Articles, Classes Taught, and Speaking Engagements, listed in
chronological order, most recent first:
* an asterisk indicates a peer reviewed publication
Date:
Topic:
Publication/Event:
February 2024
Stepping Through Cybersecurity Risk Management
Center for Education and Research in Information Assurance and Security at Purdue University (CERIAS)
June 2023
Risk/Control, Audit management - a great career path
SECON, ISC2 & ISACA NJ Chapters
April 2022
Cyber Safety in 2022
Solution Driven Wealth
February 2022
Cybersecurity Metrics: What Good Looks Like
ISSA-Chicago Chapter Meeting
September 2021
History of Cybersecurity Metrics
Center for Education and Research in Information Assurance and Security at Purdue University (CERIAS)
September 2021
History of Cybersecurity
Mind the Sec, https://www.mindthesec.com.br/
June 2020
History of Cybersecurity Metrics
CyberGreen Cybersecurity Metrics Working Group
October 2019
Cybersecurity Framework Integration
ISSA International, CISO Summit
May 2019
A Framework for Cybersecurity Risk
Society of Information Risk Analysts, SIRACON
March 2019
Assigning Probability to Cybersecurity Risk
MetriconX, securitymetrics.org
May 2018
The Professional Practice of Cybersecurity Risk Management
FinCyberSec, Stevens Institute of Technology
March 2018
Technology's Role in Enterprise Risk Management
ISACA Journal* Volume 2
February 2013
Security Metrics
Financial Services Sector Coordinating Council, R&D Committee Meeting
June 2013
Security Metrics
University IT Audit Conference, Rutgers University, NJ
Spring 2013
Security as a Theoretical Attribute Construct
Computers and Security*
January 2013
Measuring System Security
Systems Engineering* Volume 16, Issue 1 (with Mostashari)
December 2012
Understanding Security Metrics to Drive Business and Security Results
NJ CISO Executive Summit
March 2012
Measuring System Security
Software and Systems Process Improvement Network (www.nyspin.org)
March 2012
Security Via Related Disciplines
Conference on Systems Engineering Technology* (CSER) (with Horowitz and Jones)
March 2012
System-Level Security
Canadian Bankers Association's CFI-CERT Professional Development Day
December 2011
Measuring System Security
Doctoral Dissertation at Stevens Institute of Technology
November 2011
Measuring Cyber Security in Intelligent Urban Infrastructure Systems
International IEEE Conference & Expo on Emerging Technologies for a Smarter World (CEWIT)* (with Mostashari)
Fall 2011
An Architectural Systems Engineering Methodology for Addressing Cyber Security
Systems Engineering* Vol 14, Issue 3 (with Horowitz)
July 2011
Systems of Systems Issues in Security Engineering
INCOSE Insight*
June 2011
Cloud Security Metrics
IEEE Systems of Systems Engineering Conference* (SoSE2011)
April 2011
Security Verification & Validation
Conference on Systems Engineering Technology* (CSER) (with Mostashari & Sauser)
April 2011
Alternative Security Metrics
Third International Conference on Information Technology: New Generations* (ITNG)
March/April 2011
System Security Engineering
IEEE Security & Privacy Magazine* Vol 9 Issue 2
March 2011
Information Security Metrics, Legal and Ethical Issues
Book Chapter in: Readings and Cases in the Management of Information Security*, pp. 217-229
October 2010
The Utility of Security Standards
IEEE International Carnahan Conference on Security Technology* (ICCST)
September 2010
Cyberforensics
edited collection of articles with explanatory introduction published by Springer
June 2010
Pairing Organizational Strategy with Security Solutions
CSO Executive Seminar
May 2010
Security Systems Engineering
High Confidence Systems and Software
December 2009
Critical Infrastructure Protection Issues in the Financial Industry
Global Conference on Systems and Enterprises, Stevens Institute of Technology
December 2009
Enterprise Security for the Executive: Setting the Tone at the Top
book published by: Praeger Security International
December 2009
From the CSO's Desk: Recruiting assistance from the top
SC Magazine
September 2009
Enterprise Security for the Business Executive: Setting the Tone at the Top
Carnegie Mellon Cylab Business Risks Forum Webinar
September 2009
Prevention Is Better Than Cure
Business Trends Quarterly
July 2009
Not on My Watch: How Executives Can Influence Secure Behavior
Information Systems Audit and Control Association Journal International Conference, Los Angeles, CA
June 2009
From the CSO's Desk: CxOs must band together
SC Magazine
June 2009
How to Write an Information Security Policy
CSO Online
May 2009
Information System Audit Basics
CSO Online
May 2009
Vendor Due Diligence
Information Systems Audit and Control Association Journal*, Volume 3
March 2009
Enterprise Information Security and Privacy
Co-editor of book and author of chapter on Information Classification, an Artech House publication
March 2009
Data-centric security
Computer, Fraud, and Security
January 2009
Information Classification
Seminar for ISACA NY Metro Chapter
January 2009
Securing Web Applications
CSO Executive Series on Application Security, a CXO Media Event
November 2008
Cyber Security for the Banking and Finance Sector
Authored as chair of Financial Services Sector Coordinating Council R&D Committee, all of whom contributed, published in Wiley Handbook of Science and Technology for Homeland Security
November 2008
What is Resilience Panel Contribution
Institute for Information Infrastructure Protection Workshop on What Businesses Need to Know About Harmonizing Resilience and Cyber Security, University of Virginia
November 2008
Security Through a Time of Crisis
Computer Security Institute Annual Conference, Washington, DC
October 2008
Without Which None: Key Data Points for IT Governance Metrics
ISACA IT Governance, Risk, and Compliance Conference, Orlando, FL
July 2008
Metrics for Risk Management versus Metrics for Security Attribution
Metricon, San Jose, CA
June 2008
Third Party Due Diligence
SIFMA Technology Management Conference, New York, NY
December 2007
Advice to Students of the School
of Technology Management
Columbia University, Morningside Campus
November 2007
Stepping Through the InfoSec Program
book published by: Information Systems Audit and Control Association (ISACA)*
October 2007
Data Classification, Security, and Privacy
Securities Industry and Financial Markets Association, Internal Audit Division, Annual Conference
October 2007
Utilising information security to improve resiliency
Journal of Business Continuity & Emergency Planning
Sept/Oct 2007
IT Attestation Services: What You Need to Know
Journal of Corporate Accounting and Finance
November 2006
Stepping Through the IS Audit
Computer Security Institute 33rd Annual Conference
November 2006
Stepping Through the InfoSec Program
ISACA Information Security Management Conference
October 2006
The Homeland Security Front
Securities Industry Association, Internal Audit Division, Annual Conference
October 2006
Financial Services Sector Coordinating Council Technology Initiatives
Financial Services Technology Consortium, Annual Meeting
November 2005
Security Review Alternatives
Computer Security Journal, Volume XXI, Number 4, Fall 2005
October 2005
Best Practices for Securing and Controlling Offshore Vendors
Securities Industry Association, Internal Audit Division, Annual Conference.
September 2005
Internal Security Reviews
Fourth Annual FDIC Technology Seminar
June 2005
Security Review Program Alternatives
Computer Security Institute, NetSec Conference
May 2005
Information Security Legislation*
Strategic Research Institute, Identity Management in Financial Services Conference
December 2004
Stepping Through the IS Audit, Second Edition
publisher: Information Systems Audit and Control Association (ISACA).*
October 2004
SOX from the IT Practitioner Point of View
Securities Industry Association, Internal Audit Division, Annual Conference.
June 2004
Sarbanes-Oxley for the IS Professional
Securities Industry Association, Technology Management Conference.
October 2003
The Role of
IT Security
Securities Industry Association, Internal Audit Division, Annual Conference.
October 2003
Metrics for Due Diligence
Best In Class Security and Operations Roundtable Conference, Carnegie Mellon Software Engineering Institute
April 2003
Introducing Security at the Cradle
SANS (System Admin, Audit, Network, Security Institute) Security and Audit Controls that Work Conference.
November 2002
Productive Intrusion Detection
The Computer Security Journal, a Computer Security Institute publication.
October 2002
Firewalls - Designing a Secure Environment
Securities Industry Association, Internal Audit Division, Annual Conference.
May 2001
Measuring Security
Information Security System Rating and Ranking, an Applied Computer Security Associates (ACSA)Workshop.
January 2001
Security Metrics
The Computer Security Journal, a Computer Security Institute publication.
August 2000
Assurance and Monitoring of E-business: Technical Control Points
Seminar sponsored by Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA)
June 2000
Information Security Metrics: An Audit-based Approach
Computer Systems Security and Privacy Advisory Board (CSSPAB) Security Metrics Workshop (Sponsored by NIST) April 2000
CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability
ISACA North Jersey Chapter
January 2000
Stepping Through the IS Audit, A Guide for Information Systems Managers
publisher: Information Systems Audit and Control Association (ISACA).*
October 1999
Infrastructure Monitoring Challenges
22nd Annual National Information Systems Security Conference*
May 1999
Successful Audits in New Situations
ISACA Journal* v.III
April 1999
CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability
ISACA North Jersey Chapter
November 1998
How to Survive an IS Audit
Computer Security Institute Conference, Chicago, IL
April 1998
CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability
ISACA North Jersey Chapter
June 1997
Oracle Database Control Issues
Vanguard Information Security Expo, Orlando, FL
January 1997
Audit & Control of Sybase and Oracle
ISACA NY Metropolitan Chapter
June 1996
Security Controls for a Client-Server Environment
EDPACS (The EDP Audit, Control, and Security Newsletter)*
January 1996
Security Controls for a Client-Server Environment
ISACA North Jersey Chapter
July 1996
Security Hot Topics
Price Waterhouse Information Systems Risk Management Internal Advanced Training, Tampa FL
October 1996
Security Through Process Management
19th Annual National Information Systems Security Conference, Baltimore, MD*
1990-1995
Several proprietary and proprietary restricted AT&T Bell Laboratories publications.
AT&T Internal Technical Information Services
Oct-Dec 1989
Network Simulation System for Air Traffic Control Training
This, I co-authored for my boss at UFA and one of our clients.
It was published under my maiden name - Jennifer Lorber.
Journal of Air Traffic Control