Bruce Cowper, Part 2 - Interview Time Index (MM:SS) and Topic

:00:31:
Can you give some comments or tips on each of the following: Authentication, Phishing and counter-measures, Click-fraud, The human factor in security, Cryptography, Network security, Protocol design?

":00:43: Authentication:
...Authentication is one of the fundamental components that helps us understand, implement, and control security within the organization....The big tip there for organizations is to look at authentication from a much broader perspective than we do right now....
:02:55: Phishing and counter-measures:
....Because they are so complex and in many cases are hard to spot, very often what they are trying to do is essentially drive a behavior that people perhaps wouldn't do ordinarily....One of the challenges right now is that there is still a big lack of understanding about what is reasonable information to give up and what isn't....
07:51: Click-fraud:
....What I'm seeing with things like click fraud from an advertising perspective is, in many cases, we've come to expect things like online advertising as in-place attacks for using things like services or software that may be paid for by advertising revenue....
:10:07: The human factor in security:
....Helping people understand the impact of sharing information, internally or externally from an organization, can certainly be a big part of trying to deal with that side of it....
:14:33: Cryptography:
....We see a lot of organizations leveraging cryptography as part of their overall solution....
:18:27: Network security:
....We are trying to get people to take a more holistic approach to network security so what they are doing is understanding the layers that are being put in place....
:21:03: Protocol design:
....The big shift that we are seeing right now is towards far more protocols that include security within their design...."

 :24:20:
What are the most important current roadmap-level tips involving security?
"....(1) Make sure that security is built into everything that you are doing....(2) When you are starting to look at technology, think of them as business enablers. That is, don't let the technology dictate what can and can't be done in the business....(3) Security is never a point in time....(4) Don't jump on the security bandwagon....(5) Take a more holistic approach towards security...."