- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
 |
Michael Barrett, CISO of PayPal in San Jose; Joseph Moorcones, vice president for worldwide information security at Johnson & Johnson in New Brunswick, N.J.; and Lynn Mattice, vice president and CSO for Boston Scientific in Natick, Mass., are among the industry's most outstanding CISOs. Here these well-respected security executives offer their insights on New Data Center-style, next-generation security, as well as give tips for securing everything from budgets to WANs.
Who: Michael Barrett, CISO, PayPal
Career highlights: Before joining PayPal, an eBay company, Barrett was vice president of security and utility strategy at American Express. He perhaps is best known for his groundbreaking work on identity management. He was a driving force behind the creation of the open-standards Liberty Alliance, and served on the group's management board, including as president, during its early years. That role twice earned him a spot on Network World's annual list of the 50 most powerful people in the network industry.
Barrett's thoughts on:
• Microsoft's CardSpace identity management technology
"I have two views on CardSpace. The technology stacks that it is using are great, but I wish the whole standards issue - essentially, fighting about what we did with Liberty - hadn't occurred. Now the Liberty Alliance is working to bridge that protocol divide so we have only one family of protocols. But CardSpace is good work. It very clearly follows the Laws of Identity that Kim Cameron [identity and access architect at Microsoft] laid out in May 2005 . . . and Vista is shipping with CardSpace, which will help give it critical mass with consumers."
• Phishing and PayPal's response, an optional public-key infrastructure (PKI) token called Security Key
"PayPal's Security Key technology is powerful . . . but phishing is a complex crime. If we want to disrupt phishing, we need to get much better about digitally signing e-mails. E-mail from PayPal and eBay are digitally signed. As a consumer, you can differentiate between legitimate e-mail and fake, if you know how to do it. Let's use those signatures and work with ISPs to drop improperly signed e-mails."
But confusion about standards clearly has slowed adoption of e-mail signatures, he says: "It's important for PayPal and eBay to demonstrate technology leadership. We'll absolutely support multiple standards if that's what it takes to get the job done." (See "Identity management for all by 2008," for more information on PayPal's PKI program.)
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment