Canadian Information Processing Society (CIPS)
 
 

CIPS CONNECTIONS

INTERVIEWS by STEPHEN IBARAKI, FCIPS, I.S.P., MVP, DF/NPA, CNP

Bruce Cowper, Top International Security Authority, Chief Security Advisor Microsoft Part 2

This week, Stephen Ibaraki has the second of his exclusive interview series with Bruce Cowper.

Bruce CowperAs the Chief Security Advisor for Microsoft Canada, Bruce is responsible for the overall security strategy, working closely with the Public Sector, large enterprises, Industry Associations and the Community across Canada. He comes from a security background in secure system design, forensics and security risk management and as the Chief Security Advisor leverages his real life hands-on experience to relate to the challenges faced today. Bruce is a prolific speaker and can frequently be found in the media and at conferences across Canada and beyond.

Bruce is a founding member of the Toronto Area Security Klatch (TASK) and an active member of numerous organizations across Canada. Before moving to Toronto and joining Microsoft, Bruce held positions on the board of directors of several IT companies, championing the development of technical excellence and the customer experience.

Bruce holds a degree in Computer Systems Engineering as well as industry standard qualifications.

To listen to the interview, click on this MP3 file link

The latest blog on the interview can be found in the IT Managers Connection (IMC) forum where you can provide your comments in an interactive dialogue.
http://blogs.technet.com/cdnitmanagers/

DISCUSSION:

Interview Time Index (MM:SS) and Topic

:00:31: Can you give some comments or tips on each of the following: Authentication, Phishing and counter-measures, Click-fraud, The human factor in security, Cryptography, Network security, Protocol design?

":00:43: Authentication:
...Authentication is one of the fundamental components that helps us understand, implement, and control security within the organization....The big tip there for organizations is to look at authentication from a much broader perspective than we do right now....

:02:55: Phishing and counter-measures:
....Because they are so complex and in many cases are hard to spot, very often what they are trying to do is essentially drive a behavior that people perhaps wouldn't do ordinarily....One of the challenges right now is that there is still a big lack of understanding about what is reasonable information to give up and what isn't....

07:51: Click-fraud:
....What I'm seeing with things like click fraud from an advertising perspective is, in many cases, we've come to expect things like online advertising as in-place attacks for using things like services or software that may be paid for by advertising revenue....

:10:07: The human factor in security:
....Helping people understand the impact of sharing information, internally or externally from an organization, can certainly be a big part of trying to deal with that side of it....

:14:33: Cryptography:
....We see a lot of organizations leveraging cryptography as part of their overall solution....

:18:27: Network security:
....We are trying to get people to take a more holistic approach to network security so what they are doing is understanding the layers that are being put in place....

:21:03: Protocol design:
....The big shift that we are seeing right now is towards far more protocols that include security within their design...."


:24:20: What are the most important current roadmap-level tips involving security?
"....(1) Make sure that security is built into everything that you are doing....(2) When you are starting to look at technology, think of them as business enablers. That is, don't let the technology dictate what can and can't be done in the business....(3) Security is never a point in time....(4) Don't jump on the security bandwagon....(5) Take a more holistic approach towards security...."