Alumni Lecture: Orvin Lau - Why is Information Technology Insecure and What Can We Do

Date

March 20, 2012 6:00 PM –8:00 PM

Speaker: Orvin Lau, Orvin Consulting Inc.

Title: Why is information technology insecure, and what can we do?

Date: Tues., March 20, 2012

Time: Networking starts at 6 pm, lecture starts at 6:30 pm

Location: Rm X836, X-wing, ICICSCS Bldg., 2366 Main Mall (please enter X-wing via the corner of Agronomy Rd. and Engineering Rd.)

RSVP: mng@cs.ubc.ca

Abstract:

Information technology has become a great enabler for all people, whether they have good intentions or not. And those with malice on their minds have featured regularly in the news lately. Companies like Sony, RSA and TJX were broken into, resulting in large financial losses. Hacktivists deface or take down web sites to further their cause. Why is there a growing number of security breaches, and what can we do about it?

In this lecture, we will look at some of the common security problems with information technology. We will first examine some of the technical issues, from the design of software to mistakes that programmers make. Then we will explore the human element, from management issues to a lack of user awareness. Lastly, we will discuss ideas on how the computer science community can help, so that society can continue to benefit from information technology while mitigating the harm caused by people with malicious intent.

Speaker Bio:

Orvin Lau is an independent information security consultant, with over 15 years of experience in information technology. Orvin has worked with various industry sectors such as credit unions, oil and gas, transportation, brokerage firms, provincial agencies, and health care, in both British Columbia and Alberta. For his consulting services, Orvin focuses on security governance and management, threat risk assessments, policy development, compliance and user awareness training.

Orvin holds a B.Sc. in Computer Science, and a M.Sc. in Advanced Technology Management, both from UBC. For industry certifications, Orvin is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and also a qualified ISO 27001:2005 ISMS (Information Security Management System) consultant.