[...]... Ph.D 3 INFORMATION SECURITY MANAGEMENT Section 3.1 Security Management Concepts and Principles Measuring ROI on Security Carl F Endorf, CISSP, SSCP, GSEC Security Patch Management Jeffrey Davis, CISSP Purposes of Information Security Management Harold F Tipton The Building Blocks of Information Security Ken M Shaurette The Human Side of Information Security Kevin Henry, CISA, CISSP Security Management. .. Happen Susan D Hansche, CISSP Making Security Awareness Happen: Appendices Susan D Hansche, CISSP Section 3.8 Security Management Planning Maintaining Information Security during Downsizing Thomas J Bray, CISSP The Business Case for Information Security: Selling Management on the Protection of Vital Secrets and Products Sanford Sherizen, Ph.D., CISSP Information Security Management in the Healthcare Industry... Surviving Security, 2nd Edition (Auerbach Publications, 2003) Jim Appleyard is a senior security consultant with the IBM Security and Privacy Services consulting practice With 33 years of technical and management experience in information technology, he specializes in enterprisewide information security policies and security architecture design He has specific expertise in developing information security. .. Winnipeg Office of Deloitte & Touche LLP’s Security Services consulting practice John has extensive experience in information security including E-business security controls, network security reviews, intrusion and penetration testing, risk analysis, policy development, security awareness, and information security assurance programs John has over 18 years of Information Security experience and is presently... present, he is an Information System Security Officer for Total Exploration and Production Before moving to France, he was the Chief Information Security Officer at TotalFinaElf E&P Indonesia and also a board member of the Information System Security Association (ISSA), Indonesia Sandeep Dhameja, CISSP, is responsible for implementation, management of data, network security, and information security at Morningstar... Admin magazine, ranging from system administration and tutorial articles to management and architecture Chris is now writing for Auerbach’s Data Security Management, Information Security Management Handbook, and Data Communication Management, and is coauthor the Official (ISC)2 Guide to the CISSP Exam Chris has taught information security at Algonquin College (Ottawa, Canada) and was one of the original... is the security manager for Network Computing Services at BC Hydro He has a diverse range of IT and information security experience Patrick D Howard, CISSP, a Senior Information Security Consultant for the Titan Corporation, has over 31 years experience in security management and law enforcement He has been performing security certification and accreditation tasks for over 14 years as both a security. .. Massachusetts Walter S Kobus, Jr., CISSP, is Vice President, Security Consulting Services, with Total Enterprise Security Solutions, LLC He has over 35 years of experience in information systems with 15 years experience in security, and is a subject matter expert in several areas of information security, including application security, security management practice, certification and accreditation, secure... handbook on information security Since 1999, he has been a columnist for Information Security magazine where he also serves on the Editorial Advisory Board He was the first Security Editor for Java Developers Journal and has written for © 2004 by CRC Press LLC AU1997_Frame_FM Page xxix Tuesday, November 25, 2003 3:15 PM InfoWorld, Network World, Web Techniques, and The Handbook of Information Security Management. .. CISSP Information Security and Personnel Practices Edward H Freeman Section 3.6 Risk Management Information Security Policies from the Ground Up Brian Shorten, CISSP, CISA Policy Development Chris Hare, CISSP, CISA Risk Analysis and Assessment Will Ozier Server Security Policies Jon David Toward Enforcing Security Policy: Encouraging Personal Accountability for Corporate Information Security Policy John