Expensive Repeat

Quote

Posted on March 16, 2022 by Adora Myers

This short-term response to long-term desires is alive and well in the corporate world also. A management consultant friend of mine was hired by a billion-dollar company to help it fulfill its goals and aspirations. The problem was, she explained, no matter the issue, the company’s managers were always drawn to the quicker, cheaper option over the better long-term solution. Just like the habitual dieter, “they never have the time or money to do it right the first time,” she said of her client, “but they always have the time and money to do it again.”
-Start with Why: How Great Leaders Inspire Everyone to Take Action, Simon Sinek

Decisions and Design

Quote

Posted on February 16, 2022 by Adora Myers

There is a wonderful story of a group of American car executives who went to Japan to see a Japanese assembly line. At the end of the line, the doors were put on the hinges, the same as in America. But something was missing. In the United States, a line worker would take a rubber mallet and tap the edges of the door to ensure that it fit perfectly. In Japan, that job didn’t seem to exist. Confused, the American auto executives asked at what point they made sure the door fit perfectly. Their Japanese guide looked at them and smiled sheepishly. “We make sure it fits when we design it.” In the Japanese auto plant, they didn’t examine the problem and accumulate data to figure out the best solution—they engineered the outcome they wanted from the beginning.
Every instruction we give, every course of action we set, every result we desire, starts with the same thing: a decision. There are those who decide to manipulate the door to fit to achieve the desired result and there are those who start from somewhere very different. Though both courses of action may yield similar short-term results, it is what we can’t see that makes long-term success more predictable for only one. The one that understood why the doors need to fit by design and not by default.
-Start with Why: How Great Leaders Inspire Everyone to Take Action, Simon Sinek

Deeply Personal Actions

Quote

Posted on January 19, 2022 by Adora Myers

For those who are inspired, the motivation to act is deeply personal. They are less likely to be swayed by incentives. Those who are inspired are willing to pay a premium or endure inconvenience, even personal suffering. Those who are able to inspire will create a following of people—supporters, voters, customers, workers—who act for the good of the whole not because they have to, but because they want to.
-Start with Why: How Great Leaders Inspire Everyone to Take Action, Simon Sinek

Bragging Rights: GDPR Training

Posted on July 9, 2018 by Adora Myers

I’ve successfully completed the Understanding the GDPR MOOC offered by the University of Groningen’s Security, Technology and e-Privacy (STeP) Research Group on FutureLearn.

Observations:

It’s a four week course but I completed a good amount of on-the-job research prior to taking the course and, therefore, managed to complete the entire thing in about a week.
The topics covered are both comprehensive and realistic. It doesn’t get bogged down in the details and does an excellent job of covering the issues companies need to know in order to begin a gap analysis and ensure compliance.
The General Data Protection Regulation (GDPR) is still very new and many of the questions professionals, researchers, companies, corporations and governments have are not possible to answer. The reason for the lack of answers is simply this: when the issue is taken to court, the courts will hold a full investigation and trial. The results of that legal process will stand as Independence for suture decisions. There is very little in the way of legal precedence currently established, so the academic and professional focus is on the ‘spirit of the requirements’ and the ‘primary objectives behind the establishment of the law.’
The course has a series of quizzes that must be passed at 75% or higher (total cumulative score) in order to receive a certificate. There’s only one opportunity to take each quiz – they cannot be redone. It’s possible to open up the videos, articles and lecture notes while taking the quiz and there is no time limit – so it is (in essence) open book. It is not possible to search everything and auto-find the answers. So, be sure to do your readings, watch all the videos and pay attention to the notes provided during the practice quizes!
Successful completion of the full (paid) version results in a certificate that can be used for continuing education credits (this is useful if you hold a professional certification in a related area!).

The MOOC is well worth the time and effort. I highly recommend it to anyone involved in GDPR compliance or information security.

GDPR: Facebook data privacy scandal

Posted on July 2, 2018 by Adora Myers

Like any organization providing services to users in European Union countries, Facebook is bound by the EU General Data Protection Regulation (GDPR). Due to the scrutiny Facebook is already facing regarding the Cambridge Analytica scandal, as well as the general nature of the social media giant’s product being personal information, its strategy for GDPR compliance is similarly receiving a great deal of focus from users and other companies looking for a model of compliance…Facebook members outside the US and Canada have heretofore been governed by the company’s terms of service in Ireland. This has reportedly been changed prior to the start of GDPR enforcement, as this would seemingly make Facebook liable for damages for users internationally, due to Ireland’s status as an EU member.

