Group items tagged

The dark figure of fraud drove the development of best practices at Memolink. I harnessed the fear of the unknown and used basic change management to gather support internally. I knew the approach would indefinitely change how we did business and alter our company's culture. Like many dot coms, my company has an entrepreneurial spirit, and like not-so-many dot coms, we have been in business for 15 years. The culture is well established and the work we do is exciting and fun. Would a company with an innovative and "don't-box-me-in" mentality openly receive a new set of standards and expectations? The implementation of the Best Practice approach required two important change management tactics: consistent messaging and constant and varied communication. It was not enough to tell associates that the proposed transition, which included separating processes that traditionally had been managed by a sales team, would benefit the company in the long term. The main component of the message had to be the "What's in it for me?" value proposition. At the time, the sales associates had nothing to gain, and, in fact, they would lose commission. For example, when my department rolled out the Best Practice approach to partner vetting, fewer partners would meet the standard and be accepted, which meant incremental commission loss for the sales team. Money matters create major stress and tension, so it was important that this conflict be addressed early in the implementation process. Management responded by restructuring commissions so that employee motivations were aligned with business goals. This move also made the adoption period for other processes and procedures shorter and less chaotic. In essence, align the money motivators and people will buy in more quickly. Associates were not reeling about their payment structure, but were they and other stakeholders, who were originally unaffected by the commission structure, truly behind the idea? In order to gain the

The sheer volume of amateur cellphone sex videos on the Internet's porn site - while certainly culturally edifying - illustrates the new truth about sex in the 21st century: don't let anyone record it, or everyone will be enjoying it. But sometimes, the all-seeing and voyeuristic eye of consumer video culture has a happy ending: a businessman who recorded himself having sex with a university student was recently cleared of the charges after the footage was shown in court. Before the footage was presented as evidence, the judge warned both the gallery and the jury: "You are going to see a clip which from what I have been told you may find extremely distasteful." Despite this warning, though, the defense failed to exhibit a scene from Dustin Diamond's sex tape, but instead a rather traditional recording of an enthusiastic coupling. After the tape had finished playing, the judge ruled in the favor of the defendant. "You and Mr Taylor were very familiar with each other and comfortable in each other's presence." There's the possibility, of course, that the judge made the wrong decision: there could have been drugs involved. But score one for the good guys. A lot is made, rightfully, of the eradication of privacy in the digital age, but when it can help a man avoid wrongful imprisonment and the total ruin of his life, there's a bright side. The moral? If you're actively swinging, pony up for a cell phone with a good camera. And PornHub commenters say, the more megapixels, the better.

Online fraud is a $4 billion dollar a year industry. It grows as the unemployment rate increases and the jobless attempt to earn a living through whatever means necessary. Meanwhile, the Internet's footprint on the global economy and culture becomes larger every day. The expansion of fraud and the identification of this risk will create more jobs in the fields of compliance, risk management, and best practices. Who will fill these positions? For many companies looking to take action, the initial move will be to consolidate roles. Individuals in areas such as sales and marketing will absorb fraud identification, reporting, and prevention responsibilities. This will prove to be ineffective for the following reasons: 1. The sales and marketing staffs are not trained to identify fraud and they cannot keep up with the ever-changing tactics. 2. Associates are conflicted when faced with a fraud incident. They are not motivated to report fraud and their compensation structure dissuades them from reporting incidents. 3. Business goals are not aligned appropriately, which naturally moved fraud last on the priority list for the associates assigned the additional responsibilities. 4. While the internal attempt is made, no time is spent on partner due diligence and monitoring. Organizations will benefit in the long term by hiring dedicated staff. This tactic is one component of my company's Best Practice approach to doing business. My dedicated team helped realign business goals and create a culture that now embraces a higher set of standards and expectations. Staffing and training were the largest challenges I have faced in the last year. The positions were new, the skill set was specific, and as a result we received a dichotomous set of resumes. Applicants with online marketing experience had little to no experience with fraud, or they came from companies where more unscrupulous methods were used, and I was not confident those habits would be easily kicked. The app

"Facebook tightens security as it deals with the continuing fallout over changes to its privacy settings." ...Earlier on May 13, Facebook had a meeting where employees asked executives questions about privacy. Facebook officials would not comment on exactly what was said. "We have an open culture and it should come as no surprise that we're providing a forum for employees to ask questions on a topic that has received a lot of outside interest," a spokesperson said.

Hey Zuck! Privacy & security are NOT the same thing. Misdirection is not the response FB users are seeking.

In an organization, it's human nature to resist change and to stick with the status quo that's often more comfortable and safe. Some of your teammates in your company may be devil's advocates who claim they want what's best for the business while they oppose initiatives for Innovation. As a leader and innovator-in-chief of your company, it is critical to drive the culture of Innovation throughout the organization even in the face of opposition.

There was no way I was ever going to convince my parents that Jimi Hendrix's music was good. More than anything, the youth culture was defined by its music. The chasm it created was called "the generation gap" a metaphor for the ideological differences that separated us. There is a new generation gap. It's not defined through music or politics or fashion, those ideas are shared much more among the generations than before. This time it's about privacy. My generation came of age thinking about "1984", the looming threat of "Big Brother" watching over all of us all of the time. It was the government or some group which would monitor all of our actions, know all our habits: who we associate with, what we watch, what buy. 1984 came and went. Nothing like "Big Brother" happened unless you count Apple computer's historic "Big Brother" commercial which ends with the slogan: "On January 24th, Apple Computer will introduce Macintosh. And you'll see why 1984 won't be like "1984". They were right - 2009 is. Personal details used to be considered private. We were careful about who knew what about us and certainly didn't post pictures of our friends, families and fantasies for all to see. Privacy does not seem to be valued anymore. Giving up one's privacy has become a rite of passage. It's what you leave at the portal when you sign up for any of the social networking sites on the internet. The sites are free - as long as you don't calculate the value of your identity, demographics, viewing and buying habits to advertisers. This isn't new, the Nielsen Ratings service has been assembling viewer information since the 1950s for television advertisers, but its methods were primitive in comparison to the two way constant information gathering that's done on the internet. In March 2009, Google initiated the use of "behavioral targeting", which uses information collected on someone's web-browsing behavior, such as the pages they have visited or the searches they have made, to selec

70 percent of UK risk managers have declared that making sure the employees in their organization are risk savvy is their biggest challenge in light of new pitfalls according to research conducted by Aon. "The risks companies are facing, such as increased company insolvencies, less access to credit and increased levels of fraud, need to be dealt with by employees throughout the organization rather than just at senior management levels," said the bulletin. According to the survey of UK businesses the key risk management challenges they face in 2009 are: -- Embedding ERM in the culture of the organization 70 percent -- Keeping 'risk registers' real and relevant 47 percent -- Making the link between ERM and strategic planning processes 34 percent -- Gaining senior executive sponsorship 19 percent -- Making business continuity plans relevant to line managers 13 percent -- Credit rating agency scrutiny of ERM 6 percent Alex Hindson, head of enterprise risk management at Aon Global Risk Consulting commented: "When the markets are literally crashing down around us and we don't know what is just around the corner it is extremely tempting to focus just on the problems of today, rather than look at the issues and factors that are going to help us survive tomorrow, but this short term view can often be counter-productive.

This tip is part of Mitigating Web 2.0 threats, a lesson in SearchSecurity.com's Data Protection Security School. Visit the lesson page or our Security School Course Catalog for additional learning resources. Social networking, a term relatively new to the computing vernacular, has already become part of the cultural norm for a great proportion of Internet users. Even more recently, the use of online communities to establish and build connections among those with shared interests has become part of the corporate world as well. As professional social networks such as LinkedIn and Blue Chip Expert continue to grow, and professional groups gain in popularity on once-personal sites like Facebook and MySpace, enterprise security and risk management professionals must face the reality that these sites are emerging conduits for the unauthorized disclosure of confidential corperate information. Add the use of public social networking tools to the list of concerns, and the effectiveness of the traditional corporate security perimeter is further diminished. However, a robust set of policy, process and architecture aids in mitigating the risks of being social. Broadly, social networking is described as software that lets people interact, rendezvous, connect, play or collaborate by use of a computer network. This definition covers the popular social networking sites, including those mentioned above, as well as blogs, wikis, RSS, podcasts, tags, and more recently, search engines. While there are numerous benefits to social network solutions, including reducing costs and increasing collaboration, we'll focus on addressing the risks.

There are plenty of rumors out in the cyberworld about the future of Twitter, a popular social networking site, and whether the company will be acquired or partner with another company. Some believe one of the suitors is Google Inc. Rumor has it, the two companies are considering collaborating on a Google real time search engine. To make it work, Google could pay cash, stock or a combination of both. Google wouldn't comment on these rumors. Nevertheless, it's an intriguing idea for a company created three years ago that has, to date, not made any money. Analysts think this would be a good marriage, according to MarketWatch. Gartner Inc. analyst Jeff Mann, for one, told the website it's a pretty good idea. "The culture and ambitions of Twitter and Google match." Not only that, there are lots of indications of growth. Twitter's content is now growing by 6 million tweets per day, and that's a win-win situation for Google, for sure.

Though Facebook has sometimes been criticized for sacrificing the privacy of its users in order to monetize the service, Chris Kelly, Facebook's chief privacy officer, has presided over the social network's efforts to build out the most sophisticated privacy options in the industry. On a granular level, Facebook users can now control what bits of information they share with each individual friend, group or network. Facebook users have taken notice. According to an annual study by the Ponemon Institute, a privacy research firm, Facebook ranks within the top 20 (15th) most trusted companies for privacy as rated by U.S. consumers. Kelly's job sometimes appears tricky, however. He must ensure that users feel they have control over their information, while weighing that need against Facebook's business model, which relies heavily on a culture of openness and sharing. Here is the full interview CIO conducted with Kelly during our reporting for a special feature on social networks and privacy. Kelly talked about what constitutes Facebook's overall view towards privacy, and how that affects its ability to serve up ads.

The theft in 2006 of an employee laptop that contained personal information on millions of veterans taught the Veterans Affairs Department some hard lessons. VA became "the poster child of data breaches," said Kathryn Maginnis, the department's associate deputy assistant secretary for risk management and incident response. As a result of that incident and several breaches that followed, the department developed a comprehensive incident response program and incident resolution team that evaluates all serious exposures of sensitive data. "We have a culture of report, report, report," Maginnis said at the recent FOSE conference in Washington. The incident response program received a perfect score last year in the VA inspector general's Federal Information Security Management Act audit, and Maginnis said she expects to get another perfect score this year. The department developed two in-house online tools to help track and evaluate incidents, said Amanda Graves Scott, director of the incident resolution team. The Formal Event Review and Evaluation Tool uses a 56-question questionnaire to determine the risk category of a data breach, and the VA Incident Response Tracking System automates a manual tracking process for information technology incident response.

Overview Privacy is a fundamental human right. It underpins human dignity and other values such as freedom of association and freedom of speech. It has become one of the most important human rights of the modern age.[1] Privacy is recognized around the world in diverse regions and cultures. It is protected in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and in many other international and regional human rights treaties. Nearly every country in the world includes a right of privacy in its constitution. At a minimum, these provisions include rights of inviolability of the home and secrecy of communications. Most recently written constitutions include specific rights to access and control one's personal information. In many of the countries where privacy is not explicitly recognized in the constitution, the courts have found that right in other provisions. In many countries, international agreements that recognize privacy rights such as the International Covenant on Civil and Political Rights or the European Convention on Human Rights have been adopted into law. Defining Privacy Of all the human rights in the international catalogue, privacy is perhaps the most difficult to define.[2] Definitions of privacy vary widely according to context and environment. In many countries, the concept has been fused with data protection, which interprets privacy in terms of management of personal information. Outside this rather strict context, privacy protection is frequently seen as a way of drawing the line at how far society can intrude into a person's affairs.[3] The lack of a single definition should not imply that the issue lacks importance. As one writer observed, "in one sense, all human rights are aspects of the right to privacy."[4]

Too many companies leave themselves vulnerable to employees' ignorance or purposeful flouting of the rules when it comes to information security, suggests a survey conducted by (ISC)2. Focused on the 'basics' of policy management, the survey revealed that organisations are becoming confident in their ability to comply with the policies and procedures set out to secure their organisations. Analysis of the results, however, reveal education efforts to be immature, with most concerns relating to accountability and company-wide understanding of what is required. The survey questioned 737 information security professionals last month about their organisation's efforts in policy and awareness management. A great majority, 80 percent, said their company's ability to comply with security policy was satisfactory, good or very good, leaving only 20 percent saying they were dissatisfied. However, this confident stance was tempered by concerns from nearly half of the respondents over a lack of training (48 percent) and poor employee understanding of policy (46 percent); a lack of defined accountability (42 percent); and an unsupportive company culture (48 percent). These obstacles to compliance with policy were cited by significantly more respondents than other issues of traditional concern, including a lack of budget, which only 22 percent were concerned about, and the ability to procure the latest technology, which concerned only 19 percent of respondents. "The challenges are shifting from the systems to the people," says John Colley, CISSP, managing director for EMEA (Europe, Middle East, Africa) for (ISC)2. "The relatively little concern expressed over budgets suggests security continues to be viewed as a business imperative, even in the current economic climate. Unfortunately, security requirements are not yet well understood, or worse flouted, often with management support, in order to get a job done. There is a colossal task ahead to ensure all emplo

Ignorant People are a big security risk.

It's been repeatedly said that one of the biggest issues our culture is facing right now, and will continue to face in the years to come, is defining and coming to terms with the legality behind privacy issues. As our lives become increasingly wired, connected and monitored privacy becomes an increasingly pressing concern, especially since technology changes much faster than laws can keep up with. While privacy issues are important for adults to be aware of right now, from access to medical records to who can see into our houses, it's probably even more important for the next generation to know what the issues are and how it does and will affect them in the future. Prying Eyes: Privacy in the Twenty-First Century by Betsy Kuhn is a book written for teens and older kids about privacy issues today in America. It looks at new and developing technologies from cameras to RFID chips, the significant laws and court cases throughout our history that have dealt with privacy issues, and how it affects each of us. Kuhn does an excellent job of keeping her subject relevant, but not too focused. Kuhn manages to show how all of these issues matter and affect us without being scary. She never turns technology, corporations or even the government into something frightening. When this is a topic that could easily have been made scary, it's nice that Kuhn managed to walk that line and make this serious without being something to obsess over.

You can't ignore the presence and usage of all the myriad forms of instant messaging, social networking and blogging. The millennial generation won't thrive in companies where Facebook is banned or texting is frowned upon. They think and work so differently from their baby boomer managers that generational clashes are inevitable. The Security Executive Council and CXO Media, producer of CSO Perspectives and CSO magazine, are partnering to probe attitudes toward collaborative technologies like IM and social networking. By participating you will receive a research report based on this survey. Definition of web 2.0 apps: The term "Web 2.0" describes the changing trends in the use of World Wide Web technology and web design that aim to enhance creativity, communications, secure information sharing, collaboration and functionality of the web. Web 2.0 concepts have led to the development and evolution of web culture communities and hosted services, such as social-networking sites, video sharing sites, wikis, blogs, and folksonomies. (Wikipedia)

"Bankers are playing with fire by increasing risk when taxpayer tolerance with financial bailouts has worn perilously thin, the International Monetary Fund warned. Managing director Dominique Strauss-Kahn reckons bankers may be in the throes of a "Mardi Gras" party of renewed speculation ahead of a looming regulatory crackdown. Yet the return of their old habits is dangerous. If a new financial crisis occurred in a few years" time, the public would be unwilling to support another round of massive bailouts, he told the Confederation of British Industry. Democracy itself could be threatened if banks went back to taxpayers with their caps in their hands. "In an atmosphere of increasing optimism, we see signs of old habits coming back. Risk-taking is on the rise," said Strauss-Kahn. "Right now, regulatory uncertainty is throwing up some perverse incentives. For example, it might be encouraging a risk-taking culture -- a Mardi Gras effect whereby financial institutions party now in expectation of lean times to come. "Clearly, this is dangerous, not least for emerging markets. And we may run out of time -- if we wait too long to implement these reforms, it might be too late." A second wave of rescues may simply not get through national legislatures, he added: "The political reaction would be very strong, putting some democracies at risk." IMF figures show the aftershocks of the 2008 crisis are far from over, with firms recognising only half of their losses worldwide. Yet despite the fragility of the financial sector, there is mounting evidence that traders are making hay before tougher regulatory standards come into force. Investment banking profits have soared this year, as firms make the most of ultra-low interest rates, money-printing operations and huge government bond issuance programmes. Strauss-Kahn argued countries need to act quickly to remove "regulatory uncertainty" -- ensuring bankers do not make the most of the current confusion over future standards

This post is one in a series on Privacy & Security, and covers some of the intersections of these domains for those who are not practitioners with in-depth understanding of the associated disciplines.
History Points to Privacy's Future
Today's post explores the history of privacy a bit mor

Social, Social, Social! It seems everyone is talking about the need to adopt some flavor of Social to propel business forward. Unless you live under a very large rock, you are aware of the popularity of individual social media services. Many well-meaning companies are rushing forward to transform th

"Social behavior is not a new concept - it simply implies living and working in a community instead of being isolated. What's new is the emergence of platforms to create a setting and values that are intrinsic to a community. Values such as: sharing of ideas and expertise in real-time, establish