a CyLab faculty member. Ponemon can be reached at larry@ponemon.org.

(0) comments

GRI News

In one of the most comprehensive national-level survey's of reporting practices ever published, the Certified General Accountants Association of Canada finds that 'reporting issuers, their boards, and senior management will be duty-bound to pay greater attention to the social and environmental issues and risks.'

It was revealed that 61% of large cap companies were aware of GRI, but that only 15.0% of micro cap companies and 22.2% of small companies had heard of GRI. Of the respondents that had heard of GRI, 77% were supportive of GRI. Only 8% said that they find the 2002 Guidelines too onerous, but 22% said they found the Guidelines 'too vague'. The authors stated that the most valuable aspects of the GRI Guidelines are the multi-stakeholder process that underpins their development, and the ability of reporters to use them incrementally.

Follow this link to download the full report.

(0) comments