Ethical Hacking
(TORONTO) An accounting group has published a document to help organizations use ethical hacking to protect their systems from security threats.
Many organizations are turning to ethical hackers to test their systems’ mettle against breaches in security. But some aren’t sure what ethical hacking is, or whether it would be a useful exercise for their organization, so the Canadian Institute of Chartered Accountants (CICA) has issued a white paper, Using an Ethical Hacking Technique to Assess Information Security Risk, to help organizations assess their own risk. The paper gives an overview of the pros and cons of ethical hacking, also known as penetration testing, and explains why an organization needs to be aware of security vulnerabilities that could be exploited.
Ethical hacking allows organizations to find out how easy or how difficult it might be for someone to bypass their security controls and gain unauthorized access to confidential information. To test those controls, a small team of people tries to simulate hackers and expose security weaknesses. Testing teams usually include members of the organization’s internal audit or IT department, or consulting firms that specialize in ethical hacking.
Issued by CICA’s Information Technology Advisory Committee (ITAC), the white paper explains why an organization should consider ethical hacking, the types of testing, what ethical hacking entails, and how it compares with other kinds of security-related services.
“It’s become a business imperative for organizations to protect their information,” says one of the paper’s authors, Gary Baker, ITAC member and a CA with Deloitte & Touche. “Legislation here in Canada and internationally is placing increasing responsibility on organizations to implement procedures that ensure the privacy, confidentiality and integrity of their information. Ethical hacking can help organizations identify potential security exposures and opportunities to strengthen procedures needed to meet these security regulations and protect their information assets.”
The white paper is available for free at www.cica.ca/itac.
[Back to Top of Page]
Religious Beliefs
The Quebec Human Rights Tribunal has dismissed an application by a biochemist against a Quebec university that it refused to hire him as a professor because of his religion, political convictions, and national origin.
The applicant, who is of French origin, did post-graduate research at the university for two years. For the next three years, he was a researcher at the university. Then he came a member of the Baha'i faith.
The applicant and three professors denounced certain practices at their research centre, stating that the director was in a conflict of interest and had used his position for personal gain, at the expense of researchers. The university asked the applicant to withdraw his complaints; when he refused, he was dismissed.
The applicant's union filed a grievance. He himself complained to the committee responsible for academic freedom at the Federation of University Professors' Association of Quebec. The grievance was dismissed, but the federation found irregularities in the research centre's administration, and recommended the applicant be rehired as a researcher.
The university then advertised an opening for a professorship in the research centre. The applicant, who felt he had all the necessary qualifications for the position, was told that another candidate had been chosen.
The Tribunal found that, in contrast to the other candidates, the applicant did not have basic training in chemistry and that his education was less relevant to the courses that would be taught.
He did not have as strong a publishing record as other candidates.
The Tribunal found that to prove discrimination, the prohibited ground must have some impact on the decision complained about. In this case, there was no link between the refusal to hire and the complainant's religion, his political convictions, or his national origin. An employer has the right to choose employees on the basis of competence, efficiency, productivity, and even character. The Tribunal dismissed his application without costs.
[Back to Top of Page]
Limited Deductions
The employee was a truck driver who signed an agreement when he was hired which purported to authorize the employer to withhold any amount, agreed to by the parties, for damages to company equipment or property caused by the employee's negligence.
The driver got into an accident in North Carolina, causing damage to the truck. The employer maintained that the employee would be required to pay for the repairs to the truck since he was negligent.
The employee felt that he was not at fault, that he was not guilty of negligence and that he did not have to pay for a loss that was not caused by his negligence.
Since no agreement was reached by the parties on the amount of damages to be withheld, the employer proceeded to withhold the cost of repairs from the employee's pay. The driver complained to the Canadian government, which issued an order restoring the pay to the employee. The company appealed.
The adjudicator found that the written agreement did not comply with the requirements of the Canada Labour Code, which allows an employer to deduct a specific amount from wages, if the authorization is in writing. It does not, however, authorize deductions from wages in any amount. For that reason alone, the adjudicator said, the employer's deduction from the wages was unlawful.