“Shadow profiles” are stores of information that Facebook has obtained about other people—who are not necessarily Facebook users. The existence of “shadow profiles” was discovered as a result of a bug in 2013. When a user downloaded their Facebook history, that user would obtain not just his or her address book, but also the email addresses and phone numbers of their friends that other people had stored in their address books…Because of the way that Facebook synthesizes data in order to attribute collected data to existing profiles, data of people who do not have Facebook accounts congeals into dossiers, which are popularly called a “shadow profile.” It is unclear what other sources of input are added to said “shadow profiles,” a term that Facebook does not use, according to Zuckerberg in his Senate testimony.

–Facebook data privacy scandal: A cheat sheet, Tech Republic, By James Sanders and Dan Patterson, June 14, 2018

Information Security Resources: Federal USA

Posted on January 8, 2018 by Adora Myers

United States of America Federal Regulations and recommendations affecting Information Security, cyber security, data security and privacy.

ADA: Americans with Disabilities Act (ADA) of 1990: https://www.ada.gov/pubs/adastatute08.htm
CJIS: Criminal Justice Information Services (CJIS) Security Policy: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center
DMCA: Digital Millennium Copyright Act (DMCS) of 1998 (The DMCA allows internet service providers to shield themselves from liability for copyright infringement due to infringing activity by users of the service provider’s networks.): https://www.copyright.gov/legislation/dmca.pdf
ECPA: Electronic Communications Privacy Act (ECPA) 18 U.S. Code
- 119: Chapter 119 – WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS: https://www.law.cornell.edu/uscode/text/18/part-I/chapter-119
- 121: Chapter 121 – STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS: https://www.law.cornell.edu/uscode/text/18/part-I/chapter-121
EOAA: Equal Opportunity and Affirmative Action, Executive Order 11246 (Presidential Order) – Equal Employment Opportunity: https://www.dol.gov/ofccp/regs/compliance/ca_11246.htm
FCC: Federal Communications Commission (FCC): https://www.fcc.gov
- CPNI: Customer Proprietary Network Information (CPNI) Rules: https://www.fcc.gov/general/customer-privacy
- FCC 47: Federal Communications Commission (FCC) Rules and Regulations for Title 47: https://www.fcc.gov/general/rules-regulations-title-47
FFIEC: Federal Financial Examination Council (FFIEC) Information Technology (IT) Examination Handbook: https://ithandbook.ffiec.gov/
FISMA: Federal Information Security Management Act (FISMA): https://csrc.nist.gov/projects/risk-management/detailed-overview
FTC: Federal Trade Commission (FTC): https://www.ftc.gov/
- FACTA: Fair and Accurate Credit Transactions Act (FACTA) of 2003, Red Flags Rules : https://www.ftc.gov/tips-advice/business-center/privacy-and-security/red-flags-rule
- FCRA: Fair Credit Reporting Act (FCRA), 15 USC § 1681 et seq, Federal Trade Commission (FTC): https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/fair-credit-reporting-act
- GLBA: Gramm-Leach-Bliley Financial Services Modernization Act (GLBA), Federal Trade Commission (FTC): https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act
- COPPA: Children’s Online Privacy Protection Rule (COPPA), Federal Trade Commission (FTC), Children’s Online Privacy Protection Act of 1998, 15 U.S.C. 6501–6505: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule
HSS: Department of Health and Human Services: http://www.hhs.gov
- HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) of 1996: https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
- HITECH: Health Information Technology for Economic and Clinical Health (HITECH) Act https://www.hhs.gov/hipaa/for-professionals/special-topics/HITECH-act-enforcement-interim-final-rule/index.html
NG-SEC: National Emergency Number Association (NENA) Security for Next-Generation 9-1-1 Standard (NG-SEC) Standard: https://www.nena.org/?page=NG911_Security
Privacy Act of 1974: The Privacy Act of 1974 – 552a. Medical Records Maintained on Individuals: https://www.justice.gov/opcl/privacy-act-1974
SEC: Securities Exchange Commission (SEC): https://www.sec.gov
- SOX: Sarbanes–Oxley Act (SOX): https://www.sec.gov/answers/about-lawsshtml.html
SSAE-16: Statement on Standards for Attestation Engagements 16 (SSAE-16): http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/default.asp
Telecommunications Act of 1934, 47 U.S.C. § 151 et seq.: https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1288
USA PATRIOT: Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001: https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1281#contentTop

