Upload
sabrina-mccormick
View
223
Download
0
Embed Size (px)
Citation preview
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
Toronto Talks IntegrityFebruary 15 2005
Integrity in Business
Carolyn L Burke, MA, CISSP, CISM
CEO, Integrity Incorporated
Copyright 2005 Integrity Incorporated
Lexus cars may be vulnerable to viruses
that infect them via mobile phones.
Landcruiser models LX470 and LS430 have been discovered with
infected operating systems that transfer within a range of 15 feet.
Typical Scary Story
Copyright 2005 Integrity Incorporated
• There isn't a virus on the loose. YET.
• New urban legend. But it got me thinking.
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
How do we prevent this scenario from occurring?
Back up a step...
Copyright 2005 Integrity Incorporated
• John reminded me to send in this talk a few weeks ago.
• I was hesitating... And I suddenly figured it out.
Copyright 2005 Integrity Incorporated
Toronto Talks
• 4 years ago, I spoke here on peer-to-peer networks, before most folks knew what these were.
Copyright 2005 Integrity Incorporated
Peer-to-peer
• Now, MP3's, Kazaa, Napster are house-hold names.
• File sharing runs rampant!!
• Emerging need for new forms of security.
Copyright 2005 Integrity Incorporated
Security
• Worms and viruses travel over P2P networks, over instant messenger clients, over mobile phones.
“Could you wait just a little before you infect my computer? I need to get this done.”
Copyright 2005 Integrity Incorporated
More to secure
• Bluetooth-enabled devices potentially subject to ‘bluejacking’
• Proof of concept virus on the loose
Copyright 2005 Integrity Incorporated
Your car
• The Lexus is bluetooth enabled!
• What could bluetooth control in the car?
• What can the car connect to?
• What can connect to it?
Copyright 2005 Integrity Incorporated
remote steering
connectivity
danger !
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
What’s the problem?
Copyright 2005 Integrity Incorporated
Ubiquitous computing.Ubiquitous malware.
• Viruses, worms, and yet unidentified forms of malware will follow. – Into cars and their control systems.
– Into mobile phones and digital cameras.
– Into sunglasses and satellites.
– Into pacemakers and nuclear controls.
Copyright 2005 Integrity Incorporated
“Defend the Perimeter?”
Copyright 2005 Integrity Incorporated
But where is the perimeter?
• The perimeter will expand into– biotechnology computation
– nanotech computation
– DNA assembling curcuits
• We've barely scratched the surface in the security and privacy sectors designing protection systems. And we're in a race to do so.
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
Security is
•A never ending race.
•Today, it's your car.
•Tomorrow, it will be your heart.
•And soon perhaps, your thoughts.
Copyright 2005 Integrity Incorporated
The pattern
• computer scientists– hardware and software
• psychologists– wetware
• geneticists – dna
Copyright 2005 Integrity Incorporated
Control
• Contain and control information and its practical applications.
• Areas are merging at the nano level AND macro level.
Copyright 2005 Integrity Incorporated
Stepping back
• Need a broader look at the issues
• Computer security is more than just 'securing the perimeter' - i.e. locking your doors and arming the alarm.
• We need embedded, decentralized security too. Ubiquitous security.
Copyright 2005 Integrity Incorporated
It's about INTEGRITY
• in the stuff we build or buy
• in the way we use that stuff and maintain it
• in the people around us
• in the organizations around us
• in our communications and the systems used for them
Copyright 2005 Integrity Incorporated
• integrity in our hearts ...
• In the knowledge that our biological self will function according to the spec.
• In the knowledge that our personal and professional values will and can be retained.
Copyright 2005 Integrity Incorporated
Integrity
• INTEGRITY is not just good security.
• It's the act of balancing our own principles with worldly situations that arise.
Copyright 2005 Integrity Incorporated
Integrity
• Integrity isn't an inflexible set of beliefs.
• It's the wisdom and courage to act in the world while fostering our heartfelt principles.
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
So how do we behave with integrity in business?
Copyright 2005 Integrity Incorporated
Stepping further back
• Let's look at leadership. – Charismatic leader
– Procedural leader– Administrative leader
Copyright 2005 Integrity Incorporated
CHARISMA
• Start-up CEO's – often high charisma charmers
– they solve problems and lead people through character
– the company is a monarchy.
The cult of the charismatic leader.
Copyright 2005 Integrity Incorporated
PROCEDURES
• A mature company is driven by leaders who – Teach and foster the management teams.
– Leave senior people autonomy to run their divisions accountably.
– Roles, responsibility delineated in advance.
The CEO remains an authority figure, but is approachable, reasonable, and influenced by good input.
Copyright 2005 Integrity Incorporated
ADMINISTRATION
– Standardization
– Auditing
– Control functions
– ISO certifications
– Best practices
– Everyone knows their roles.
– Procedures are clear.
The CEO is a darn good administrator of an effective system.
Look farther down the curve though. These companies run like successful, well-oiled machines. How? Through
Copyright 2005 Integrity Incorporated
So leadership plays a role
• In each model, the CEO is essential.
• But in a well-oiled machine, communication is not only top-down.
• Creativity has room in every role.
• And behaviour is governed and predictable.
Copyright 2005 Integrity Incorporated
CEOs
• And yes, over the last 20 years, we've seen this get out of balance.
• Celebrity CEOs dominate the news. Martha Stewart. Carly Fiorina. Conrad Black. The Enron group.
• They are not however always at the helm of success for their companies.
Copyright 2005 Integrity Incorporated
CEO Success
• Success comes in reliably satisfying your market. And celebrities are not generally known for their reliability.
• Standardization is.
• So as remarkable as it may seem, you need to be this wonderful combination of visionary administrator. And so does the your company.
Copyright 2005 Integrity Incorporated
CEO Integrity
• The visionary administrator needs some tools…
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
So how do we behave with integrity in leadership?
Hint: ethics and policy.
Copyright 2005 Integrity Incorporated
Consider
• The law, legislation, regulation, industry standards, best practices
• Potential problems with each technology we invent and implement
• Ethical ramifications
Copyright 2005 Integrity Incorporated
And consider
• Societal ramifications and the effects on our shared future
• How to institutionalize the best of breed practices that result
• And of course, the profitability of our decisions for our business ventures
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
And get practical
build integrity into all aspects of your business.
Copyright 2005 Integrity Incorporated
Bluetooth-enabled glasses (Oakley, Motorola)
Copyright 2005 Integrity Incorporated
How - Business Documents
• Clear vision and mission statements which state your principles / values
• Clear business plan which incorporates your principles and values
Copyright 2005 Integrity Incorporated
How - Policies, guidelines, procedures
• Security
• Privacy
• R&D
• Ethics
• HR
• CSR
• Sustainability
• Standards adoption
Copyright 2005 Integrity Incorporated
How - Compliance systems
• Audits
• Compliance technology: monitor and log, secure, retain, report, analyze
• Feedback systems to add checks and balances
• Quality assurance
Copyright 2005 Integrity Incorporated
What could Lexis do differently?
• In-car firewalls isolate hardware from firmware and software systems
• Plan ahead about problems integration will bring
• Best practices in security and ethics
• and…
Copyright 2005 Integrity Incorporated
• Advance policies and R&D strategies to forge ahead while keeping the risks at bay
• Monitor and plan for new risks that arise from new technologies
• Do all these continuously
Copyright 2005 Integrity Incorporated
Continuous process
• The problem is ongoing: – “Security is a process.”
• So is ethics. So is having integrity.
• 90% of an effective solution is using governance and compliance systems to monitor and improve existing solutions.
Copyright 2005 Integrity Incorporated
What can I do differently?
• And this isn't about Lexus which is a new urban myth
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
Each of us in our business day relies on the policies and practices of our organizations
to guide us.
Are they good enough?
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
Our companies have mission and vision statements.
Do these encompass a forward looking, proactive, AND safe view of progress?
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
We each face ethical challenges regularly.
Are the people around us trained to effectively handle
ethical challenges?
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
We are business leaders.
Are you a visionary administrator or a cult
figure?
Copyright 2005 Integrity Incorporated
I mentioned satellites…
• Are communications satellites safe-guarded from viruses or hackers?
• [IBM Security Survey 2005]
Copyright 2005 Integrity Incorporated
Where else are computer components embedded?
• I want every company to:– comply to a code of ethics and the laws
– use standards
– follow industry best practices
– audit their processes
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
So what are you doing to safeguard your
customers?How do you plan to embed
protection systems into your products / services?
Copyright 2005 Integrity Incorporated
Integrity
• The use of values or principles to guide action in the situation at hand.
• Know your leadership values & principles.
• Situations will present themselves.
• What kind of leader are you?
Copyright 2005 Integrity Incorporated
Exercise in Integrity
• Clearly state your personal values and principles. Highlight them in:– your company mission and vision – your business plan– your policies, procedures, and practices– your leadership style
Do they align?
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
Q & A
www.integrityincorporated.com
Copyright 2005 Integrity Incorporated
Your car key
• Matthew Green starts his 2005 Ford Escape with a duplicate key he had made at the corner store.
Copyright 2005 Integrity Incorporated
Key cracking
• This Johns Hopkins University team recently cracked the security behind “immobilizer” systems
• Used in millions of Fords, Toyotas and Nissans.
Copyright 2005 Integrity Incorporated
How to steal a car
• Extract data from the key by standing near the owner
• An hour of computing
• A few minutes to break in, feed the key code to the car, and hot-wire it.
Copyright 2005 Integrity Incorporated
Ubiquitous. Embedded.
• Embedded computing is supposed to augment a car’s protection.
• Tool kits which duplicate key cracking will become available to download.
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
Is your car safe to drive?
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
Is the car still in the driveway!
Copyright 2005 Integrity Incorporated
Resourceshttp://linkingINTEGRITY.blogspot.comP2P overview
… /2005/02/guide-to-peer-to-peer.html
Bluetooth glasses … /2005/02/motorola-and-oakley-introduce-first.html
DNA circuit assembly… /2005/02/dna-assembled-computer-circuits.html
Bill Gates on Interoperability http://go.microsoft.com/?linkid=2153987
Integrity Incorporated http://www.integrityincorporated.com/subscribe.aspx
Copyright 2004 Integrity IncorporatedCopyright 2005 Integrity Incorporated
Toronto Talks IntegrityFebruary 15 2005
Carolyn L Burke, MA, CISSP, CISM
CEO, Integrity Incorporated