Greg Rattray's Publications

Books

• Strategic Warfare in Cyberspace, MIT Press, April 2001

• Arms Control for the 21st Century. Co-editor, Lynne Rienner Publishers, February 1996

Articles and Chapters

• "An Environmental Approach to Understanding Cyberpower" in Cyberpower and National Security, National Defense University Press and Potomac Books, Inc.

Jennifer Bayuk's Publications

Books

• Enterprise Information Security and Privacy, an Artech House publication, March 2009.

• Stepping Through the InfoSec Program, an Information Systems Audit and Control Association (ISACA) publication, November 2007.

• Stepping Through the IS Audit, Second Edition, an Information Systems Audit and Control Association (ISACA) publication, December 2004. (first edition published in 1998)

Articles and Speaking Engagements

• November 2008 Security Through a Time of Crisis, Computer Security Institute Annual Conference.
• October 2008 Key Data Points for IT Governance Metrics, ISACA IT GRC Conference.
• July 2008 Metrics for Risk Management versus Security Attribution, Metricon Conference.
• June 2008 Third Party Due Diligence, Securities Industry and Financial Markets Association (SIFMA) Technology Management Conference.
• October 2007 "Utilising information security to improve resiliency,” Journal of Business Continuity & Emergency Planning.
• October 2007 Data Classification, Security and Privacy, Securities Industry and Financial Markets Association, Internal Audit Division, Annual Conference.
• Sept/Oct 2007 "IT Attestation Services: What You Need to Know," Journal of Corporate Accounting and Finance.
• June 2007 CISM Review Manual, Chapter 5: Information Security Program Management, Information Systems Audit and Control Association.
• November 2006 Stepping Through the InfoSec Program, Information Systems Audit and Control Association Information Security Manager Conference.
• November 2006 Stepping Through the IS Audit. Computer Security Institute 33rd Annual Conference.
• October 2006 The Homeland Security Front, Securities Industry Association, Internal Audit Division, Annual Conference.
• October 2006 Financial Services Sector Coordinating Council Technology Initiatives, Financial Services Technology Consortium, Annual Meeting.
• November 2005 Security Review Alternatives. The Computer Security Journal, Fall 2005, a Computer Security Institute publication.
• October 2005 Best Practices for Securing and Controlling Offshore Vendors, Securities Industry Association, Internal Audit Division, Annual Conference.
• September 2005 Internal Security Reviews, Fourth Annual FDIC Technology Seminar.
• June 2005 Security Review Program Alternatives, Computer Security Institute Conference.
• October 2004 SOX from the IT Practioner’s Point of View, Securities Industry Association, Internal Audit Division, Annual Conference.
• June 2004 Sarbanes-Oxley for the IS Professional, Securities Industry Association, Technology Management Conference.
• October 2003 The Role of IT Security, Securities Industry Association, Internal Audit Division, Annual Conference.
• October 2003 Metrics for Due Diligence, Best In Class Security and Operations Roundtable Conference, Carnegie Mellon Software Engineering Institute.
• May 2003 Security Forum 2003, The Secure Enterprise, Wireless LAN Panel, Technology Managers Forum.
• April 2003 Introducing Security at the Cradle, SANS (System Admin, Audit, Network, Security Institute) Security and Audit Controls that Work Conference.
• October 2002 Firewalls, Designing a Secure Environment, Securities Industry Association, Internal Audit Division, Annual Conference.
• Summer/Fall 2002 Productive Intrusion Detection, The Computer Security Journal Vol XVIII, No 3-4, a Computer Security Institute publication.
• May 2001 Security Forum 2001, Information Risk Management, Risk Management and Security Metrics Panel, Technology Managers Forum.
• May 2001 Measuring Security, Information Security System Rating and Ranking, an Applied Computer Security Associates (ACSA)Workshop.
• January 2001 Security Metrics, The Computer Security Journal, Vol XVII, No 1, a CSI publication.
• August 2000 Assurance and Monitoring of E-business: Technical Control Points, Seminar sponsored by Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA).
• June 2000 Security Metrics: An Audit-based Approach, Computer Systems Security and Privacy Advisory Board (CSSPAB) Security Metrics Workshop (Sponsored by NIST, the National Institute of Standards and Technology).
• April 2000 CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability, ISACA North Jersey Chapter (Also taught in April 1998 and April 1999).
• October 1999 Infrastructure Monitoring Challenges, 22nd Annual National Information Systems Security Conference.
• May 1999 Successful Audits in New Situations, ISACA Control Journal, (v.III).
• November 1998 How to Survive an IS Audit, Computer Security Institute Conference, Chicago, IL.
• June 1997 Oracle Database Control Issues, Vanguard Information Security Expo, Orlando, FL.
• January 1997 Audit & Control of Sybase and Oracle, ISACA NY Metropolitan Chapter.
• January 1996 Security Controls for a Client-Server Environment, ISACA North Jersey Chapter.
• July 1996 Security Hot Topics, Price Waterhouse Information Systems Risk Management Internal Advanced Training, Tampa FL.
• October 1996 Security Through Process Management, 19th Annual National Information Systems Security Conference, Baltimore, MD.
• June 1996 Security Controls for a Client-Server Environment, The EDP Audit, Control, and Security Newsletter (EDPACS).
• 1990-1995 Several proprietary restricted AT&T Bell Laboratories publications.
• Oct-Dec 1989 Network Simulation System for Air Traffic Control Training, Journal of Air Traffic Control.