Information Security Resources: International Organizations

Posted on January 1, 2018 by Adora Myers

Organizations providing international information security standards and recommendations:

AUP: Shared Assessments Agreed Upon Procedures (AUP): https://sharedassessments.org/
COBIT: Control Objectives for Information and Related Technologies (COBIT): https://cobitonline.isaca.org/
COSO: Committee of Sponsoring Organizations of the Treadway Commission (COSO) http://www.coso.org/
HITRUST: Health Information Trust Alliance (HITRUST) Common Security Framework – https://hitrustalliance.net/
IEEE 802.11: Institute of Electrical and Electronics Engineers (IEEE) LAN/MAN Standards Committee (IEEE 802) Standard for Information technology—Telecommunications and information exchange between systems Local and metropolitan area networks: https://standards.ieee.org/findstds/standard/802.11-2016.html
ISO/IEC: International Organization for Standardization (ISO)/International Electro technical Commission (IEC):https://www.iso.org
ITIL: Information Technology Infrastructure Library (ITIL), AXELOS: https://www.axelos.com/best-practice-solutions/itil
NIST: National Institute of Standards and Technology (NIST), Computer Security Resources Center (CSRC):https://csrc.nist.gov/
- NIST Cybersecurity: National Institute of Standards and Technology (NIST) Cybersecurity Security Framework http://www.nist.gov/cyberframework/
- NIST FIPS 199: National Institute of Standards and Technology (NIST) Bulletin; Federal Information Processing Standard (FIPS) 199: Standards for Security Categorization of Federal Information and Information Systems:https://csrc.nist.gov/publications/detail/fips/199/final
- NIST FIPS 200: National Institute of Standards and Technology (NIST) Bulletin; Federal Information Processing Standard (FIPS) 200: Standards for Security Categorization of Federal Information and Information Systems:https://csrc.nist.gov/publications/detail/fips/200/final
- NIST FISMA: National Institute of Standards and Technology (NIST), Federal Information Security Modernization Act (FISMA):https://csrc.nist.gov/Projects/Risk-Management/Risk-Management-Framework-(RMF)-Overview/Security-Categorization
PCI DSS v3.2: Payment Card Industry (PCI), Data Security Standard (DSS) Version 3.2:https://www.pcisecuritystandards.org/document_library
Privacy Shield: EU-U.S. Privacy Shield Framework: https://www.privacyshield.gov/welcome Fact sheet:https://www.commerce.gov/news/fact-sheets/2016/02/fact-sheet-overview-eu-us-privacy-shield-framework
SEI CMU: Software Engineering Institute (SEI) at Carnegie Mellon University (CMU), Insider Threat Program, Research and Publications: https://www.sei.cmu.edu/index.cfm

Book Review: It’s Not About You

Posted on December 4, 2017 by Adora Myers

Amazon.com

“Give people something good to live up to—something great—and they usually will. In fact, often they’ll even exceed those expectations.”

This book reads like a novel. It’s a lovely, heartwarming, story about a manager trying to coordinate a merger between a small family business and a larger corporation.

He’s there to convince people, persuade them to do what his employer wants them to do. He’s there to meet his own career objectives. While he achieves his goals, he also learns crucial lessons about doing business both ethically and effectively – about negotiating a win-win situation and about leading a people toward goals that may not be clear to everyone involved.

“The single biggest challenge to any organization is the constant cloud of fear and doubt that swirls around the heads of the people involved. As a leader, your job is to hold fast to the big picture, to keep seeing in your mind’s eye, with crystal clarity, where it is you’re going—that place that right at this moment exists only in your mind’s eye. And to keep seeing that, even when nobody else does. “Especially when nobody else does.” Your people count on you to do this. It’s the biggest job you have.”

