Publications - Jennifer L. Bayuk

Publications

Articles, Classes Taught, and Speaking Engagements, listed in alphabetical order by title: IEEE Security & Privacy Magazine*, Vol 9 Issue 2

Topic: Publication/Event: Date:

Advice to Students of the School of Technology Management Columbia University, Morningside Campus December 2007

Alternative Security Metrics Third International Conference on Information Technology: New Generations* (ITNG) April 2011

An Architectural Systems Engineering Methodology for Addressing Cyber Security Systems Engineering* Vol 14, Issue 3 (with Horowitz) Fall 2011

Assigning Probability to Cybersecurity Risk MetriconX, securitymetrics.org March 2019

Assurance and Monitoring of E-business: Technical Control Points Seminar sponsored by Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA) August 2000
Audit & Control of Sybase and Oracle ISACA NY Metropolitan Chapter January 1997

Best Practices for Securing and Controlling Offshore Vendors Securities Industry Association, Internal Audit Division, Annual Conference. October 2005

CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability ISACA North Jersey Chapter April 2000

CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability ISACA North Jersey Chapter April 1999

CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability ISACA North Jersey Chapter April 1998

Cloud Security Metrics IEEE Systems of Systems Engineering Conference* (SoSE2011) June 2011

Critical Infrastructure Protection Issues in the Financial Industry Global Conference on Systems and Enterprises, Stevens Institute of Technology December 2009

Cyber Safety in 2022 Solution Driven Wealth April 2022

Cyber Security for the Banking and Finance Sector Authored as chair of Financial Services Sector Coordinating Council R&D Committee, all of whom contributed, published in Wiley Handbook of Science and Technology for Homeland Security November 2008

Cybersecurity Framework Integration ISSA International, CISO Summit October 2019

Cybersecurity Metrics: What Good Looks Like ISSA-Chicago Chapter Meeting February 2022

Cyberforensics edited collection of articles with explanatory introduction published by Springer September 2010

Data Centric Security Computer, Fraud and Security March 2009

Data Classification, Security, and Privacy Securities Industry and Financial Markets Association, Internal Audit Division, Annual Conference October 2007

Enterprise Security for the Executive: Setting the Tone at the Top book published by: Praeger Security International December 2009

Enterprise Security for the Business Executive: Setting the Tone at the Top Carnegie Mellon Cylab Business Risks Forum Webinar September 2009

Enterprise Information Security and Privacy Co-editor of book and author of chapter on Information Classification, an Artech House publication. March 2009

Financial Services Sector Coordinating Council Technology Initiatives Financial Services Technology Consortium, Annual Meeting October 2006

Firewalls - Designing a Secure Environment Securities Industry Association, Internal Audit Division, Annual Conference October 2002

A Framework for Cybersecurity Risk Society of Information Risk Analysts, SIRACON 2019 May 2019

From the CSO's Desk: CxOs must band together SC Magazine June 2009

From the CSO's Desk: Recruiting assistance from the top SC Magazine December 2009

September 2021 History of Cybersecurity Mind the Sec, https://www.mindthesec.com.br/

September 2021 History of Cybersecurity Metrics Center for Education and Research in Information Assurance and Security at Purdue University (CERIAS)

History of Cybersecurity Metrics CyberGreen Cybersecurity Metrics Working Group June 2020

The Homeland Security Front Securities Industry Association, Internal Audit Division, Annual Conference November 2006

How to Survive an IS Audit Computer Security Institute Conference, Chicago, IL November 1998

How to Write an Information Security Policy CSO Online June 2009

Information Classification Seminar for ISACA NY Metro ChapterSeminar for ISACA NY Metro Chapter. January 2009

Information Security Legislation* Strategic Research Institute, Identity Management in Financial Services Conference, Scottsdale, AZ May 2005

Information Security Metrics: An Audit-based Approach Computer Systems Security and Privacy Advisory Board (CSSPAB) Security Metrics Workshop (Sponsored by NIST) June 2000

Information Security Metrics, Legal and Ethical Issues Book Chapter in: Readings and Cases in the Management of Information Security*, pp. 217-229 March 2011

Information System Audit Basics CSO Online May 2009

Infrastructure Monitoring Challenges 22nd Annual National Information Systems Security Conference* October 1999

Internal Security Reviews Fourth Annual FDIC Technology Seminar September 2005

Introducing Security at the Cradle SANS (System Admin, Audit, Network, Security Institute) Security and Audit Controls that Work Conference. April 2003

IT Attestation Services: What You Need to Know Journal of Corporate Accounting and Finance. Sept/Oct 2007

Measuring Cyber Security in Intelligent Urban Infrastructure Systems International IEEE Conference & Expo on Emerging Technologies for a Smarter World* (CEWIT) (with Mostashari) November 2011

Measuring Security Information Security System Rating and Ranking, an Applied Computer Security Associates (ACSA) Workshop. May 2001

Measuring System Security Doctoral Dissertation at Stevens Institute of Technology December 2011

Measuring System Security Software and Systems Process Improvement Network (www.nyspin.org) March 2012

Measuring System Security Systems Engineering* Vol 16, Issue 1 (with Mostashari) January 2013

Metrics for Due Diligence Best In Class Security and Operations Roundtable Conference, Carnegie Mellon Software Engineering Institute October 2003

Metrics for Risk Management versus Metrics for Security Attribution Metricon July 2008

Network Simulation System for Air Traffic Control Training This, I co-authored for my boss at UFA and one of our clients. It was published under my maiden name - Jennifer Lorber. Journal of Air Traffic Control Oct-Dec 1989

Not on My Watch: How Executives Can Influence Secure Behavior Information Systems Audit and Control Association Journal International Conference, Los Angeles, CA July 2009

Oracle Database Control Issues Vanguard Information Security Expo, Orlando, FL June 1997

Pairing Organizational Strategy with Security Solutions Oracle Database Control Issues CSO Executive Seminar, New York, NY June 2010

Prevention Is Better Than Cure Business Trends Quarterly September 2009

Productive Intrusion Detection The Computer Security Journal, a Computer Security Institute publication. November 2002

Risk/Control, Audit management - a great career path SECON, ISC2 & ISACA NJ Chapters June 2023

The Role of IT Security Securities Industry Association, Internal Audit Division, Annual Conference. October 2003

Sarbanes-Oxley for the IS Professional Securities Industry Association, Technology Management Conference. June 2004

Securing Web Applications CSO Executive Series on Application Security, a CXO Media Event. January 2009

Security as a Theoretical Attribute Construct Computers and Security* TBD 2013

Security Controls for a Client-Server Environment EDPACS (The EDP Audit, Control, and Security Newsletter)* June 1996

Security Controls for a Client-Server Environment ISACA North Jersey Chapter January 1996

Security Hot Topics Price Waterhouse Information Systems Risk Management Internal Advanced Training, Tampa FL July 1996

Security Metrics Financial Services Sector Coordinating Council, R&D Committee Meeting February 2013

Security Metrics University IT Audit Conference, Rutgers University, NJ June 2013

Security Metrics The Computer Security Journal, a Computer Security Institute publication. January 2001

Security Review Alternatives Computer Security Journal, Volume XXI, Number 4, Fall 2005 November 2005

Security Review Program Alternatives Computer Security Institute, NetSec Conference, Scottsdale, AZ June 2005

Security Systems Engineering High Confidence Systems and Software, Annapolis, MD May 2010

Security Through a Time of Crisis Computer Security Institute Annual Conference, Washington, DC November 2008

Security Through Process Management 19th Annual National Information Systems Security Conference, Baltimore, MD* October 1996

Security Verification & Validation Conference on Systems Engineering Technology* (CSER) (with Mostashari & Sauser) April 2011

Systems of Systems Issues in Security Engineering INCOSE Insight* July 2011

Security Via Related Disciplines Conference on Systems Engineering Technology* (CSER) (with Horowitz & Jones) March 2012

Several proprietary and proprietary restricted AT&T Bell Laboratories publications. AT&T Internal Technical Information Services 1990-1995

SOX from the IT Practitioner Point of View Securities Industry Association, Internal Audit Division, Annual Conference. October 2004

Stepping Through Cybersecurity Risk Management Center for Education and Research in Information Assurance and Security at Purdue University (CERIAS) February 2024

Stepping Through the InfoSec Program Information Systems Audit and Control Association (ISACA) Information Security Manager Conference* November 2006

Stepping Through the IS Audit Computer Security Institute 33rd Annual Conference November 2006

Stepping Through the InfoSec Program book published by: Information Systems Audit and Control Association (ISACA).* November 2007

Stepping Through the IS Audit, Second Edition book published by: Information Systems Audit and Control Association (ISACA).* December 2004 (1st Ed 1998)

Successful Audits in New Situations ISACA Journal* v.III May 1999

System-Level Security Canadian Bankers Association's CFI-CERT Professional Development Day March 2012

System Security Engineering March/April 2011

Technology's Role in Enterprise Risk Management ISACA Journal* Volume 2 March 2018

The Utility of Security Standards IEEE International Carnahan Conference on Security Technology* (ICCST) October 2010

The Professional Practice of Cybersecurity Risk Management FinCyberSec, Stevens Institute of Technology May 2018

Third Party Due Diligence SIFMA Technology Management Conference June 2008

Understanding Security Metrics to Drive Business and Security Results NJ CISO Executive Summit December 2012

Utilising information security to improve resiliency Journal of Business Continuity & Emergency Planning October 2007

Vendor Due Diligence Information Systems Audit and Control Association Journal*, Volume 3 May 2009

What is Resilience Panel Contribution Institute for Information Infrastructure Protection Workshop on What Businesses Need to Know About Harmonizing Resilience and Cyber Security November 2008

Without Which None: Key Data Points for IT Governance Metrics ISACA IT Governance, Risk, and Compliance Conference* October 2008

* an asterisk indicates a peer reviewed publication

Topic:	Publication/Event:	Date:
Advice to Students of the School of Technology Management	Columbia University, Morningside Campus	December 2007
Alternative Security Metrics	Third International Conference on Information Technology: New Generations* (ITNG)	April 2011
An Architectural Systems Engineering Methodology for Addressing Cyber Security	Systems Engineering* Vol 14, Issue 3 (with Horowitz)	Fall 2011
Assigning Probability to Cybersecurity Risk	MetriconX, securitymetrics.org	March 2019
Assurance and Monitoring of E-business: Technical Control Points	Seminar sponsored by Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA)	August 2000
Audit & Control of Sybase and Oracle	ISACA NY Metropolitan Chapter	January 1997
Best Practices for Securing and Controlling Offshore Vendors	Securities Industry Association, Internal Audit Division, Annual Conference.	October 2005
CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability	ISACA North Jersey Chapter	April 2000
CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability	ISACA North Jersey Chapter	April 1999
CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability	ISACA North Jersey Chapter	April 1998
Cloud Security Metrics	IEEE Systems of Systems Engineering Conference* (SoSE2011)	June 2011
Critical Infrastructure Protection Issues in the Financial Industry	Global Conference on Systems and Enterprises, Stevens Institute of Technology	December 2009
Cyber Safety in 2022	Solution Driven Wealth	April 2022
Cyber Security for the Banking and Finance Sector	Authored as chair of Financial Services Sector Coordinating Council R&D Committee, all of whom contributed, published in Wiley Handbook of Science and Technology for Homeland Security	November 2008
Cybersecurity Framework Integration	ISSA International, CISO Summit	October 2019
Cybersecurity Metrics: What Good Looks Like	ISSA-Chicago Chapter Meeting	February 2022
Cyberforensics	edited collection of articles with explanatory introduction published by Springer	September 2010
Data Centric Security	Computer, Fraud and Security	March 2009
Data Classification, Security, and Privacy	Securities Industry and Financial Markets Association, Internal Audit Division, Annual Conference	October 2007
Enterprise Security for the Executive: Setting the Tone at the Top	book published by: Praeger Security International	December 2009
Enterprise Security for the Business Executive: Setting the Tone at the Top	Carnegie Mellon Cylab Business Risks Forum Webinar	September 2009
Enterprise Information Security and Privacy	Co-editor of book and author of chapter on Information Classification, an Artech House publication.	March 2009
Financial Services Sector Coordinating Council Technology Initiatives	Financial Services Technology Consortium, Annual Meeting	October 2006
Firewalls - Designing a Secure Environment	Securities Industry Association, Internal Audit Division, Annual Conference	October 2002
A Framework for Cybersecurity Risk	Society of Information Risk Analysts, SIRACON 2019	May 2019
From the CSO's Desk: CxOs must band together	SC Magazine	June 2009
From the CSO's Desk: Recruiting assistance from the top	SC Magazine	December 2009
September 2021	History of Cybersecurity	Mind the Sec, https://www.mindthesec.com.br/
September 2021	History of Cybersecurity Metrics	Center for Education and Research in Information Assurance and Security at Purdue University (CERIAS)
History of Cybersecurity Metrics	CyberGreen Cybersecurity Metrics Working Group	June 2020
The Homeland Security Front	Securities Industry Association, Internal Audit Division, Annual Conference	November 2006
How to Survive an IS Audit	Computer Security Institute Conference, Chicago, IL	November 1998
How to Write an Information Security Policy	CSO Online	June 2009
Information Classification	Seminar for ISACA NY Metro ChapterSeminar for ISACA NY Metro Chapter.	January 2009
Information Security Legislation*	Strategic Research Institute, Identity Management in Financial Services Conference, Scottsdale, AZ	May 2005
Information Security Metrics: An Audit-based Approach	Computer Systems Security and Privacy Advisory Board (CSSPAB) Security Metrics Workshop (Sponsored by NIST)	June 2000
Information Security Metrics, Legal and Ethical Issues	Book Chapter in: Readings and Cases in the Management of Information Security*, pp. 217-229	March 2011
Information System Audit Basics	CSO Online	May 2009
Infrastructure Monitoring Challenges	22nd Annual National Information Systems Security Conference*	October 1999
Internal Security Reviews	Fourth Annual FDIC Technology Seminar	September 2005
Introducing Security at the Cradle	SANS (System Admin, Audit, Network, Security Institute) Security and Audit Controls that Work Conference.	April 2003
IT Attestation Services: What You Need to Know	Journal of Corporate Accounting and Finance.	Sept/Oct 2007
Measuring Cyber Security in Intelligent Urban Infrastructure Systems	International IEEE Conference & Expo on Emerging Technologies for a Smarter World* (CEWIT) (with Mostashari)	November 2011
Measuring Security	Information Security System Rating and Ranking, an Applied Computer Security Associates (ACSA) Workshop.	May 2001
Measuring System Security	Doctoral Dissertation at Stevens Institute of Technology	December 2011
Measuring System Security	Software and Systems Process Improvement Network (www.nyspin.org)	March 2012
Measuring System Security	Systems Engineering* Vol 16, Issue 1 (with Mostashari)	January 2013
Metrics for Due Diligence	Best In Class Security and Operations Roundtable Conference, Carnegie Mellon Software Engineering Institute	October 2003
Metrics for Risk Management versus Metrics for Security Attribution	Metricon	July 2008
Network Simulation System for Air Traffic Control Training This, I co-authored for my boss at UFA and one of our clients. It was published under my maiden name - Jennifer Lorber.	Journal of Air Traffic Control	Oct-Dec 1989
Not on My Watch: How Executives Can Influence Secure Behavior	Information Systems Audit and Control Association Journal International Conference, Los Angeles, CA	July 2009
Oracle Database Control Issues	Vanguard Information Security Expo, Orlando, FL	June 1997
Pairing Organizational Strategy with Security Solutions Oracle Database Control Issues	CSO Executive Seminar, New York, NY	June 2010
Prevention Is Better Than Cure	Business Trends Quarterly	September 2009
Productive Intrusion Detection	The Computer Security Journal, a Computer Security Institute publication.	November 2002
Risk/Control, Audit management - a great career path	SECON, ISC2 & ISACA NJ Chapters	June 2023
The Role of IT Security	Securities Industry Association, Internal Audit Division, Annual Conference.	October 2003
Sarbanes-Oxley for the IS Professional	Securities Industry Association, Technology Management Conference.	June 2004
Securing Web Applications	CSO Executive Series on Application Security, a CXO Media Event.	January 2009
Security as a Theoretical Attribute Construct	Computers and Security*	TBD 2013
Security Controls for a Client-Server Environment	EDPACS (The EDP Audit, Control, and Security Newsletter)*	June 1996
Security Controls for a Client-Server Environment	ISACA North Jersey Chapter	January 1996
Security Hot Topics	Price Waterhouse Information Systems Risk Management Internal Advanced Training, Tampa FL	July 1996
Security Metrics	Financial Services Sector Coordinating Council, R&D Committee Meeting	February 2013
Security Metrics	University IT Audit Conference, Rutgers University, NJ	June 2013
Security Metrics	The Computer Security Journal, a Computer Security Institute publication.	January 2001
Security Review Alternatives	Computer Security Journal, Volume XXI, Number 4, Fall 2005	November 2005
Security Review Program Alternatives	Computer Security Institute, NetSec Conference, Scottsdale, AZ	June 2005
Security Systems Engineering	High Confidence Systems and Software, Annapolis, MD	May 2010
Security Through a Time of Crisis	Computer Security Institute Annual Conference, Washington, DC	November 2008
Security Through Process Management	19th Annual National Information Systems Security Conference, Baltimore, MD*	October 1996
Security Verification & Validation	Conference on Systems Engineering Technology* (CSER) (with Mostashari & Sauser)	April 2011
Systems of Systems Issues in Security Engineering	INCOSE Insight*	July 2011
Security Via Related Disciplines	Conference on Systems Engineering Technology* (CSER) (with Horowitz & Jones)	March 2012
Several proprietary and proprietary restricted AT&T Bell Laboratories publications.	AT&T Internal Technical Information Services	1990-1995
SOX from the IT Practitioner Point of View	Securities Industry Association, Internal Audit Division, Annual Conference.	October 2004
Stepping Through Cybersecurity Risk Management	Center for Education and Research in Information Assurance and Security at Purdue University (CERIAS)	February 2024
Stepping Through the InfoSec Program	Information Systems Audit and Control Association (ISACA) Information Security Manager Conference*	November 2006
Stepping Through the IS Audit	Computer Security Institute 33rd Annual Conference	November 2006
Stepping Through the InfoSec Program	book published by: Information Systems Audit and Control Association (ISACA).*	November 2007
Stepping Through the IS Audit, Second Edition	book published by: Information Systems Audit and Control Association (ISACA).*	December 2004 (1st Ed 1998)
Successful Audits in New Situations	ISACA Journal* v.III	May 1999
System-Level Security	Canadian Bankers Association's CFI-CERT Professional Development Day	March 2012
System Security Engineering	March/April 2011
Technology's Role in Enterprise Risk Management	ISACA Journal* Volume 2	March 2018
The Utility of Security Standards	IEEE International Carnahan Conference on Security Technology* (ICCST)	October 2010
The Professional Practice of Cybersecurity Risk Management	FinCyberSec, Stevens Institute of Technology	May 2018
Third Party Due Diligence	SIFMA Technology Management Conference	June 2008
Understanding Security Metrics to Drive Business and Security Results	NJ CISO Executive Summit	December 2012
Utilising information security to improve resiliency	Journal of Business Continuity & Emergency Planning	October 2007
Vendor Due Diligence	Information Systems Audit and Control Association Journal*, Volume 3	May 2009
What is Resilience Panel Contribution	Institute for Information Infrastructure Protection Workshop on What Businesses Need to Know About Harmonizing Resilience and Cyber Security	November 2008
Without Which None: Key Data Points for IT Governance Metrics	ISACA IT Governance, Risk, and Compliance Conference*	October 2008

[ Sort Publications by Date ]
[ Home ]