Warren Axelrod's Publications

Books

• Enterprise Information Security and Privacy

• Outsourcing Information Security, Artech House Publishers, London, 2004.

• Computer Productivity: A Planning Guide for Cost Effective Management, John Wiley, New York, 1982.
• Computer Effectiveness: Bridging the Management/Technology Gap, Information Resources Press, Washington, DC, 1979.

Book Chapters and Contributions

• Contributed to chapter on "Cyber Security for the Banking and Finance Sector" in the Wiley Handbook of Science and Technology for Homeland Security, Volume 5 edited by John G. Voeller, John Wiley & Sons, Forthcoming.
• "Responsibilities and Liabilities with Respect to Catastrophes" in the Handbook of Research on Social and Organizational Liabilities in Information Security edited by Manish Gupta and Raj Sharman, IGI Global, November 2008.
• Contributed to The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask, American National Standards Institute and Internet Security Alliance, October 2008.
• "An Adaptive Threat-Vulnerability Model and the Economics of Protection" in Social and Human Elements of Information Security: Emerging Trends and Countermeasures edited by Manish Gupta and Raj Sharman, IGI Global, September 2008.
• "Analyzing Risks to Determine a New Return on Security Investment: Optimizing Security in an Escalating Threat Environment" in Managing Information Assurance in Financial Services edited by H.R Rao, Manish Gupta and Shambhu Upadhyaya, IGI Global, June 2007.
• "Systems and Communications Security during Recovery and Repair" Appendix F in Hospital Preparation for Bioterror: A Medical and Biomedical Systems Approach edited by Joseph H. McIsaacs III, Academic Press, 2006.
• Contributed section on "The Urgent Need for Action" in the Banking and Finance Sector National Plan for Infrastructure Assurance, Version II, 2001.
• "Systems and Communications Security during Recovery and Repair," Chapter 19 in Business Continuity Planning: Protecting Your Organization’s Life edited by Ken Doughty, Auerbach Best Practices Series, 2000.
• "Minimizing the Security Risks of New Fixed Income Technologies" in The Handbook of Fixed Income Technology: Management Issues for Today and Tomorrow edited by Joseph Rosen and Russell D. Glisker, The Summit Group Press, 1999.
• "Reverting to Centralized Data Center Management," "The Basics of Computer System and Data Network Security," and "Data Processing and Communications Security During Recovery and Repair" in Enterprise Operations Management Handbook, Second Edition, edited by Steven R. Blanding, CRC Press, 1999.
• "Training and Hiring Systems Staff" in Section X: Leveraging Staff Resources in Handbook of Systems Development edited by Paul C. Tinnirello, CRC Press, 1999.
• "Reverting to Centralized Data Center Management" in Section 3: IT Infrastructure in Handbook of IS Management edited by Robert E. Umbaugh, CRC Press, 1999.
• "Financial Evaluation of Transition Technologies” Chapter 5 in Handbook of Investment Technology edited by Kevin Merz and Joseph Rosen, Irwin Professional Publishing (Chicago), 1996.
• "Security During Recovery and Repair” in Handbook of IS Management 1992-93 Yearbook edited by Robert E. Umbaugh, Auerbach Publications (Boston), 1992.
• "Dynamic Planning and Control of the Net Value of Data Processing” in The Economics of Information Processing, Volume 2: Operations, Programming and Software Models edited by Robert Goldberg and Harold Lorin, John Wiley & Sons (New York), 1982.
• "Swapping Response Time for Less Switch Capacity” in Part 2: Data Link Performance in Practical Applications of Data Communications, A User’s Guide edited by Harry R. Karp, McGraw-Hill (New York), 1980.
• "Resource Management and Scheduling,” Chapter 9 in Advances in Data Processing Management, Volume 1 edited by T.A. Rullo, Heyden & Son (Philadelphia), 1980.

Published Articles: Risk, Security, Privacy and Critical Infrastructure

• "Cybersecurity Risks of the Financial Infrastructure,” Risk Professional (October 2009).
• "Investing in Software Resiliency,” STSC CrossTalk: The Journal of Defense Software Engineering (September/October 2009).
• "Business and Regulatory Challenges in Software Security Assurance,” in the "Innovative Problem-Solving Through Collaboration” issue of FSTC Innovator (June 2009).
• "Evolution and Scope of Software Security Assurance,” in the "Software Assurance: A Step Towards Achieving Cyber Security” issue of FSTC Innovator (January 2009).
• "Accounting for Value and Uncertainty in Security Metrics,” ISACA Information Systems Control Journal (November 2008).
• "Book Review: Stepping Through the Infosec Program, by J.L. Bayuk,” ISACA Information Systems Control Journal (May 2008).
• "Achieving Privacy through Security Measures,” Feature Article, ISACA Information Systems Control Journal (March 2007).
• "The Dynamics of Privacy Risk,” Feature Article, ISACA Information Systems Control Journal (January 2007).
• "Does FOSS Pay? Weighing the Security Risks and Benefits of Open Source Software,” Feature Article, ISSA Journal (July 2006).
• "Cybersecurity and the Critical Infrastructure: Looking Beyond the Perimeter,” Feature Article, Information Systems Control Journal (May 2006).
• "Handle with Care: Protecting Sensitive Data,” Feature Article, ISSA Journal (November 2005).
• "The Demise of Passwords: Have Rumors Been Exaggerated?” Feature Article, ISSA Journal (May 2005).
• "Managing Risks Related to Unsupported Software,” Feature Article, ISSA Journal (September 2004).
• "Son of Y2K: Time to Go Back to the Bunker …” Information Security, Vol. 3, No. 11 (November 2000).
• "Protecting the E-Commerce Infrastructure,” Electronic Commerce Advisor, Vol. 4, No. 3 (November/December 1999).
• "Data Processing and Communications Security During Recovery and Repair,” Data Center Operations Management, Auerbach Publishers (New York), 1996.
• "The Basics of Computer System and Data Network Security,” Data Center Operations Management, Auerbach Publishers (New York), April 1996.
• "Distributed Emergency Backup Saves Money,” Securities Dealing Systems Newsletter, Vol. 2, No. 1 (Summer 1992).
• "Security During System Recovery and Repair,” Journal of Information Systems Management, Vol. 7, No. 1 (Winter 1990).
• "The Six Basics of Data Security,” Data Security Management, Auerbach Publishers (New York), 1989.
• "Security During Recovery and Repair,” Data Security Management, Auerbach (New York), 1989.
• "Risk and the Selection and Acquisition of Computer Equipment (Part 2),” Journal of Capacity Management, Vol. 1, No. 3 (1983).
• "Risk and the Selection and Acquisition of Computer Equipment (Part 1),” Journal of Capacity Management, Vol. 1, No. 2 (1982).

Published Articles: Outsourcing

• "Safe and Sound? Outsourcing is currently on the rise, but is it really a good idea to outsource IT security?” Financial Services Technology (FST) Magazine, U.S. and European Editions, (Q3 2008).
• "Podium: Lending Out the Keys to the Kingdom,” CIO Decisions (February 2006).
• "Open Platform: Did You Lock the Door?” Waters Magazine (October 2005).
• "Is Your Business in Safe Hands? Dealing with the Risks of Outsourcing,” CXO Magazine, Vol. 1, No. 2, (Q3 2005).