This isn’t the business management version of a Christmas Carol. The main character is a far cry from the wicked Mr. Scrooge. In fact, he’s essentially a really good guy with some rather standard perspectives on management and business. This is a story about a good guy transforming into a better guy – a better manager and a better person.

“Building a business takes skill, work, and materials . . . but those are details. More than anything else, building a business—really, building anything—is an act of faith. Because you’re creating something out of nothing, you see?”

It’s a light read filled with truly useful advice, making it the perfect business book to pick up over the holidays.

–It’s Not About You: A Little Story About What Matters Most in Business by Bob Burg, John David Mann

Book Review: Women and Career Decisions

Posted on November 27, 2017 by Adora Myers

There are a lot of books focused on women in the workplace. Most are written by women who are CEOs, successful entrepreneurs or otherwise well know for their professional achievements. Wander Woman: How High-Achieving Women Find Contentment and Direction by Marcia Reynolds is not that book.

Wander Woman is filled with facts:

What most surprised the managers was that the top-performing women did not stay and fight. These days, strong women take their expertise and knowledge to greener pastures.

Their workplace wish lists rarely state “being promoted” as a prime motivator. Instead, my survey respondents told me they look for (1) frequent new challenges that stretch and grow their ability to achieve; (2) the opportunity to be flexible with their schedule; (3) the chance to collaborate with other high achievers; (4) recognition from their company; and (5) the freedom to be themselves.

And with highly quotable and inspirational statements:

If you want to change how you relate to others and run your life, you have to first transform your concept of self. If you try to change your behavior without first transforming who you think you are, the changes will last a few days until you quit thinking about them.

But the real strength of this book comes from her personal experience. She describes being an overachieving teen who gets into trouble that very nearly destroys (or ends) her life:

I learned one of my greatest life lessons—if you don’t know who you are, you will never be content with what you can do—in one of the darkest places on earth, a jail cell. A year after high school graduation, I ended up spending six months in jail for possession of narcotics, an experience I swore would never happen to me. In truth, the sentence saved my life.

And delves into her struggles as the daughter of a man who was so tied up in his self-imposed identity as a man-who-works that he was unable to handle retirement:

The day the doctors told my father he could no longer work was the day he accepted his death sentence…In my anger for his leaving me, I somehow missed the lesson in my father’s passing. My father could not be a retiree. He could not free himself from the identity of being a successful businessman. When he could no longer hold on to that identity, he quit…When he had to give up his formula for prestige, he gave up his will to survive. I desperately tried to help him see what else he could accomplish if he redefined his goals. I didn’t see that his addiction to achievement was killing him.

There are pages upon pages of down-to-earth realistic advice pulled from the life of a highly-relatable professional woman. Reading it feels like sitting down for coffee or tea with a friend and hashing out the day-to-day frustrations every one of us has to face. I came away with advice that I regularly use:

I choose my work based on what I have defined as my purpose and say “no” to everything else. When I am buried under a to-do list, I prioritize and let some things go with no guilt. My exercise and fun time can’t be compromised. These are the good days.

This isn’t grandiose advice handed down to the masses by a woman who has achieved dizzying heights. It’s perspectives, thoughts and ideas that actually apply to the challenges of daily life, provided by someone who has been through it herself.

Elements of Workplace Mobbing

Quote

Posted on October 16, 2017 by Adora Myers

Mobbing happens when conflicts in a workplace (1) escalate out of control, (2) begin to involve increasing numbers of people, (3) are left without effective intervention by management, (4) result in the targeting of a victim for blame (otherwise known as scapegoating) who is then held responsible for both starting and stopping the conflict and who, ultimately, is eliminated from the organization.

Overcoming Mobbing: A Recovery Guide for Workplace Aggression and Bullying by Maureen Duffy Ph.D., Len Sperry Ph.D.

October is national bullying prevention month!

Adora Myers

Category Archives: Business

Expensive Repeat

Quote

Like this:

Decisions and Design

Quote

Like this:

Deeply Personal Actions

Quote

Like this:

Information Security Resources: Federal USA

Like this:

Information Security Resources: International Organizations

Like this:

Book Review: It’s Not About You

Like this:

Book Review: Women and Career Decisions

Like this:

Elements of Workplace Mobbing

Quote

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: