Publications - Jennifer L. Bayuk

Publications

Articles, Classes Taught, and Speaking Engagements, listed in chronological order, most recent first:

Date: Topic: Publication/Event:

February 2024 Stepping Through Cybersecurity Risk Management Center for Education and Research in Information Assurance and Security at Purdue University (CERIAS)

June 2023 Risk/Control, Audit management - a great career path SECON, ISC2 & ISACA NJ Chapters

April 2022 Cyber Safety in 2022 Solution Driven Wealth

February 2022 Cybersecurity Metrics: What Good Looks Like ISSA-Chicago Chapter Meeting

September 2021 History of Cybersecurity Metrics Center for Education and Research in Information Assurance and Security at Purdue University (CERIAS)

September 2021 History of Cybersecurity Mind the Sec, https://www.mindthesec.com.br/

June 2020 History of Cybersecurity Metrics CyberGreen Cybersecurity Metrics Working Group

October 2019 Cybersecurity Framework Integration ISSA International, CISO Summit

May 2019 A Framework for Cybersecurity Risk Society of Information Risk Analysts, SIRACON

March 2019 Assigning Probability to Cybersecurity Risk MetriconX, securitymetrics.org

May 2018 The Professional Practice of Cybersecurity Risk Management FinCyberSec, Stevens Institute of Technology

March 2018 Technology's Role in Enterprise Risk Management ISACA Journal* Volume 2

February 2013 Security Metrics Financial Services Sector Coordinating Council, R&D Committee Meeting

June 2013 Security Metrics University IT Audit Conference, Rutgers University, NJ

Spring 2013 Security as a Theoretical Attribute Construct Computers and Security*

January 2013 Measuring System Security Systems Engineering* Volume 16, Issue 1 (with Mostashari)

December 2012 Understanding Security Metrics to Drive Business and Security Results NJ CISO Executive Summit

March 2012 Measuring System Security Software and Systems Process Improvement Network (www.nyspin.org)

March 2012 Security Via Related Disciplines Conference on Systems Engineering Technology* (CSER) (with Horowitz and Jones)

March 2012 System-Level Security Canadian Bankers Association's CFI-CERT Professional Development Day

December 2011 Measuring System Security Doctoral Dissertation at Stevens Institute of Technology

November 2011 Measuring Cyber Security in Intelligent Urban Infrastructure Systems International IEEE Conference & Expo on Emerging Technologies for a Smarter World (CEWIT)* (with Mostashari)

Fall 2011 An Architectural Systems Engineering Methodology for Addressing Cyber Security Systems Engineering* Vol 14, Issue 3 (with Horowitz)

July 2011 Systems of Systems Issues in Security Engineering INCOSE Insight*

June 2011 Cloud Security Metrics IEEE Systems of Systems Engineering Conference* (SoSE2011)

April 2011 Security Verification & Validation Conference on Systems Engineering Technology* (CSER) (with Mostashari & Sauser)

April 2011 Alternative Security Metrics Third International Conference on Information Technology: New Generations* (ITNG)

March/April 2011 System Security Engineering IEEE Security & Privacy Magazine* Vol 9 Issue 2

March 2011 Information Security Metrics, Legal and Ethical Issues Book Chapter in: Readings and Cases in the Management of Information Security*, pp. 217-229

October 2010 The Utility of Security Standards IEEE International Carnahan Conference on Security Technology* (ICCST)

September 2010 Cyberforensics edited collection of articles with explanatory introduction published by Springer

June 2010 Pairing Organizational Strategy with Security Solutions CSO Executive Seminar

May 2010 Security Systems Engineering High Confidence Systems and Software

December 2009 Critical Infrastructure Protection Issues in the Financial Industry Global Conference on Systems and Enterprises, Stevens Institute of Technology

December 2009 Enterprise Security for the Executive: Setting the Tone at the Top book published by: Praeger Security International

December 2009 From the CSO's Desk: Recruiting assistance from the top SC Magazine

September 2009 Enterprise Security for the Business Executive: Setting the Tone at the Top Carnegie Mellon Cylab Business Risks Forum Webinar

September 2009 Prevention Is Better Than Cure Business Trends Quarterly

July 2009 Not on My Watch: How Executives Can Influence Secure Behavior Information Systems Audit and Control Association Journal International Conference, Los Angeles, CA

June 2009 From the CSO's Desk: CxOs must band together SC Magazine

June 2009 How to Write an Information Security Policy CSO Online

May 2009 Information System Audit Basics CSO Online

May 2009 Vendor Due Diligence Information Systems Audit and Control Association Journal*, Volume 3

March 2009 Enterprise Information Security and Privacy Co-editor of book and author of chapter on Information Classification, an Artech House publication

March 2009 Data-centric security Computer, Fraud, and Security

January 2009 Information Classification Seminar for ISACA NY Metro Chapter

January 2009 Securing Web Applications CSO Executive Series on Application Security, a CXO Media Event

November 2008 Cyber Security for the Banking and Finance Sector Authored as chair of Financial Services Sector Coordinating Council R&D Committee, all of whom contributed, published in Wiley Handbook of Science and Technology for Homeland Security

November 2008 What is Resilience Panel Contribution Institute for Information Infrastructure Protection Workshop on What Businesses Need to Know About Harmonizing Resilience and Cyber Security, University of Virginia

November 2008 Security Through a Time of Crisis Computer Security Institute Annual Conference, Washington, DC

October 2008 Without Which None: Key Data Points for IT Governance Metrics ISACA IT Governance, Risk, and Compliance Conference, Orlando, FL

July 2008 Metrics for Risk Management versus Metrics for Security Attribution Metricon, San Jose, CA
June 2008 Third Party Due Diligence SIFMA Technology Management Conference, New York, NY

December 2007 Advice to Students of the School of Technology Management Columbia University, Morningside Campus

November 2007 Stepping Through the InfoSec Program book published by: Information Systems Audit and Control Association (ISACA)*

October 2007 Data Classification, Security, and Privacy Securities Industry and Financial Markets Association, Internal Audit Division, Annual Conference

October 2007 Utilising information security to improve resiliency Journal of Business Continuity & Emergency Planning

Sept/Oct 2007 IT Attestation Services: What You Need to Know Journal of Corporate Accounting and Finance

November 2006 Stepping Through the IS Audit Computer Security Institute 33rd Annual Conference

November 2006 Stepping Through the InfoSec Program ISACA Information Security Management Conference

October 2006 The Homeland Security Front Securities Industry Association, Internal Audit Division, Annual Conference

October 2006 Financial Services Sector Coordinating Council Technology Initiatives Financial Services Technology Consortium, Annual Meeting

November 2005 Security Review Alternatives Computer Security Journal, Volume XXI, Number 4, Fall 2005

October 2005 Best Practices for Securing and Controlling Offshore Vendors Securities Industry Association, Internal Audit Division, Annual Conference.

September 2005 Internal Security Reviews Fourth Annual FDIC Technology Seminar

June 2005 Security Review Program Alternatives Computer Security Institute, NetSec Conference

May 2005 Information Security Legislation* Strategic Research Institute, Identity Management in Financial Services Conference

December 2004 Stepping Through the IS Audit, Second Edition publisher: Information Systems Audit and Control Association (ISACA).*

October 2004 SOX from the IT Practitioner Point of View Securities Industry Association, Internal Audit Division, Annual Conference.

June 2004 Sarbanes-Oxley for the IS Professional Securities Industry Association, Technology Management Conference.

October 2003 The Role of IT Security Securities Industry Association, Internal Audit Division, Annual Conference.

October 2003 Metrics for Due Diligence Best In Class Security and Operations Roundtable Conference, Carnegie Mellon Software Engineering Institute

April 2003 Introducing Security at the Cradle SANS (System Admin, Audit, Network, Security Institute) Security and Audit Controls that Work Conference.

November 2002 Productive Intrusion Detection The Computer Security Journal, a Computer Security Institute publication.

October 2002 Firewalls - Designing a Secure Environment Securities Industry Association, Internal Audit Division, Annual Conference.

May 2001 Measuring Security Information Security System Rating and Ranking, an Applied Computer Security Associates (ACSA)Workshop.

January 2001 Security Metrics The Computer Security Journal, a Computer Security Institute publication.

August 2000 Assurance and Monitoring of E-business: Technical Control Points Seminar sponsored by Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA)

June 2000 Information Security Metrics: An Audit-based Approach Computer Systems Security and Privacy Advisory Board (CSSPAB) Security Metrics Workshop (Sponsored by NIST)

April 2000 CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability ISACA North Jersey Chapter

January 2000 Stepping Through the IS Audit, A Guide for Information Systems Managers publisher: Information Systems Audit and Control Association (ISACA).*

October 1999 Infrastructure Monitoring Challenges 22nd Annual National Information Systems Security Conference*

May 1999 Successful Audits in New Situations ISACA Journal* v.III

April 1999 CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability ISACA North Jersey Chapter

November 1998 How to Survive an IS Audit Computer Security Institute Conference, Chicago, IL

April 1998 CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability ISACA North Jersey Chapter

June 1997 Oracle Database Control Issues Vanguard Information Security Expo, Orlando, FL

January 1997 Audit & Control of Sybase and Oracle ISACA NY Metropolitan Chapter

June 1996 Security Controls for a Client-Server Environment EDPACS (The EDP Audit, Control, and Security Newsletter)*

January 1996 Security Controls for a Client-Server Environment ISACA North Jersey Chapter

July 1996 Security Hot Topics Price Waterhouse Information Systems Risk Management Internal Advanced Training, Tampa FL

October 1996 Security Through Process Management 19th Annual National Information Systems Security Conference, Baltimore, MD*

1990-1995 Several proprietary and proprietary restricted AT&T Bell Laboratories publications. AT&T Internal Technical Information Services

Oct-Dec 1989 Network Simulation System for Air Traffic Control Training This, I co-authored for my boss at UFA and one of our clients. It was published under my maiden name - Jennifer Lorber. Journal of Air Traffic Control

* an asterisk indicates a peer reviewed publication

Date:	Topic:	Publication/Event:
February 2024	Stepping Through Cybersecurity Risk Management	Center for Education and Research in Information Assurance and Security at Purdue University (CERIAS)
June 2023	Risk/Control, Audit management - a great career path	SECON, ISC2 & ISACA NJ Chapters
April 2022	Cyber Safety in 2022	Solution Driven Wealth
February 2022	Cybersecurity Metrics: What Good Looks Like	ISSA-Chicago Chapter Meeting
September 2021	History of Cybersecurity Metrics	Center for Education and Research in Information Assurance and Security at Purdue University (CERIAS)
September 2021	History of Cybersecurity	Mind the Sec, https://www.mindthesec.com.br/
June 2020	History of Cybersecurity Metrics	CyberGreen Cybersecurity Metrics Working Group
October 2019	Cybersecurity Framework Integration	ISSA International, CISO Summit
May 2019	A Framework for Cybersecurity Risk	Society of Information Risk Analysts, SIRACON
March 2019	Assigning Probability to Cybersecurity Risk	MetriconX, securitymetrics.org
May 2018	The Professional Practice of Cybersecurity Risk Management	FinCyberSec, Stevens Institute of Technology
March 2018	Technology's Role in Enterprise Risk Management	ISACA Journal* Volume 2
February 2013	Security Metrics	Financial Services Sector Coordinating Council, R&D Committee Meeting
June 2013	Security Metrics	University IT Audit Conference, Rutgers University, NJ
Spring 2013	Security as a Theoretical Attribute Construct	Computers and Security*
January 2013	Measuring System Security	Systems Engineering* Volume 16, Issue 1 (with Mostashari)
December 2012	Understanding Security Metrics to Drive Business and Security Results	NJ CISO Executive Summit
March 2012	Measuring System Security	Software and Systems Process Improvement Network (www.nyspin.org)
March 2012	Security Via Related Disciplines	Conference on Systems Engineering Technology* (CSER) (with Horowitz and Jones)
March 2012	System-Level Security	Canadian Bankers Association's CFI-CERT Professional Development Day
December 2011	Measuring System Security	Doctoral Dissertation at Stevens Institute of Technology
November 2011	Measuring Cyber Security in Intelligent Urban Infrastructure Systems	International IEEE Conference & Expo on Emerging Technologies for a Smarter World (CEWIT)* (with Mostashari)
Fall 2011	An Architectural Systems Engineering Methodology for Addressing Cyber Security	Systems Engineering* Vol 14, Issue 3 (with Horowitz)
July 2011	Systems of Systems Issues in Security Engineering	INCOSE Insight*
June 2011	Cloud Security Metrics	IEEE Systems of Systems Engineering Conference* (SoSE2011)
April 2011	Security Verification & Validation	Conference on Systems Engineering Technology* (CSER) (with Mostashari & Sauser)
April 2011	Alternative Security Metrics	Third International Conference on Information Technology: New Generations* (ITNG)
March/April 2011	System Security Engineering	IEEE Security & Privacy Magazine* Vol 9 Issue 2
March 2011	Information Security Metrics, Legal and Ethical Issues	Book Chapter in: Readings and Cases in the Management of Information Security*, pp. 217-229
October 2010	The Utility of Security Standards	IEEE International Carnahan Conference on Security Technology* (ICCST)
September 2010	Cyberforensics	edited collection of articles with explanatory introduction published by Springer
June 2010	Pairing Organizational Strategy with Security Solutions	CSO Executive Seminar
May 2010	Security Systems Engineering	High Confidence Systems and Software
December 2009	Critical Infrastructure Protection Issues in the Financial Industry	Global Conference on Systems and Enterprises, Stevens Institute of Technology
December 2009	Enterprise Security for the Executive: Setting the Tone at the Top	book published by: Praeger Security International
December 2009	From the CSO's Desk: Recruiting assistance from the top	SC Magazine
September 2009	Enterprise Security for the Business Executive: Setting the Tone at the Top	Carnegie Mellon Cylab Business Risks Forum Webinar
September 2009	Prevention Is Better Than Cure	Business Trends Quarterly
July 2009	Not on My Watch: How Executives Can Influence Secure Behavior	Information Systems Audit and Control Association Journal International Conference, Los Angeles, CA
June 2009	From the CSO's Desk: CxOs must band together	SC Magazine
June 2009	How to Write an Information Security Policy	CSO Online
May 2009	Information System Audit Basics	CSO Online
May 2009	Vendor Due Diligence	Information Systems Audit and Control Association Journal*, Volume 3
March 2009	Enterprise Information Security and Privacy	Co-editor of book and author of chapter on Information Classification, an Artech House publication
March 2009	Data-centric security	Computer, Fraud, and Security
January 2009	Information Classification	Seminar for ISACA NY Metro Chapter
January 2009	Securing Web Applications	CSO Executive Series on Application Security, a CXO Media Event
November 2008	Cyber Security for the Banking and Finance Sector	Authored as chair of Financial Services Sector Coordinating Council R&D Committee, all of whom contributed, published in Wiley Handbook of Science and Technology for Homeland Security
November 2008	What is Resilience Panel Contribution	Institute for Information Infrastructure Protection Workshop on What Businesses Need to Know About Harmonizing Resilience and Cyber Security, University of Virginia
November 2008	Security Through a Time of Crisis	Computer Security Institute Annual Conference, Washington, DC
October 2008	Without Which None: Key Data Points for IT Governance Metrics	ISACA IT Governance, Risk, and Compliance Conference, Orlando, FL
July 2008	Metrics for Risk Management versus Metrics for Security Attribution	Metricon, San Jose, CA
June 2008	Third Party Due Diligence	SIFMA Technology Management Conference, New York, NY
December 2007	Advice to Students of the School of Technology Management	Columbia University, Morningside Campus
November 2007	Stepping Through the InfoSec Program	book published by: Information Systems Audit and Control Association (ISACA)*
October 2007	Data Classification, Security, and Privacy	Securities Industry and Financial Markets Association, Internal Audit Division, Annual Conference
October 2007	Utilising information security to improve resiliency	Journal of Business Continuity & Emergency Planning
Sept/Oct 2007	IT Attestation Services: What You Need to Know	Journal of Corporate Accounting and Finance
November 2006	Stepping Through the IS Audit	Computer Security Institute 33rd Annual Conference
November 2006	Stepping Through the InfoSec Program	ISACA Information Security Management Conference
October 2006	The Homeland Security Front	Securities Industry Association, Internal Audit Division, Annual Conference
October 2006	Financial Services Sector Coordinating Council Technology Initiatives	Financial Services Technology Consortium, Annual Meeting
November 2005	Security Review Alternatives	Computer Security Journal, Volume XXI, Number 4, Fall 2005
October 2005	Best Practices for Securing and Controlling Offshore Vendors	Securities Industry Association, Internal Audit Division, Annual Conference.
September 2005	Internal Security Reviews	Fourth Annual FDIC Technology Seminar
June 2005	Security Review Program Alternatives	Computer Security Institute, NetSec Conference
May 2005	Information Security Legislation*	Strategic Research Institute, Identity Management in Financial Services Conference
December 2004	Stepping Through the IS Audit, Second Edition	publisher: Information Systems Audit and Control Association (ISACA).*
October 2004	SOX from the IT Practitioner Point of View	Securities Industry Association, Internal Audit Division, Annual Conference.
June 2004	Sarbanes-Oxley for the IS Professional	Securities Industry Association, Technology Management Conference.
October 2003	The Role of IT Security	Securities Industry Association, Internal Audit Division, Annual Conference.
October 2003	Metrics for Due Diligence	Best In Class Security and Operations Roundtable Conference, Carnegie Mellon Software Engineering Institute
April 2003	Introducing Security at the Cradle	SANS (System Admin, Audit, Network, Security Institute) Security and Audit Controls that Work Conference.
November 2002	Productive Intrusion Detection	The Computer Security Journal, a Computer Security Institute publication.
October 2002	Firewalls - Designing a Secure Environment	Securities Industry Association, Internal Audit Division, Annual Conference.
May 2001	Measuring Security	Information Security System Rating and Ranking, an Applied Computer Security Associates (ACSA)Workshop.
January 2001	Security Metrics	The Computer Security Journal, a Computer Security Institute publication.
August 2000	Assurance and Monitoring of E-business: Technical Control Points	Seminar sponsored by Information Systems Audit and Control Association (ISACA) and the Association of Government Accountants (AGA)
June 2000	Information Security Metrics: An Audit-based Approach	Computer Systems Security and Privacy Advisory Board (CSSPAB) Security Metrics Workshop (Sponsored by NIST)
April 2000	CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability	ISACA North Jersey Chapter
January 2000	Stepping Through the IS Audit, A Guide for Information Systems Managers	publisher: Information Systems Audit and Control Association (ISACA).*
October 1999	Infrastructure Monitoring Challenges	22nd Annual National Information Systems Security Conference*
May 1999	Successful Audits in New Situations	ISACA Journal* v.III
April 1999	CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability	ISACA North Jersey Chapter
November 1998	How to Survive an IS Audit	Computer Security Institute Conference, Chicago, IL
April 1998	CISA Exam Certification Course, Domain 4: Information Systems Integrity, Confidentiality, and Availability	ISACA North Jersey Chapter
June 1997	Oracle Database Control Issues	Vanguard Information Security Expo, Orlando, FL
January 1997	Audit & Control of Sybase and Oracle	ISACA NY Metropolitan Chapter
June 1996	Security Controls for a Client-Server Environment	EDPACS (The EDP Audit, Control, and Security Newsletter)*
January 1996	Security Controls for a Client-Server Environment	ISACA North Jersey Chapter
July 1996	Security Hot Topics	Price Waterhouse Information Systems Risk Management Internal Advanced Training, Tampa FL
October 1996	Security Through Process Management	19th Annual National Information Systems Security Conference, Baltimore, MD*
1990-1995	Several proprietary and proprietary restricted AT&T Bell Laboratories publications.	AT&T Internal Technical Information Services
Oct-Dec 1989	Network Simulation System for Air Traffic Control Training This, I co-authored for my boss at UFA and one of our clients. It was published under my maiden name - Jennifer Lorber.	Journal of Air Traffic Control

[ Sort Publications by Title ]
[ Home ]