Publications
Book, Articles, Classes Taught, and Speaking Engagements, listed in
alphabetical order by title:
| Topic: |
Publication/Event: |
Date: |
Advice to Students of the School
of Technology Management |
Columbia University, Morningside Campus, |
December 2007 |
| Assurance and Monitoring of E-business: Technical Control Points |
Seminar sponsored by Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA) |
August 2000 |
| Audit & Control of Sybase and Oracle |
ISACA NY Metropolitan Chapter |
January 1997 |
| Best Practices for Securing and Controlling Offshore Vendors |
Securities Industry Association, Internal Audit Division, Annual Conference. |
October 2005 |
| CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability |
ISACA North Jersey Chapter |
April 2000 |
| CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability |
ISACA North Jersey Chapter |
April 1999 |
| CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability |
ISACA North Jersey Chapter |
April 1998 |
| Critical Infrastructure Protection Issues in the Financial Industry |
Global Conference on Systems and Enterprises, Stevens Institute of Technology |
December 2009 |
| Cyber Security for the Banking and Finance Sector |
Authored as chair of Financial Services Sector Coordinating Council R&D Committee, all of whom contributed, published in Wiley Handbook of Science and Technology for Homeland Security |
November 2008 |
| Data Centric Security |
Computer, Fraud and Security |
March 2009 |
| Data Classification, Security, and Privacy |
Securities Industry and Financial Markets Association, Internal Audit Division, Annual Conference |
October 2007 |
| Enterprise Security for the Executive: Setting the Tone at the Top |
book published by: Praeger Security International |
December 2009 |
| Enterprise Security for the Business Executive: Setting the Tone at the Top |
Carnegie Mellon Cylab Business Risks Forum Webinar |
September 2009 |
| Enterprise Information Security and Privacy |
Co-editor of book and author of chapter on Information Classification, an Artech House publication. |
March 2009 |
Financial Services Sector Coordinating Council Technology Initiatives |
Financial Services Technology Consortium, Annual Meeting |
October 2006 |
| Firewalls - Designing a Secure Environment |
Securities Industry Association, Internal Audit Division, Annual Conference |
October 2002 |
| From the CSO's Desk: CxOs must band together |
SC Magazine |
June 2009 |
| From the CSO's Desk: Recruiting assistance from the top |
SC Magazine |
December 2009 |
| The Homeland Security Front |
Securities Industry Association, Internal Audit Division, Annual Conference |
November 2006 |
| How to Survive an IS Audit |
Computer Security Institute Conference, Chicago, IL |
November 1998 |
| How to Write an Information Security Policy |
CSO Online |
June 2009 |
| Information Classification |
Seminar for ISACA NY Metro ChapterSeminar for ISACA NY Metro Chapter. |
January 2009 |
| Information Security Legislation* |
Strategic Research Institute, Identity Management in Financial Services Conference, Scottsdale, AZ |
May 2005 |
| Information Security Metrics: An Audit-based Approach |
Computer Systems Security and Privacy Advisory Board (CSSPAB) Security Metrics Workshop (Sponsored by NIST) |
June 2000 |
| Information System Audit Basics |
CSO Online |
May 2009 |
| Infrastructure Monitoring Challenges |
22nd Annual National Information Systems Security Conference* |
October 1999 |
| Internal Security Reviews |
Fourth Annual FDIC Technology Seminar |
September 2005 |
| Introducing Security at the Cradle |
SANS (System Admin, Audit, Network, Security Institute) Security and Audit Controls that Work Conference. |
April 2003 |
| IT Attestation Services: What You Need to Know |
Journal of Corporate Accounting and Finance. |
Sept/Oct 2007 |
| Measuring Security |
Information Security System Rating and Ranking, an Applied Computer Security Associates (ACSA)Workshop. |
May 2001 |
| Metrics for Due Diligence |
Best In Class Security and Operations Roundtable Conference, Carnegie Mellon Software Engineering Institute |
October 2003 |
Metrics for Risk Management versus �Metrics for Security Attribution |
Metricon |
July 2008 |
| Network Simulation System for Air Traffic Control Training
This, I co-authored for my boss at UFA and one of our clients.
It was published under my maiden name - Jennifer Lorber. |
Journal of Air Traffic Control |
Oct-Dec 1989 |
| Not on My Watch: How Executives Can Influence Secure Behavior |
Information Systems Audit and Control Association Journal International Conference, Los Angeles, CA |
July 2009 |
| Oracle Database Control Issues |
Vanguard Information Security Expo, Orlando, FL |
June 1997 |
| Prevention Is Better Than Cure |
Business Trends Quarterly |
September 2009 |
| Productive Intrusion Detection |
The Computer Security Journal, a Computer Security Institute publication. |
November 2002 |
| The Role of
IT Security |
Securities Industry Association, Internal Audit Division, Annual Conference. |
October 2003 |
| Sarbanes-Oxley for the IS Professional |
Securities Industry Association, Technology Management Conference. |
June 2004 |
| Securing Web Applications |
CSO Executive Series on Application Security, a CXO Media Event. |
January 2009 |
| Security Controls for a Client-Server Environment |
EDPACS (The EDP Audit, Control, and Security Newsletter)*
|
June 1996 |
| Security Controls for a Client-Server Environment |
ISACA North Jersey Chapter |
January 1996 |
| Security Hot Topics |
Price Waterhouse Information Systems Risk Management Internal Advanced Training, Tampa FL |
July 1996 |
| Security Metrics |
The Computer Security Journal, a Computer Security Institute publication. |
January 2001 |
| Security Review Alternatives |
Computer Security Journal, Volume XXI, Number 4, Fall 2005 |
November 2005 |
| Security Review Program Alternatives |
Computer Security Institute, NetSec Conference, Scottsdale, AZ |
June 2005 |
| Security Through a Time of Crisis |
Computer Security Institute Annual Conference, Washington, DC |
November 2008 |
| Security Through Process Management |
19th Annual National Information Systems Security Conference, Baltimore, MD* |
October 1996 |
| Several proprietary and
proprietary restricted AT&T Bell Laboratories publications. |
AT&T Internal Technical Information Services |
1990-1995 |
| SOX from the IT Practioner’s Point of View |
Securities Industry Association, Internal Audit Division, Annual Conference. |
October 2004 |
| Stepping Through the InfoSec Program |
Information Systems Audit and Control Association (ISACA) Information Security Manager Conference | November 2006 |
| Stepping Through the IS Audit |
Computer Security Institute 33rd Annual Conference |
November 2006 |
| Stepping Through the InfoSec Program |
book published by: Information Systems Audit and Control Association (ISACA).* |
November 2007 |
| Stepping Through the IS Audit, Second Edition |
book published by: Information Systems Audit and Control Association (ISACA).* |
December 2004 (1st Ed 1998) |
| Successful Audits in New Situations |
ISACA Journal* v.III |
May 1999 |
| Third Party Due Diligence |
SIFMA Technology Management Conference |
June 2008 |
| Utilising information security to improve resiliency |
Journal of Business Continuity & Emergency Planning |
October 2007 |
| Vendor Due Diligence |
Information Systems Audit and Control Association Journal, Volume 3 |
May 2009 |
| What is Resilience Panel Contribution |
Institute for Information Infrastructure Protection Workshop on What Businesses Need to Know About Harmonizing Resilience and Cyber Security |
November 2008 |
| Without Which None: Key Data Points for IT Governance Metrics |
ISACA IT Governance, Risk, and Compliance Conference |
October 2008 |
* an asterisk indicates a peer reviewed publication
[ Sort Publications by Date ]
[ Home ]