March 2014 Newsletter - Answer Key 

Refer to the answer key below for points (1 point per question answered correctly):






















How did you do?

0-1   Security FAIL

3-5 You are a hacker’s delight

6-8 You are a formidable defender

9-10 You live and breathe IT security best practices


BC Privacy & Security Awareness Day Reception - Feb 5th, 2014

Date:  Wednesday, February 5, 2014
Time: 4:00 p.m. to 6:30 p.m.
Location: Victoria Conference Centre, 720 Douglas Street, Victoria

ISACA Vancouver is spearheading a collaborative effort to promote privacy and security awareness in the Province of BC. To that end, Feb 6th, 2014 has been designated as BC Privacy & Security Awareness Day with a reception being held on the afternoon of Feb 5th to rally around this inaugural event!

To register to attend the reception, please email your name, contact number and email address to bcpsad@ISACA-vancouver.org.

Refer to the BCPSAD page for full details.

The BC Privacy & Security Awareness Day Panel
The primary purpose for this panel discussion will be to provide the media with material they can use to inform the public with regard to the privacy and security challenges each of us face as the lines are blurred between the personal and public realm and our world becomes increasingly entangled with the digital realm.

The British Columbia Privacy & Security Awareness Day Panel will be comprised of the following participants who will also make themselves available for media scrums from 2-4pm at the Victoria Conference Centre on Feb 5th.

Michael Argast, Director of TELUS Security Solutions Western Canada

Michael is the Director of TELUS Security Solutions practice for Western Canada, joining in May 2011. As Western Canada’s largest security organization, TELUS’ fast growing security team provides wide ranging solutions from governance, risk and compliance consulting, PCI auditing, security technology acquisition and implementation, managed security services and security outsourcing.

Previously, as Director, Global Sales Engineering at Sophos, Michael led a highly knowledgeable, global team responsible for advising customers on their security and control implementations, practices and policies. Some of Sophos’ largest customers - ranging from Fortune 500 companies in the financial services, healthcare and telecom sectors, to large government and higher education organizations – relied on Michael’s counsel, and then grounded their implementation plans on his recommendations.

A lengthy list of media outlets have sourced him as a security expert including: The Wall Street Journal, The Associated Press, USA Today, New York Times, Business Week, Forbes, The Washington Post, The San Francisco Chronicle and CBC News. He speaks publicly on security topics regularly, from lectures at Oxford University to Infosecurity in Moscow, partner conventions in Phuket, Thailand and MBA students at Simon Fraser University.


Panelist 1: Social Media + Cyberbullying: How can I possibly protect my personally identifiable information?
Jesse Miller, Mediated Reality

Jesse Miller is an international speaker and recognized authority in the fields of social media awareness and digital citizenship. He has addressed hundreds of thousands of participants across the world presenting and consulting to schools and companies primarily in Canada since 2007 when he began touring with his projects featured today at Mediated Reality.

He is in high demand as a keynote speaker on the topics of social media awareness, online behavior evaluation and the numerous issues that face youth and families online.

As a noted authority, he is featured regularly on television and radio broadcasts and published in a number of articles and documentaries about trends in social media.

Jesse is a trusted resource to numerous school districts in British Columbia who he partners with to develop digital citizenship curriculum and as a partner with the Ministry of Education Safe Schools program, he is regularly involved in some of the high profile events we see occur with youth in our province.

A father & a husband, he and his family are actively engaged in their North Vancouver community dividing time between work and play.

Panel Topic:
Privacy awareness as it applies to social media has become so much more than a user settings protocol or private account comfort blanket. Privacy awareness on social media requires the user to become aware of their network, to mitigate risks by sharing minimal content openly, learning about the platforms they use and how those platforms use provided information.

The importance for British Columbians as it applies to personal privacy online today, is to learn how far their message can be shared online, who's using the content shared (and for what purpose) and to begin to recognize that the value of personal and private information online is just as significant to others who might exploit the content as it is to the user who has yet to have a social media incident or moment where they have felt violated.

