10 Information Security Domains for Paperless Recipe

Above image illlustrates the 10 areas of focus for information security courtesy of NCS.Double-click on the picture to see clearly.

By the way, its a course syllabus if you really are interested to become a Certified Information Systems Security Professional. NCS provides the requisite training and certification.

Can I Trust The Internet and Care About The Future?

The question that I asked myself is, can i trust the electronic transactions? How can i be sure that my privacy, the privacy of my personal information will not be compromised against possible cyber theft or intrusion into my electronic records? How secure is the technology infrastructure in a paperless environment?

Above picture says "Insurance goes paperless". Here is an excerpt from the said article:

"Two years ago, Singapore’s leading insurance company, NTUC Income Cooperative Limited embarked on transformative exercise to convert its 40 million pages of insurance policies and related documents into digital images. At the same time, it started working on the technology infrastructure and work processes to go fully paperless. Now, it is ready to give its agents the power to underwrite policies out in the field, with Intel® technology-based solutions."

I mentioned in my previous blog that Digital Signature Legislation is essential core in the paperless society. In fact it is the tipping point in the campaign to go paperless.

The second ingredient in our recipe for success is the readiness of the technology infrastructure and work processes to go fully paperless.

This is still a big challenge to the technology providers. Even an image copy of legal document you scanned and archived today, 10 years from now there may not be anymore compatible software to re-opened them again and view using another version of pdf viewer or MS Word. Your latest copy of MS Word today tomorrow they are already rendered obsolete.

In my next article I will be discussing about information security and information security management system in a shared data center context.

This is a dragging topic and full of technical jargons, but this is also a very important topic. Information security and security awareness is a topic that is less understood by so many people and yet this is the future.
Do you care about the future?

I am already thinking of organizing free information security awareness training for everyone and for every organization who are willing to listen.

Honestly, Im still figuring out how to make this complex topic simple, concrete and easy to understand.

This is coming up in next...

Paperless and Inkless Signature: Will it Stand In Court?

Digital signature is the essential core or the heart of paperless society and digital signature legislation is the "tipping point" in the campaign towards paperless.

Imagine the following situations:

Case 1: John Doe applied for membership in one the prestigious members club in town. His passport and other personal documents are scanned and stored in a document repository. His application is approved, and he can enjoy the privileges of a member.

A year later, someone disputed the authenticity of the document. They started to question the validity of the electronic document that was previously scanned. It is not valid because the electronic document is not admissible as evidence, it could be a fabricated document or tampered that cannot stand the test of legal scrutiny.

Without a law that guarantees the validity of electronic documents, John Doe or the Member's club chance of winning a case before the bench is slim.

Case 2: Company A and Company B entered into a contract for company A to buy from B a piece of land worth $1M and for B to deliver the said land after a lapse of one year. Company A clicked the submit button for approval and company B clicked accept button, the witnesses also clicked on the witnessed by button as well as the notary officer clicked on the button that says "notarized". All parties received an electronic copy of the contract. It says "This is a computer generated document no signature is required"

A year later the land is not delivered and the case landed in court. One of the parties argued that the contract is void from the start because it does not conform to the provisions of the statute of fraud which says for certain contract with amount greater than say for example '$5000.00" to be valid it must be in writing, signed by both parties and they also swear before a notary public that the contents are true, blah blah blah, blah blah blah.

Without a law that guarantees the non-repudiation of an electronic transaction or contract, and without a legal framework for enforcing it, company A's case in civil court is dead on arrival, or it will be a long and costly battle in the court of law.

I said, its a tipping point whenever a country has already enacted a law, such as the "Electronic Transaction Act" of Singapore, that will guarantee the legality of electronic documents and the validity of paperless and inkless signature. The reason is quite obvious, some companies or even individuals can be swayed to go paperless because they know that their rights are protected by law. Another reason is, sometimes laws or regulatory requirements dictate where companies and individuals are supposed to be going. The digital signature law adds more weight and pressure for societies to accept paperless initiatives.

I need more cases or scenerios to build up. This will enable the law makers make intelligent decision and come out with quality legislation.

Any volunteers? I believe we need people to voice out more possible cases of disputes arising out of the digital signature law or so called "Electronic Transaction Act" and introduce incremental improvement.

By the way, here is an article about the signing of the "Millennium Digital Commerce Act of 2000" written sometime on 30 June 2000 from Domino News:





By Eric B. Parizo, Asst. News Editor


U.S. President Bill Clinton signed the Electronic Signatures in Global and National Commerce Act, more commonly known as the digital signature bill.

The new law will fully legalize contracts signed over the Internet, using public and private key-encryption technology, primarily featuring XML code, to identify users by unique digital signatures.

Digital signature technology is nothing new to Lotus Notes and Domino users, but Domino product marketing manager Paris Vakili said the government is catching on to what her company has known for some time.

"With a lot of e-commerce activity, it would be good to have a definitive, around the clock ability to secure documents and take advantage of technology that exists today," Vakili said.
Notes and Domino users have had the ability to include digital signatures within documents for over six years.

The technology works like this: A user can add a signature to a document, using the high-level encryption within the Notes/Domino environment.

If the document is sent in or as a mail message, another user can then digitally verify the document's signature by examining the sender's private key information and the electronic trail, or hash, that is sent along with the document.

Unlike other applications, Vakili said the way Notes and Domino are designed, users can utilize digital signature technology at the most basic levels.

"I believe that most applications do provide digital signatures, but again, with Notes and Domino, because our collaborative environment, you could actually take this level of security to the field and section and document level," she said.

The new law has been seen mainly as a boost for e-commerce at a time when many dot-coms are struggling. Domino users will find it beneficial as well.

For instance, if multiple Notes users in varied locations needed to securely sign a database document, not only does the environment allow for it, but the gray area of legality has also been removed.

"If you're creating a workflow application, your database designer would be able to take advantage of this technology and design the workflow application around it," Vakili said.
While viruses are a constant threat, and some speculate the new law does not take virus attacks into consideration, Vakili said Notes users have few reasons to worry.

"Actually, [with] Lotus Notes, because of our integrated security... any virus would not be able to work around the security, in a sense that it would be able to prevent any mail message from being validated," she said.

Mobile security is also of little concern. Mobile devices with the ability to access a regular Domino server can not only submit and receive digital signatures, but also feature the same virus protection.


Today, the big question is, what happend to Lotus Notes/Domino now? Im just curious. :)

Paperless Society:Recipe for Success

"Philo Farnsworth invented television in 1927, but it was David Sarnoff who created television broadcasting to bring black-and-white television to the consumer in 1939. He developed a successful business that put together television, cameras, broadcast stations, program content, and advertising. Farnsworth invented a device, while Sarnoff was the innovator who put all the pieces together to create an industry." - Curtis R. Carlson,et.al. 1

In today's period of global warming. In today's era of knowledge-based organizations and in today's world of discontinuous change, all the ingredients necessary to achieve a paperless environment are already in place. We just need to develop a business model to put the scattered pieces together and create an industry.

The following ingredients are necessary to make this dream a reality:

1. Digital Signature Legislation

2. ISMS Certified Data Centers with Shared Paperless Services audited twice a year by ISO/IEC 27001:2005(E) certified auditors


3. Self Service Portals for Paperless Transactions (with push and/or pull mechanisms)


4. Workflow System and Document Management Systems in every office


5. Federated Workflow Engine for Supply Chain Integration (for Logistics and Communications Social Networks)


6. Convergence of New Media Technologies, Knowledge Management Services, and webcast services ( for Knowledge Sharing, Problem Solving and R&D Social Networks)


7. Personal Paperless Systems in every home and office

8. Communities of Practice




I will discuss each one of the above in my next blog.

Erratum:

It was Paul Nipkow who first invented the television in 1884.

Footnote:

Curtis R Carlson & Willliam W. Wilmot, "Innovation: The Five Disciplines for Creating What Customers Want", page 23

Words of Wisdom for Entrepreneurs

Coming up next....

What are the necessary ingredients to make paperless society a reality? What are the procedures to mix and blend the ingredients and generate a desired business outcome?

Personal Paperless Systems

I mentioned in my previous article on "Butterfly Effect" that there are two ways of initiating small changes that could possibly evolve into big and meaningful outcome over time, one is through corporate paperless initiatives and the other one is through personal paperless systems.

I already discussed two initiatives that I worked on as part of my process study consultancy work, and now they are in the development stage. The customer portal for 1-NET is launched recently, its backend workflow engine is a work-in-progress. The other one is the Members Club Paperless Office Project which i believe is now in the second phase.

Personal Paperless Systems is something new. Something that does not exist at the moment although the enabling mechanisms are all in place. Im thinking of setting up another blog exclusive for this topic.

Creating a customer need from scratch and take lead is not easy because in the first place the customer does not have needs for it, society doesnt care about it. So the only way for the need to surface is to articulate how it can add value to the customers - to create a compelling necessity to use it and exponentially, and dramatically become a necessity. Something that is challenging and risky for investors as well.

When someone asked a Revlon salesman on what he is actually selling, the salesman replied "We are not selling cosmetics, we are selling hope". Probably hope that one day, an ugly face will turn into an angel face. (lol)

Similarly, if you ask me what is this Personal Paperless System that I am selling, my answer is quick and easy, I am not selling a gadget or another technology or software, what I am selling is a reassurance. A reassurance that when we move on to paperless society we make sure that we dont go back to our old habits - our addiction to paper. This is what the personal paperless system is all about. A system that I hope will become a consumer product not for entertainment and for daydreaming but a system that will guide anyone who uses it. A paddle and a canoe that you can use to navigate the digital corridor in a paperless way.

