Culture

Not the bad news you thought you were reporting …

“The 2012 Norton Cybercrime Report, released Wednesday, says more than 46 per cent of Canadians have reported attempts by hackers to try to obtain personal data over the past 12 months,” according to the Vancouver Sun.

Well, since I see phishing every single day, and malware a few times times per week, what this survey is *really* saying is that 54% of Canadians don’t know what phishing and malware looks like.

(And you others don’t need to gloat: apparently the same figure holds globally …)

Kinda depressing …

Hiring droids – “Would like like coffee breaks with that?”

What is true of teachers is also true for recruiters.

I am old enough to have gone through group interviews, hostile interviews, video interviews, multi-part phone interviews, questionnaire interviews, weird question interviews, “waht do you want to be when you grow up” interviews, and all the other “latest and greatest” ideas that swept through HR-land at one time or another.  I understand the intents of the various processes, and what they will and won’t tell you.  (When I do recruiting myself, I use the “prepared” interview model–know what it is you want, and how to find out if the candidate has it.)

So, apparently the next big thing in recruiting is to use technology.  Use robots.  (Well, actually just avatars and virtual game worlds.)  Use computerized questionnaires.  (They work just as well, and as badly, as paper ones.)  Use video.  (Wait.  We did that already.  Oh, I see, use videotape.)

It doesn’t take too long to see what the intent is here.  To save time and money.

And, doing it cheaper will work out just as well as doing it cheaper always has.

“There is hardly anything in the world that some man cannot make a little worse and sell a little cheaper, and the people who consider price only are this man’s lawful prey.        – John Ruskin

REVIEW: “Managing the Human Factor in Information Security”, David Lacey

BKMHFIIS.RVW   20120216

“Managing the Human Factor in Information Security”, David Lacey, 2009, 978-0-470-72199-5, U$50.00/C$55.00/UK#29.99
%A   David Lacey
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2009
%G   978-0-470-72199-5 0-470-72199-5
%I   John Wiley & Sons, Inc.
%O   U$50.00/C$55.00/UK#29.99 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0470721995/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0470721995/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0470721995/robsladesin03-20
%O   Audience n- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   374 p.
%T   “Managing the Human Factor in Information Security”

The preface states that the intent of the book is to identify and explain the range of human, organizational, and social challenges when trying to manage security in the current information and communications environment.  It is hoped this material will help manage incidents, risks, and design, and assist with promoting security systems to employees and management.  A subsidiary aim is to leverage the use of social networking.

Some aspects of security are mentioned among the indiscriminate stories in chapter one.  Chapter two has more tales, with emphasis on risks, and different people you encounter.  Generic incident response and business continuity material is in chapter three.  When you know the risk management literature, you can see where the arguments in chapter four come from.  (Yes, Donn, we know quantitative risk analysis is impossible.)  The trouble is, Lacey makes all of them, and therefore comes to no conclusion.  Chapter five has some points to make about different types of people, and dealing with them.  Unfortunately, it’s hard to extract the useful bits from the larding of stories and verbiage.  (Given the haphazard nature of the content, making practical application would be even more difficult.)  Aspects of corporate culture are discussed, in an unstructured fashion, in chapter six.  Chapter seven notes a number of factors that have appeared in successful security awareness programs, but doesn’t fulfill the promise of helping the reader design them.  Chapter eight is about changing organizational attitudes, so it’s an (equally random) extension of chapter six.  It also adds some more items on training programs.  Chapter nine is about building business cases.  Generic advice on creating systems is provided in chapter ten.  Some even broader advice on management is in chapter eleven.  A collection of some points from throughout the book forms a “conclusion.”

There are good points in the book.  There are points that would be good in one situation, and bad in another.  There is little structure in the work to help you find useful material.  There are stories about people, but not a survey of human factors.  Lacey uses lots of aphorisms throughout the text.  I am reminded of the proverb that if you can tell good advice from bad advice, you don’t need any advice.

copyright, Robert M. Slade   2012     BKMHFIIS.RVW   20120216

More terror from Canada

Kalamazoo cop, on vacation, with his wife, visits Nose Hill Park in Calgary.  He feels threatened that two complete strangers feel free to try and strike up a conversation.

Writes a letter to the Calgary Herald saying how threatened he feels since he wasn’t allowed to bring his gun.

It was later confirmed that these threatening strangers were handing out free passes to the Stampede.

More details can be found in at least 13 news stories by searching the Web.

Ignorance as a human (business?) right?

Rogers Communications Inc. is a company providing cable, cellular, and other services in Canada.

Rogers has a discount brand, Chatr, which they advertise as being “more reliable and less prone to dropped calls.”  Canada’s Competition Bureau, after what it called “an extensive review of technical data,” found no discernible difference in dropped-call rates between Rogers/Chatr and new entrants.

Apparently, Rogers will argue that the court should strike down a section in Canada’s Competition Act that requires companies to undergo “adequate and proper” tests of a product’s performance before making advertising claims about it.  In other words, Rogers is saying that forcing the company to find out if claims are true is unfair, because that means they can’t lie with a straight face.

Q: What is the difference between a computer salesman and a used-car salesman?

A: The used-car salesman knows when he’s lying to you …

Cloudy with a chance of hacking

Following closely upon the article/confession about cloud linked accounts and devices, and the ease of hacking them (with some interesting points about authentication systems):

I noticed, this morning, that the number of phishing messages, and specifically email account phishing, had, after a couple of relatively low months, suddenly jumped again.

Excessive convenience almost always = insecurity.  I have not linked any of my socmed accounts.  Facebook doesn’t have my Twitter account password, etc.  This is somewhat inconvenient, since I have to sign on to the different accounts in order to post things.  However, it does mean that, in the case of this type of story, I can just use it as an example and move on, rather than spending time changing the passwords on all my accounts.

REVIEW: “Young People, Ethics, and the New Digital Media”

BKYPENDM.RVW   20120125

“Young People, Ethics, and the New Digital Media: A Synthesis from the
GoodPlay Project”, Carrie James et al, 2009, 978-0-262-51363-0
%A   Carrie James
%A   Katie Davis
%A   Andrea Flores
%A   John M. Francis
%A   Lindsay Pettingill
%A   Margaret Rundle
%A   Howard Gardner
%C   55 Hayward Street, Cambridge, MA   02142-1399
%D   2009
%G   978-0-262-51363-0 0-262-51363-3
%I   MIT Press
%O   +1-800-356-0343 fax: +1-617-625-6660 www-mitpress.mit.edu
%O  http://www.amazon.com/exec/obidos/ASIN/0262513633/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/0262513633/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0262513633/robsladesin03-20
%O   Audience n Tech 1 Writing 1 (see revfaq.htm for explanation)
%P
%T   “Young People, Ethics, and the New Digital Media”

It is not until more than a tenth of this book has passed before the authors admit that this is, in essence, only a proposal for a study which they hope will be carried out in future.  No actual research or interviews have been conducted, so there aren’t really any results to be reported.  The authors hypothesize that five factors are involved in “media-identity”: “privacy, ownership and authorship, credibility, and participation.”  (Yes, I agree that it looks like four factors, expressed that way.  But the authors repeatedly express it in exactly that way, and insist that it makes five.)

The authors note that social networking (or social media, or new digital media) is a frontier, and thus lacks comprehensive and well-enforced rules and regulations.  Social media permits and encourages “participatory cultures,” with relatively low barriers to artistic expression and “civic” engagement, strong support for creating and sharing creations, and some type of informal mentorship whereby what is  known by the most experienced is passed along to novices.  The goals of the project are to investigate the ethical values and structures of new media and to create entities to promote ethical thinking and conduct.

The project is also to focus on “play,” with a fairly broad definition of that term, including gaming, instant messaging, social networking, participation in fan fiction groups, blogging, and content creation including video sharing.  Some of these activities may lead to employment, but are undertaken without support, rewards, and constraints of adult supervisors, and without explicit standards of conduct and quality.  “Good play” is defined as online conduct that is both meaningful and engaging to the participant and responsible to others in the community in which it is carried out.

A number of questions are raised in this book, but few are answered in any way at all.  While there is some review of existing work in related areas, it is hardly comprehensive, convincing, or useful.  It is difficult to say what the intent of publishing this book was.

copyright, Robert M. Slade   2012     BKYPENDM.RVW   20120125

Censorship with a broad brush

Just in case you have been hiding under a (Higgs or non-Higgs) rock for the past few weeks, TomKat is breaking up [1].  Tom Cruise is a highly visible Scientologist.  Many people have been commenting on possible Scientology aspects of the breakup.  Scientology seems to break out in a rash whenever anyone mentions the cult.

So, someone has provided a simple means for Scientologists to try and ensure that any mention of Scientology, or the event, or anything, is removed.

The main thrust of the instruction is that everybody will have a “code of conduct” on their Website, and every code of conduct will ban anything that “defames, degrades… an individual or group,” or something similar.  So, you just blanket object to everything on that basis.

I think it should work pretty well.  I’d say that, following Lord Northcliffe’s dictum that “News is what somebody, somewhere wants to suppress.  All the rest is advertising,” any interesting posting could be seen, by someone, as defaming or degrading some individual or group …

Of course, there are many other forms of censorship.  Here in Canada, the government is using funding cuts, threats of funding cuts, and even direct diplomatic office intervention, in order to to block theatrical performances it doesn’t like.