The importance for adult users is to recognize the value of the content we are sharing online, especially if that content involves our children.


Panelist 2: Financial Crimes – How bad is it and what can anyone do?
Pierre McConnell
International Association of Financial Crimes Investigators (Western Canada Pacific, IAFCI) President & Senior Investigator with the Financial Crimes & Fraud Management Group, TD Bank Pacific Region

Pierre joined the RCMP in 1979 and his policing & criminal investigative career spanning 24 years involved matters ranging from special projects (Surveillance/Tactical Team) to serious crimes (robbery-homicide-arson) & economic crimes (Federal Units), in the Metro Vancouver region. Pierre then joined the TD Bank Group Global Security & Investigations team in 2003. His day-to-day work at TD involves the investigation of internal/external criminal compromises to the bank and its customers as well as supporting internal departments such a Customer CARES, Human Resources, Compliance, Regulatory Bodies and Law Enforcement. His post-secondary education includes a Bachelor of Arts at SFU & a Master of Science Degree in Business & Justice studies majoring in Economic Crime Management from the Economic Crime Institute, New York. He is also an accredited member of the Association of Certified Fraud Examiners (CFE) & currently serves as President of the Western Pacific Chapter of the International Association of Financial Crimes Investigators (IAFCI).

Panel Topic:
In my role as Financial Crimes investigator, I have seen first-hand the abhorrent damage & devastation caused to so many victims who have suffered, and continue to suffer at the hands of crafty criminals. In my fast approaching 35 years in the field, the loss size & number of victims has never been so great due largely to offenders’ fast, easy and anonymous access to un-protected cyber space. The current electronic threat cannot be fought alone; individual & corporate privacy & security awareness of such threats is the cornerstone to any ground breaking successes against social engineers who prey on victims.


Panelist 3: Securing our Critical Infrastructure – Protecting Society, what’s my role?
Jim Attridge, Manager, Cybersecurity BC Hydro and Power Authority
Jim Attridge is currently responsible and accountable for cyber security at BC Hydro, where he oversees and delivers BC Hydro’s cyber security program.

Previously, Jim was the CISO for the Vancouver Organizing Committee for the 2010 Olympic Winter Games. He established and led a team of world-class IT security professionals through the planning and operational phases of the Games. Attridge delivered an Olympic Games free of major IT security incidents, all within an operating budget under $10M.

With HSBC from 2001 — 2007, Attridge pioneered the bank’s global web application security program that brought together proper security design, risk assessment, developer training and a vulnerability assessment methodology.

Panel Topic:

The defense of mission-critical infrastructure like British Columbia’s power grid is key to maintaining our quality and life and keeping the economic engine of the province running for all British Columbians. Mr. Attridge will highlight the importance for employees of all organizations to be on guard and ever vigilant in an age when the lines between home and work have become so blurred. 

Panelist 4: Privacy Law & Balancing Privacy & Security Concerns
Sharon Polsky, President Privacy & Access Council of Canada

Sharon Polsky is President of the Privacy and Access Council of Canada and a Privacy by Design Ambassador with more than 30 years’ experience advising corporations, governments and organizations about data protection and information risk management. She is frequently consulted about the privacy implications and unintended consequences of emerging laws, technologies and global trends.

Sharon’s deep understanding of complex data governance issues is evident in her submissions before the Canadian Senate Standing Committee on Legal and Constitutional Affairs, Legislative committees, and Canada’s Information and Privacy Commissioners addressing impacts of proposed legislation. Her insights are frequently sought by media including CTV, iPolitics, CBC Radio, Montreal Gazette, Edmonton Journal, Canada.com, Calgary Sun, Blacklock’s Reporter, Corus Entertainment, and professional journals including Canadian HR Reporter.

Sharon holds Canada’s most senior professional privacy designation, Master Access and Privacy Professional (MAPP). She is a Board Member of the Rocky Mountain Civil Liberties Association; a member of the Health Information Management Program Advisory Committee, and a member of the National Privacy & Access Certification and Accreditation Advisory Board. She previously served as an Executive Member of the Canadian Bar Association Alberta Privacy and Access Law Section (2010-2012) and the National Advisory Committee for the University of Alberta IAPP Program.

Panel Topic:
Traditional information risk management strategies typically approach security and privacy as separate and distinct domains. Organizations are realizing that they are integrally interconnected and interdependent. Indeed, security and privacy can only be fully effective when they are in proper balance.

Sharon will explore the ways in which data protection and privacy intersect through emerging laws, technologies and global trends.


Panelist 5: How do young people feel about privacy?
Naima Salemohamed, UVIC Student

Naima is a fourth year Health Information Science student in the Co-op program at  the University of Victoria (UVic).  She is passionate about technology and wants to apply her skills in an environment where she can learn, innovate and create new systems and processes that improve lives. Through the Co-op program at UVic, Naima worked as part of the decision support team at Vancouver Coastal Health (VCH), where she had the opportunity to do data extraction and analysis. Additionally, Naima worked for Deloitte , as a Business Analyst for the Strategy and Operations group focusing on the major Health Information Access Layer Project, in the province of Ontario.

In 2013, Naima received the  Jamie Cassels Undergraduate Research Award, and decided to pursue research in Standards regarding International Collaboration of Privacy and Security of Data.   Naima is piloting the new Privacy Access Student Council at UVic to help engage more students on privacy issues and help them understand their rights and responsibilities.  Her future career plans include pursuing a graduate degree in Health Policy and Management.

Panel Topic:
Youth today understand how to set up and control their privacy, but do not understand the ramifications and potential implications of not controlling one’s privacy. They need to understand and see examples of privacy intrusion and how it can have a direct impact on them and society at large.


Panelist 6: Mobile Security
Carlos Gil, Director of Security Architecture and Security Compliance of TELUS Communications Inc.

Carlos is the Director of Security Architecture and Security Compliance at TELUS Communications Inc.  He has 15 years of extensive experience in information security in the IT industry, starting out as a Unix systems administrator in 2000 and working in a number of different IT and IT management roles at TELUS over the last decade.

Carlos has been an integral member of the TELUS team responsible for architecting, managing and deploying a mobility fleet to support more than 30,000 TELUS employees across Canada.

Outside of work, Carlos lives in Vancouver with his wife and son, loves fishing, hiking, and traveling. 

Panel Topic:
As one of Canada’s three major wireless service providers, TELUS has a unique perspective when it comes to the proliferation of wireless devices both from a customer and service provider perspective.
In recent years, TELUS has embraced a flexible work styles strategy which would never have been possible without a highly efficient mobile workforce. As many other organizations seek to gain efficiencies and remain competitive by extending their reach over wireless networks, there are many issues around privacy and security that must be considered. An empowered and efficient work force that enjoys work/life balance is one thing, but delivering unfettered wireless access in a way that protects the company and its employees data from both a privacy and security perspective is another.
Carlos will highlight some of the implications for both businesses and employees as society seeks to embrace mobile technologies both at home and at work.


Special Rate for 15th Annual Privacy & Security Conference: 15% Discount for ISACA Members

Attention ISACA Members! A special rate has been negotiated for ISACA delegates to attend the 15th Annual Privacy & Security Conference from Feb 5-7 in Victoria, BC. Use the following code (Promo Code: is "save15") when Registering and receive a 15% discount vs. regular conference rates. With ISACA’s involvement this year in establishing the 1st Annual BC Privacy & Security Day, you won’t want to miss this one.*
Take advantage of this offer, another benefit of ISACA membership, and join the privacy and security communities, along with your fellow ISACA members, to educate yourself and engage in important discussions relating to the privacy and security of our employers, customers, governments and of course for all of us as individual citizens. Not an ISACA member yet? Become one! Click Here 
*Cannot be combined with any other offer.


January 2014 Newsletter - Answer Key