Author.
This book provides a framework for comprehending the professional practice of cybersecurity. It defines cybersecurity threats, events, risks, controls, assessments, issues, and metrics. It explains industry standard techniques for examining cybersecurity threat actors, cybersecurity attacks in the context of cybersecurity-related events, technology controls, cybersecurity measures and metrics, cybersecurity issue tracking and analysis, risk assessment and risk remediation. These concepts are introduces in the context of building blocks for logic with respect to cybersecurity decision support.
Coauthor.
This book explores a range of cybersecurity topics impacting financial enterprises. This includes the threat and vulnerability landscape confronting the financial sector, risk assessment practices and methodologies, and cybersecurity data analytics. Governance perspectives, including executive and board considerations, are analyzed as are the appropriate control measures and executive risk reporting.
Lead of five authors.
This book is a taxonomy and thesaurus of current cybersecurity policy issues, including a thorough description of each issue and a corresponding list of pros and cons with respect to identified stances on each issue. It documents policy alternatives for the sake of clarity with respect to policy alone, and dives into organizational implementation issues. Without using technical jargon, the book emphasizes the importance of critical and analytical thinking when making policy decisions. It also equips the reader with descriptions of the impact of specific policy choices, both positive and negative.
PhD Thesis in System Security Metrics.
System security metrics have evolved side by side with the advent of cyber security tools and techniques. They have been derived from the techniques rather than specified as system requirements. This dissertation surveys the evolution and state of the practice of system security metrics from both a technical and historical perspective. The survey leads to the conclusion that currently accepted methodology for measuring system security has no empirical basis. This research provides new criterion with which to evaluate security metrics, and proposes a new methodology for security theory attribute construction (STAC). The STAC framework has been applied to case studies in Cloud Computing and Mobile Communications. Specific research in a variety of system security topics is recommended to reinforce these results, and provide theoretical foundation for more effective tools and techniques for systems security engineering.
Editor of book and author of introductory chapter.
Through real-life case studies the chapters introduce the reader to the field of cybersecurity, starting with corporate investigation, and progressing to analyze the issues in more detail. Taking us from accounting cyberforensics to unraveling the complexities of malware, the contributors explain the tools and techniques they use in a manner that allows us to map their methodology into a more generic understanding of what a cybersecurity investigation really is. Above all, Cyberforensics shows that there is a cohesive set of concepts that binds cybersecurity investigators to a shared vision. These core ideas are now gaining importance as a body of knowledge that cyberforensics professionals agree should be a prerequisite to the professional practice of information security.
Author.
This book describes the state of today's cyber security management practices and provides a recommended approach for any executive who is motivated to create and support an information security function.
The approach is requirements-driven and illustrated through a series of true security horror stories.
It emphasizes executive tone at the top and consensus on strategy to drive change across the enterprise.
Co-editor of book and author of chapter on Information Classification.
This is a collection of articles on Information Security and Privacy issues relevant to large enterprises.
Author.
This is a textbook designed to provide Information Security Managers and other IT Professionals an introduction to the profession and how Information Security is accomplished within organizations.
Author.
This book is targeted at Information Systems Professionals undergoing an IT Audit. It describes what to expect and how to prepare for the experience.
First Edition was published in 1998.
Also see my Amazon Author page
here.
Home