Furthermore, there was no agreement between the employer and the employee on liability for the accident. Consequently, there was no agreement as to the rate of payment, which was the language of the employment agreement and within the terms of which the employer must come to establish a contractual right against the employee.
Without a proper written authorization by the employee to deduct any amount, the appeal by the employer was dismissed.
[Back to Top of Page]
Best Employers
(TORONTO) An organization’s efforts and achievements in employee job satisfaction specifically for older workers will be recognized with the Best Employers Award for 50-plus Canadians.
Developed and implemented by the non-profit advocacy association Canada’s Association for the Fifty-Plus or CARP (Canadian Association for Retired Persons), and FGI, a Canadian employee and employer supports services provider, the awards program will be based on criteria of excellence in key areas of hiring, training, career development, health care, employee and family benefits, retirement policy, pensions, and pre- and post-retirement support systems. The exact criteria will be announced at a kick-off luncheon scheduled for this fall. An independent panel of judges will select the winners, who will be announced at a ceremony planned for Spring 2004. An awards summary and profile of the winning organizations will be featured in a special section of 50Plus magazine, published by CARP.
“These awards will encourage corporate innovation and leadership in today’s increasingly aging workplaces, bringing to the forefront many of the challenges organizations and, in particular, human resource professionals must tackle immediately or risk falling behind,” says Lillian Morgenthau, president and co-founder of CARP.
[Back to Top of Page]
Personnel Files
(EDMONTON) An Alberta employer did all it could to find personnel files of an employee it terminated in 1996, the provincial Information and Privacy Commissioner has found.
The former employee filed an access to information request from the employer, a community college, to get copies of all references given out about the employee to other potential employers. The employee also wanted written reasons why he or she was fired, and the dates and content of all verbal references the employer may have given about the employee.
The college searched its personnel files but could find no records of any references given about the former employee. Commissioner Frank Work found that the employer “conducted an adequate search” for the records but turned up nothing. “It did not refuse access to any of the responsive records. It provided every record it found,” Work’s report states.
The college says it conducted two searches. The initial search involved looking through paper-based records as well as electronic and microfiche files. A second search was conducted on a records management audit of records, which listed files for a number of former employees but not the one who applied to the commissioner for information.
The college did not have a formal records management program during the time that the terminated employee was using former supervisors as references. That is why the employer could not find its own copy of a reference letter that a supervisor allegedly put on the applicant’s file. That supervisor no longer works at the college and likely destroyed the reference letter when he or she left, the commissioner says.
The applicant was also concerned about a reference that this particular supervisor gave in 2002. Work found that the college had no duty to the former employee because that particular supervisor was no longer an employee at the time.
The commissioner also found the college had no obligation to release documents giving reasons for terminating the employee because it happened in 1996, while the Freedom of Information and Protection of Privacy Act only came into force to apply to the college in 1999.
[Back to Top of Page]
| |
Pension Agreement
The Royal Bank of Canada has reached a tentative settlement of a pension dispute with Royal Trust employees. To read this article, please Click Here.
False Harassment Claims
A judge found that a woman made false harassment claims because her employer wouldn't give her a letter of reference... To read this article, please Click Here.
School Board Retaliated
A school board retaliated against an educator for filing a human rights complaint, a board of inquiry found. To read this article, please Click Here.
Insurance Industry
The home, auto, and business insurance industry is recovering slowly but will remain weak for at least a year. To read this article, please Click Here.
Quebec Employment
Quebec created nearly half of all new jobs in Canada in the first six months of 2002. To read this article, please Click Here.
Warning: No part of workplace.ca may be copied or transmitted
by any means, in whole or in part, without the expressed written
permission of the Institute of Professional Management. Workplace
Today®, HR Today®, Recruiting Today®, and Supervision
Today® are trademarks of the Institute of Professional Management.
For permission to reprint, please click here.
|
|
|
Workplace.ca is your gateway to Canadian management and workplace resources. It has all the tools you need to create and use successful management
and human resources strategies.