Published Articles: Securities Industry

• Regular Technology Column in Securities Industry Management Magazine:
  • "Running Afoul of the Flaw,” Vol. 2, No. 7 (February/March 1995).
  • "Management and Technology: Bridging the Gap,” Vol. 2, No. 6 (December 1994/January 1995).
  • "A False Sense of Computer Security,” Vol. 2, No. 4 (August/September 1994).
  • "A Solution for Everyone,” Vol. 2, No. 3 (June/July 1994).
  • "The Death of K.I.S.S.” Vol. 2, No. 2 (April/May 1994).
  • "The Risks of Outsourcing,” Vol. 2, No. 1 (February/March 1994).
  • "Two Cheers for Mainframes,” Vol. 1, No. 2 (Fall 1993).
  • "Making the Right Trade-Offs in Disaster Recovery,” Vol. 1, No. 1 (Summer 1993).
• Inaugural Technology Column in Wall Street Computer Review Magazine (name changed to Wall Street and Technology Magazine):
  • Trading Rooms Awakening to Brave New Worlds,” Vol. 5, No. 4 (January 1988).

  Published Articles: Information Technology Management

  • "Book Review: Stepping Through the IS Audit, 2nd Edition, by J.L. Bayuk,” ISACA Information Systems Control Journal, Vol. 5, 2005.
  • "Cashing in on Data Mining,” Wall Street & Technology, Vol. 14, No. 12 (December 1996).
  • "Training and Hiring Systems Staff,” Systems Development Management, Auerbach Publishers (New York), 1996.
  • "Reverting to Centralized Data Center Management,” Data Center Operations Management, Auerbach Publishers (New York), 1996.
  • "Real-time Decisions, Anywhere, Anytime,” Wall Street & Technology, Vol. 14, No. 7 (July 1996).
  • "Training and Hiring for the New Technology,” Securities Industry Management, Vol. 2, No. 6 (December 1994/January 1995).
  • "The Complexity of Information Systems,” The Information Manager, Vol. 1, No. 5 (July/August 1979).
  • "Evaluating Software: Scheduling Packages for Data Processing,” Computer Decisions, Vol. 10, No. 10 (October 1978).
  • "The Economic Evaluation of Information Storage and Retrieval Systems,” Information Processing & Management, Vol. 13 (1977).
  • "The Effective Use of Computer Resources,” Omega, Vol. 4, No. 3 (1976).

  Published Articles: Year 2000

  • "The Impact of Year 2000 on Electronic Commerce,” Electronic Commerce Advisor, Vol. 1, No. 6 (May/June 1997).
  • "The Right Stuff for Year 2000,” Wall Street & Technology, Vol. 15, No. 1 (January 1997).
  • "The Millennium is Coming: Are Your Computers Ready? Do You Care?” Securities Industry Management, Vol. 2, No. 5 (October/November 1994).

  Published Articles: Computer Performance

  • "The User View of Computer System Availability,” Journal of Capacity Management, Vol. 2, No. 4 (1985).
  • "Controlling a Large-Volume Computer Printer Environment,” Journal of Systems Management, Vol. 35, No. 10 (October 1984).
  • "The User’s View of Computer System Reliability,” Journal of Capacity Management, Vol. 2, No. 1 (1983).
  • "Computer Performance (and How to Maximize It)," Computerworld, (June 9, 1980).
  • "Computer Performance: How Effective is Your Computer?" Infosystems, Vol. 26, No. 2 (February 1979).
  • "Swapping Response Time for Less Switch Capacity," Data Communications, (December 1977).

  Other Subjects

  • "Planning Costs and Revenues in a Multi-Product Environment," Information & Management, Vol. 2, No. 1 (February 1979).
  • "Computerized Call Scheduling for Hospital Departments," Journal of Medical Systems, Vol. 2., No. 1 (1978).
  • "Evaluating Salary Increases," Personnel Journal, Vol. 57, No. 12 (December 1978).
  • Institute of Management Sciences, Conference Bulletin of the TIMS/ORSA Joint National Meeting, New York, May 1978.

  Chris Evans' Publications

  Articles and Papers

  • "Gyroscope Automated Testbed", co-authored NASA Technical Briefs, March 2002
  • "Prober Assistant Measurement System", NASA Technical Briefs, December 2000
  • "Automated Apparatus for Testing Gyroscopes", co-authored NASA Technical Briefs, July 2000
  • "GAT / DeLiTe - An Autonomous System for Complete Microgyroscope Characterization". Co-authored. Presented at the IEEE Aerospace 2000 conference. March 18-25th, 2000, Big Sky, MT
  • "Temperature Dependent Characteristics of the JPL Silicon MEMS Gyroscope". Co-authored. Presented at the IEEE Aerospace 2000 conference. March 18-25th, 2000, Big Sky, MT
  • "Automated Testing of Solar Photovoltaic Arrays", Co-authored. NASA Technical Briefs, January 1997