I will discuss this in great detail in another blog site. Meanwhile I will continue my discourse on paperless society. The necessary components to make it happen and prepare a recipe for success.

"When we wake up in the morning, we have two simple choices. Go back to sleep and dream, or wake up and chase those dreams." - pravsworld.com

Corporate Paperless Initiatives: A Paperless Office Case for a Members Club in SG

My first experience in projects involving the implementation of paperless office is that of a private members club in Singapore. This was my first external engagement as project manager of 1-Net Singapore Pte Ltd. It took almost one month to complete the entire study between the period from August and September 2006.

For the stakeholders of the club, the main goal is to do away with the voluminous paper-based forms that piles up every year, archived and retained in the storage for at least seven (7) years and occupies huge storage space.

Their objectives in going paperless consisted of: (a) streamlining the process of form submission for the key processes identified, eliminating waste in the form of non-value adding activities, minimizing non-value adding paper handling cost, reducing cycle time, and eliminating redundant activities; and (2) reduce the amount of paper-based forms generated by various processes minimizing costly office space specially so when the cost of office space in Singapore is not cheap.

The study is completed in one month and there were two significant results: (1) we were able to surface all those processes and procedures both documented and undocumented. Undocumented processes are tacit knowledge that employees may have kept in their minds and sometimes employees (not particular to the organization) tend to have limited understanding of their process; and (2) a business requirements statement that spells the business justification for going paperless e.i. the minimum and maximum investment cost that the company may choose to incur in going paperless, the benefits in terms of cost savings and return on investments.

Some of the members of the management committee raised valid concerns in going paperless. The first of these concerns is the practicality of implementing it across all processes, e.g. (a) Do we need to use online form submission just to request for a purchase of 1 rim of A-4 size computer paper when its value is only SGD6.00? (b) Supporting documents, such as passport, which comes along with the membership application form, is it legally acceptable to submit it in electronic image format? (c) Other issues such as what will happen if the business becomes heavily dependent on computerized system, what if one day the system just bogs down, how do we go back to manual process?, and (d) the cost of maintaining the application over a period of 5 to 6 years before it reaches its zero book value and its requirement for upgrade.

For this purpose, I reserve my own personal comments to the above questions and leave it to the succeeding discussions. Meanwhile, the result of my presentation to the board was very successful. Most of the committee members agreed to embrace paperless and accepted the process study outcome. The next step for them was to look for vendors on workflow system with document management capability and development work integrating the workflow solution with their existing portal and finance applications. They will use the BRS document as requirements specification for their vendors. As of this writing, the club already engaged the services of one the software services company in Singapore for the next phase of the project and that is the implementation of the paperless office according to the specifications that the team prepared in phase I.

For our part, the scope of our work is limited to the process study. Thanks to my green belt Six Sigma training from 1-Net, I used the DMAIC methodology as framework in facilitating the understanding of their ‘as-is’ processes, mapping the ‘to-be’ processes and prepared the cost-benefit analysis which is basically the business justification in going paperless.

The Butterfly Effects

It is not an easy campaign to change a global mindset over night, even if we want to change twice. We can only introduce small meaningful changes that may eventually have butterfly effects.

The term butterfly effect refers to the idea that a butterfly’s wings might create tiny changes in the atmosphere that ultimately causes a tornado to appear (but not prevent a tornado from appearing). The flapping wing represents a small change in the initial condition of the system, which causes a chain of events leading to a large-scale phenomenon. Had the butterfly not flapped its wings, the trajectory of the system might have been vastly different. 9

The butterfly effect supports the theory of strong outcomes base on small initial conditions. Small changes evolve into big and meaningful change over time.

This paper prescribes two ways of initiating small changes that could evolve into big and meaningful outcomes over time: (1) Corporate Paperless Initiatives - as a corporate programme by aligning process improvement with paperless office, and (2) Personal Paperless systems - as individuals by changing old habits of consuming papers and using a system of managing information or knowledge at personal level and in a paperless way.

I will be discussing them in details in my next blog.

Reference:
9. http://www.answers.com/topic/butterfly-effect-2?cat=technology

The Process called "Changing Twice"

I don’t want to sound philosophical and too academic but I feel that this is the only way for us to understand the reality of our addiction to paper, and from here we develop a strategy for change.

In his book “The Forgotten Half of Change: Achieving Greater Creativity Through changes in Perception”, Luc De Brabandere discussed in great detail the concept of change, people’s resistance to change, and the principle of changing twice as popularized by the Palo Alto School. I would like to paraphrase and quote Luc De Brabandere in his inspiring knowledge works and relate his discussion of change to our discourse on change towards paperless society, here it is: 8

“According to Palo Alto School, there are two kinds of change. The first change has to do with reality. This kind of change called type 1 is produced within a system that stays the same. If it modifies a component, it still follows the rules. Retroactive feedback protects the system and helps it keep its balance.”

“The second change, however, is the one that really counts, the change in perception. For it to happen, at least one of the rules of the system – a hypothesis, a judgment, or a stereotype – has to be broken. This Type 2 change is sudden, sometimes unforeseen, and leads to a new representation of reality.”

“These two types of change are totally dissimilar. Type 1 is continuous, type 2 is discontinuous; we tend to go on seeing things in the same way until one day, quite suddenly and with a mental rupture, we see it differently. Take a personal relationship, for instance. It may deteriorate slowly over months or years without your being aware of any change. Then suddenly it hits you: its over. How often have you said that a child is growing up quickly when, of course, those extra ten inches were not just added the night before.”

“One change is possible without the other, but Palo Alto went a step further. If you want to change, you have to change twice. You not only need to change the reality of your situation, you also need to change your perception of this reality.”

The following examples are illustrated:

“If a president of a bank wants to merge with another bank, he has to organize a double change. The president can start by merging reality – computers, accounting system, and so on, which must be compatible (type 1). But its not enough. As long as the employees still see themselves as ex-employees of the old banks, the new bank doesn’t exist (Type 2).”


“Similarly, a company is not a world company unless everyone sees it as one company, not a company of diverse national offices drawn together under one banner. The efficiency of a computer system is a matter of the quality of the system multiplied by the desire of a people to use it. The quality is a reality, the desire is a perception; If one of two is missing – if you have an excellent system no one wants to use, or the other way around – you have a failure.”

I took cognizant of this fundamental principle or shall I say “social psychology of change”, or the two-steps process of change, and reflect on my previous research on paperless society being just a myth.
If we want to change the reality of our addiction to paper and begin on a serious journey to a paperless environment by reducing our dependence on it, we also need humanity to change its perception that paperless society is not a “myth”. The constant threats of global warming, climate change and rising sea levels are all indications that sooner or later the cost of pulp and paper will shoot up to an irreversible level and, one day quite suddenly we are forced to accept the inconvenient truth- no more papers to consume.

Reference:
8
8. Luc De Branbandere, "The Forgotten Half of Change",Dearborn Trade Publishing.2005.

Paper Consumption Survey in Singapore

by Spire Research and Consulting

In August 25, 2005, Spire Research and Consulting came out with a press release entitled “A Paperless Society – A Distant Dream?” It says only 12 in 100 companies in Singapore says paper consumption dropping, almost 90% have no guidelines on paper use. Here I quote:
“Despite the proliferation of document management technologies and increasing public awareness of the environmental costs of de-forestation, paper consumption in Asia is rising at a steady pace. Within the next five years, this region is expected to account for one-third of global consumption. A recent survey of 100 companies in Singapore conducted in May-June 05 by Spire Research and Consulting, the leader in Asia-Pacific strategic market intelligence, found that:

1. Only 12 percent of offices noticed a drop in their paper consumption in the last two years

2. 37 percent noticed that paper consumption had remained at the same level during this period


3. 51 percent noticed that paper consumption had increased during this period
The sample consisted of 37 companies with staff strength less than 30, 31 companies with staff strength between 30 to 100 and 32 companies with staff strength of above 100. Survey respondents consisted of executives with knowledge of and/or responsibility for paper purchasing patterns in each company.

The survey also revealed that paper-purchasing behavior is similar irrespective of the size of the organization. Individual departments, each with up to 25-30 personnel, order paper independently. Rarely do paper-conservation initiatives seriously impact ordering behavior.”


Conclusion on "Paperless Society literature survey"

After foraging about 37 articles from the World Wide Web and other reading materials from the libarary, I came to conclude that there are three reasons why paperless society is a myth and will continue to be so: (1) People still don’t trust the internet or the computer systems – they believe that personal privacy will be compromised if we depend too much on computers for our daily information needs (information security is a major concern), (2) We are addicted to Paper, and (3) Technology is not cheap when two-third of the world’s population is not yet reached by electricity.

Kallang Souvenir

Kallang, Singapore
2004

This shot was taken from the 6th floor, Pebbles Condominium, Tanjong Rhu during the occassion of Singpapore's 2004 National Day Parade Celebration. I took this picture using my old Canon Powershot G2 digital camera. I used a star filter in appeture priority mode to capture the depth of field, and see clearly the beauty of the night lights appearing in unison as filtered star-shaped neon lights displayed in effervescent colors.
A few months from now, the Kallang Stadium will be gone forever.