ABOUT THE CONTRIBUTORS

Mani Akella, Director (Technology), has been actively working with information security architectures and identity protection for Consultantgurus and its clients. An industry professional for 20 years, Akella has worked with hardware, software, networking, and all the associated technologies that service information in all of its incarnations and aspects. Over the years, he has developed a particular affinity for international data law and understanding people and why they do what they do (or do not). He firmly believes that the best law and policy is that which understands and accounts for cross-cultural differences, and works with an understanding of culture and societal influences. To that end, he has been actively working with all his clients and business acquaintances to improve security policies and make them more people-friendly: His experience has been that the best policy is that which works with, instead of being anagonistic to, the end user.

Rebecca Gurley Bace is the President/CEO of Infidel, Inc., a strategic consulting practice headquartered in Scotts Valley, California. She is also a venture consultant for Palo Alto–based Trident Capital, where she is credited with building Trident's investment portfolio of security product and service firms. Her areas of expertise include intrusion detection and prevention, vulnerability analysis and mitigation, and the technical transfer of information security research results to the commercial product realm. Prior to transitioning to the commercial world, Bace worked in the public sector, first at the National Security Agency, where she led the Intrusion Detection research program, then at the Computing Division of the Los Alamos National Laboratory, where she served as Deputy Security Officer. Bace's publishing credits include two books, an NIST Special Publication on intrusion detection and prevention, and numerous articles on information security technology topics.

Susan Baumes, MS, CISSP, is an information security professional working in the financial services industry. In her current role, Ms. Baumes works across the enterprise to develop information security awareness and is responsible for application security. Her role also extends to policy development, compliance and audit. She has 11 years experience in application development, systems and network administration, database management, and information security. Previously, Ms. Baumes worked in a number of different sectors including government (federal and state), academia and retail.

Kurt Baumgarten, CISA (e-mail: [email protected]) is Vice President of Information Security and a partner at Peritus Security Partners, LLC, a leader in providing compliance-driven information security solutions. He is also a lecturer, consultant, and the developer of the DDIPS intrusion prevention technology as well as a pioneer in using best practices frameworks for the improvement of information technology security programs and management systems. Baumgarten has authored multiple articles about the business benefits of sound information technology and information assurance practices, and assists businesses and government agencies in defining strategic plans that enhance IT and IA as positive value chain modifiers. He holds both a Master's of Science in Information Assurance and an MBA with a concentration in E-Commerce, and serves as an Adjunct Professor of Information Assurance. He has more than 20 years of experience in IT infrastructure and Information Security and is an active member of ISSA, ISACA, ISSSP, and the MIT Enterprise Forum. Baumgarten periodically acts as an interim Director within external organizations in order to facilitate strategic operational changes in IT and Information Security.

Kevin Beets has been a Research Scientist with McAfee for the past five years. His work has concentrated on vulnerability and malware research and documentation with the Foundstone R&D and Avert Labs teams. Prior to working at McAfee, he architected private LANs as well as built, monitored, and supported CheckPoint and PIX firewalls and RealSecure IDS systems.

Matt Bishop is a Professor in the Department of Computer Science at the University of California at Davis and a Codirector of the Computer Security Laboratory. His main research area is the analysis of vulnerabilities in computer systems, especially their origin, detection, and remediation. He also studies network security, policy modeling, and electronic voting. His textbook, Computer Security: Art and Science, is widely used in advanced undergraduate and graduate courses. He received his PhD in computer science from Purdue University, where he specialized in computer security, in 1984.

Kip Boyle is the Chief Information Security Officer of PEMCO Insurance, a $350 million property, casualty, and life insurance company serving the Pacific Northwest. Prior to joining PEMCO Insurance, he held such positions as Chief Security Officer for a $50 million national credit card transaction processor and technology service provider; Authentication and Encryption Product Manager for Cable & Wireless America; Senior Security Architect for Digital Island, Inc.; and a Senior Consultant in the Information Security Group at Stanford Research Institute (SRI) Consulting. He has also held director-level positions in information systems and network security for the U.S. Air Force. Boyle is a Certified Information System Security Professional and Certified Information Security Manager. He holds a Bachelor's of Science in Computer Information Systems from the University of Tampa (where he was an Air Force ROTC Distinguished Graduate) and a Master's of Science in Management from Troy State University.

Timothy Braithwaite has more than 30 years of hands-on experience in all aspects of automated information processing and communications. He is currently Deputy Director of Strategic Programs at the Center for Information Assurance of Titan Corporation. Before joining Titan, he managed most aspects of information technology, including data and communications centers, software development projects, strategic planning and budget organizations, system security programs, and quality improvement initiatives. His pioneering work in computer systems and communications security while with the Department of Defense resulted in his selection to be the first Systems Security Officer for the Social Security Administration (SSA) in 1980. After developing security policy and establishing a nationwide network of regional security officers, Braithwaite directed the risk assessment of all payment systems for the agency. In 1982, he assumed the duties of Deputy Director, Systems Planning and Control of the SSA, where he performed substantive reviews of all major acquisitions for the Associate Commissioner for Systems and, through a facilitation process, personally led the development of the first Strategic Systems Plan for the administration. In 1984, he became Director of Information and Communication Services for the Bureau of Alcohol, Tobacco, and Firearms at the Department of Treasury. In the private sector, he worked in senior technical and business development positions for SAGE Federal Systems, a software development company; Validity Corporation, a testing and independent validation and verification company; and J.G. Van Dyke & Associates, where he was Director, Y2K Testing Services. He was recruited to join Titan Corporation in December 1999 to assist in establishing and growing the company's Information Assurance practice.

Paul J. Brusil, PhD (e-mail: [email protected]) founded Strategic Management Directions, a security and enterprise management consultancy in Beverly, Massachusetts. He has been working with various industry and government sectors including healthcare, telecommunications, and middleware to improve the specification, implementation, and use of trustworthy, quality, security-related products and systems. He supported strategic planning that led to the National Information Assurance Partnership and other industry forums created to understand, promote, and use the Common Criteria to develop security and assurance requirements and to evaluate products. Brusil has organized, convened, and chaired several national workshops, conferences, and international symposia pertinent to management and security. Through these and other efforts to stimulate awareness and cooperation among competing market forces, he spearheaded industry's development of the initial open, secure, convergent, standards-based network and enterprise management solutions. While at the MITRE Corp, Brusil led research and development critical to the commercialization of the world's first LAN solutions. Earlier, at Harvard, he pioneered research leading to noninvasive diagnosis of cardiopulmonary dysfunction. He is a Senior Member of the IEEE, a member of the Editorial Advisory Board of the Journal of Network and Systems Management (JNSM), has been Senior Technical Editor for JNSM, is the Guest Editor for all JNSM's Special Issues on Security and Management, and is a Lead Instructor for the Adjunct Faculty supporting the Master's of Science in Information Assurance degree program at Norwich University. He has authored over 100 papers and book chapters. He graduated from Harvard University with a joint degree in Engineering and Medicine.

David Brussin is Founder and CEO of Monetate, Inc. Monetate powers Intelligent Personal Promotions™ for online retailers. Brussin is a serial entrepreneur recognized as a leading information security and technology expert, and was honored by MIT's Technology Review as one of the world's 100 top young innovators. In January 2004, Brussin cofounded TurnTide, Inc. around the antispam router technology he had invented. As Chief Technology Officer, he also managed engineering and technical operations. TurnTide was acquired by Symantec six months later. Previously, Brussin cofounded and served as Chief Technology Officer for ePrivacy Group, Inc., which created the Trusted Sender program and Trusted Email Open Standard to protect and grow the e-mail marketing channel. Brussin created products to help e-mail marketers increase response and conversion by protecting their trusted relationship with consumers. In 1996, he cofounded and served as Vice President of Technology for InfoSec Labs, an information security company dedicated to helping Fortune 1000 companies safely transition their businesses into the online world. Partnering with his clients, Brussin balanced security with the emerging technical challenges of doing business online and helped many established bricks-and-mortar businesses become multichannel. InfoSec Labs was acquired by Rainbow Technologies, now part of SafeNet, in 1999. Brussin is a frequent speaker and writer on entrepreneurship and technology. He also serves on the Board of Directors of Invite Media, Inc., a stealth-mode start-up working to analyze and optimize online display advertising.

Michael Buglewicz spent approximately 10 years in law enforcement carrying out a variety of duties, from front-line patrol work through complex investigations. After concluding his law enforcement career. Buglewicz brought his experiences to technology and held a variety of roles within First Data Corporation, including Internet banking and online payment systems. Buglewicz has worked for Microsoft Corporation since 1996 in a variety of roles and has taught in Norwich University's Information Assurance program. Buglewicz holds an undergraduate degree in Fine Arts from the University of Nebraska at Omaha and graduate degrees from Illinois State University as well as a Master's degree in Information Assurance from Norwich University. His current interests focus on corporate risk management.

Nancy Callahan is Vice President, AIG Executive Liability, Financial Institutions Division. AIG is the world's leading international insurance and financial services organization, with operations in approximately 130 countries and jurisdictions. AIG member companies serve commercial, institutional, and individual customers through the most extensive worldwide property-casualty and life insurance networks of any insurer. An expert on privacy and identity theft, Callahan is a frequent speaker at industry conferences throughout the United States and is a much-sought-after media resource, having been quoted in the Wall Street Journal and Associated Press. Callahan joined AIG in 2001. Prior to AIG, Callahan worked in e-commerce and financial services. She spent 13 years at Reuters, where her final position was Executive Vice President, Money Transaction Systems. Callahan is a Chartered Property and Casualty Underwriter and Certified Information Privacy Professional. She has a Master's of Business Administration and a BS in Systems Engineering from the University of Virginia.

Q. Campbell (e-mail: [email protected]) has worked in the information security field for over six years. He specializes in information technology threat analysis and education.

Wendy Carr, CISSP (e-mail: [email protected]) is a Senior Consultant with Booz, Allen & Hamilton on a client-site in New England. Her focus on addressing security concerns related to the implementation of products and applications includes concentrations in the areas of Certification and Accreditation (Commercial/DITSCAP/DIACAP), risk analysis, compliance testing and vulnerability assessment, forensic examination, incident response, disaster recovery, authentication, and encryption for both physical and wireless environments in the fields of Military, Government and Banking. She holds an MS in Information Assurance from Norwich University and is a member of (ISC)², InfraGard, and the Norwich University Journal of Information Assurance Editorial Review Board as well as several organizations dedicated to the advancement of information security.

Santosh Chokhani (e-mail: [email protected]) is the Founder and President of CygnaCom Solutions, Inc., an Entrust company specializing in PKI. He has made numerous contributions to PKI technology and related standards, including trust models, security, and policy and revocation processing. He is the inventor of the PKI Certificate Policy and Certification Practices Statement Framework. His pioneering work in this area led to the Internet RFC that is used as the standard for CP and CPS by governments and industry throughout the world. Before starting CygnaCom, he worked for The MITRE Corporation from 1978 to 1994. At MITRE, he was senior technical manager and managed a variety of technology research, development, and engineering projects in the areas of PKI, computer security, expert systems, image processing, and computer graphics. Chokhani obtained his Master's (1971) and PhD (1975) in Electrical Engineering/Computer Science from Rutgers University, where he was a Louis Bevior Fellow from 1971 to 1973.

Christopher Christian is an aviator in the United States Army. He received a Bachelor's degree in Computer Information Systems at Norwich University class of 2005. His primary focus of study was Information Assurance and Security. He worked as an intern for an engineering consulting company for three years. He developed cost/analysis worksheets and floor-plan layouts to maximize workspace efficiency for companies in various industries. Christian graduated flight school at Fort Rucker, Alabama, there he trained on the H-60 Blackhawk. He serves as a Flight Platoon Leader in an Air Assault Battalion. First Lieutenant Christian is currently serving in Iraq in support of Operation Iraqi Freedom 08–09.

Chey Cobb, CISSP (e-mail: [email protected]) began her career in information security while at the National Computer Security Association (now known as TruSecure/ICSA Labs). During her tenure as the NCSA award–winning Webmaster, she realized that Web servers often created security holes in networks and became an outspoken advocate of systems security. Later, while developing secure networks for the Air Force in Florida, her work captured the attention of the U.S. intelligence agencies. Cobb moved to Virginia and began working for the government as the Senior Technical Security Advisor on highly classified projects. Ultimately, she went on to manage the security program at an overseas site. Cobb, who is now semiretired, writes books and articles on computer security and is a frequent speaker at security conferences.

Stephen Cobb, CISSP (e-mail: [email protected]) is an independent information security consultant and an Adjunct Professor of Information Assurance at Norwich University, Vermont. A graduate of the University of Leeds, Cobb's areas of expertise include risk assessment, computer fraud, data privacy, business continuity management, and security awareness and education. A frequent speaker and seminar leader at industry conferences around the world, Cobb is the author of numerous books on security and privacy as well as hundreds of articles. Cobb cofounded several security companies whose products expanded the range of security solutions available to enterprises and government agencies. As a consultant, he has advised some of the world's largest companies on how to maximize the benefits of information technology by minimizing IT risks.

Caleb S. Coggins, MSIA, CISSP, is a Corporate Auditor for Bridgestone Americas. His areas of interest include vulnerability management, network security, and information assurance. Prior to Bridgestone, Coggins served as the Information Manager for a private company as well as an information security consultant to business clients. He holds a BA from Willamette University and an MS in Information Assurance from Norwich University.

Bernie Cowens, CISSP, CISA (e-mail: [email protected]) is Chief Information Security Officer at a Fortune 500 company in the financial services industry. He is an information risk, privacy, and security expert with more than 20 years experience in industries including defense, high technology, healthcare, financial, and Big Four professional services. Cowens has created, trained, and led a number of computer emergency, forensic investigation, and incident response teams over the years. He has real-world experience responding to attacks, disasters, and failures resulting from a variety of sources, including malicious attackers, criminals, and foreign governments. He has served as an advisor to and a member of national-level panels charged with analyzing cyber-system threats to critical infrastructures, assessing associated risks, and recommending both technical and nontechnical mitigation policies and procedures. Cowens holds a Master's degree in Management Information Systems along with undergraduate degrees and certificates in systems management and information processing.

Christopher Dantos is a Senior Architectural Specialist with Computer Science Corporation's Global Security Solutions Group. His areas of expertise include 802.11, VoIP, and Web application security. Prior to joining CSC, he spent 10 years as a Security Architect with Motorola Inc., including 5 years in the Motorola Labs Wireless Access Research Center of Excellence. He holds a Master's of Science degree in Information Assurance from Norwich University and a Bachelor's of Science degree in Marine Engineering from the Maine Maritime Academy.

Chris Davis, CISA, CISSP, has trained and presented in information security, advanced computer forensic analysis, hardware security design, auditing, and certification curriculum for government, corporate, and university requirements. He was part of the teams responsible for Hacking Exposed Computer Forensics, IT Auditing: Using Controls to Protect Information Assets, and the Anti-Hacker Toolkit. His contributions include projects and presentations for SANS, Gartner, Harvard, BlackHat, CEIC, and 3GSM. He has enjoyed positions at ForeScout, Texas Instruments, Microsoft Technology Center, and Cisco Systems. He holds a Bachelor's degree in Nuclear Engineering Technologies from Thomas Edison, and a Master's in Business from the University of Texas at Austin.

Seth Finkelstein (e-mail: [email protected]) is a professional programmer with degrees in Mathematics and in Physics from MIT. He cofounded the Censorware Project, an anti-censorware advocacy group. In 1998, his efforts evaluating the sites blocked by the library's Internet policy in Loudoun County, Virginia, helped the American Civil Liberties Union win a federal lawsuit challenging the policy. In 2001, he received a Pioneer of the Electronic Frontier Award from the Electronic Frontier Foundation for his groundbreaking work in analyzing content-blocking software. In 2003, he was primarily responsible for winning a temporary exemption in the Digital Millennium Copyright Act allowing for the analysis of censorware.

Urs E. Gattiker is an internationally-renowned security and risk technologist, both a Founder and the Chief Technology Officer of CyTRAP Labs GmbH. CyTRAP Labs provides corporate governance and social media services to organizations worldwide. Using sophisticated analysis and correlation tools, CyTRAP Labs' expert Internet Analysts monitor suspicious internal and external activities, user and community behavior, business goals, and web technology to craft and deliver long term successful web and corporate risk management programs for companies.

Urs is the inventor of the ComMetrics benchmark battery of tools. One of these, the FT/ComMetrics corporate blog index, empowers the FT Global 500 companies to compare the value of their blogging activities against to that target information security prevention and safety, with other enterprises. He is the author and co-author of several books on computer viruses, technology and risk management. Gattiker holds a PhD in business focusing on computing/informatics and an MBA (international marketing) both from Claremont Graduate University (Claremont Colleges) and a BS in public administration/informatics from the HWV Zurich.

Robert Gezelter, CDP, has over 33 years of experience in computing, starting with programming scientific/technical problems. Shortly thereafter, his focus shifted to operating systems, networks, security, and related matters, where he has 32 years of experience in systems architecture, programming, and management. He has worked extensively in systems architecture, security, internals, and networks, ranging from high-level strategic issues to the low-level specification, design, and implementation of device protocols and embedded firmware.

Gezelter is an alumnus of the IEEE Computer Society's Distinguished Visitor Program for North America, having been appointed to a three-year term in 2004. His appointment included numerous presentations at Computer Society chapters throughout North America.

He has published numerous articles, appearing in Hardcopy, Computer Purchasing Update, Network Computing, Open Systems Today, Digital Systems Journal, and Network World. He is a frequent presenter at conference sessions on operating systems, languages, security, networks, and related topics at local, regional, national, and international conferences, speaking for DECUS, Encompass, IEEE, ISSA, ISACA, and others. He previously authored the mobile code and Internet-related chapters for the 4th edition of this Handbook (2002) as well as the “Internet Security” chapters of the 3rd edition (1995) and its supplement (1997).

He is a graduate of New York University with BA (1981) and MS (1983) degrees in Computer Science. Gezelter founded his consulting practice in 1978, working with clients both locally and internationally. He maintains his offices in Flushing, New York. He may be contacted via his firm's www site at www.rlgsc.com.

Anup K. Ghosh is President and Chief Executive of Secure Command, LLC, a security software start-up developing next-generation Internet security products for corporate networks. Ghosh also holds a position as Research Professor at George Mason University. Ghosh was previously Senior Scientist and Program Manager in the Advanced Technology Office of the Defense Advanced Research Projects Agency (DARPA), where he managed an extensive portfolio of information assurance and information operations programs. Ghosh previously served in executive management as Vice President of Research at Cigital, Inc. He has served as principal investigator on contracts from DARPA, NSA, and NIST's Advanced Technology Program and has written more than 40 peer-reviewed conference and journal articles. Ghosh is also author of three books on computer network defense and serves on the editorial board of IEEE Security and Privacy Magazine and has been guest editor for IEEE Software and IEEE Journal on Selected Areas in Communications. Ghosh is a Senior Member of the IEEE. For his contributions to the Department of Defense's information assurance, Ghosh was awarded the Frank B. Rowlett Trophy for Individual Contributions by the National Security Agency in November 2005, a federal government–wide award. He was also awarded the Office of the Secretary of Defense Medal for Exceptional Public Service for his contributions while at DARPA. In 2005, Worcester Polytechnic Institute awarded Ghosh its Hobart Newell Award for Outstanding Contributions to the Electrical and Computer Engineering Profession. Ghosh has previously been awarded the IEEE's Millennium Medal for Outstanding Contributions to E-Commerce Security. Ghosh completed his PhD and Master of Science in Electrical Engineering at the University of Virginia and his Bachelor of Science in Electrical Engineering at Worcester Polytechnic Institute.

Donald Glass, CISA, CISSP (e-mail: [email protected]) has over 15 years of experience in the IT Auditing and Information Security fields. He's the current Director of IT Audit for Kerzner International. Author of several information security and IT audit articles, Donald is recognized as a leader in the IT audit field and information security.

Robert Guess is a Senior Security Engineer at a Fortune 500 firm and an Associate Professor of Information Systems Technology. Guess possesses a Master's of Science in Information Assurance from Norwich University and has over a dozen industry certifications, including the National Security Agency INFOSEC Assessment Methodology, National Security Agency INFOSEC Evaluation Methodology, and Certified Information Systems Security Practitioner. His professional efforts include work in the defense sector, serving as primary subject matter expert on a National Science Foundation Cybersecurity Education Grant, and the development of Department of Defense workforce certification standards for information assurance professionals. Guess's work in recent years has focused on security assessment, penetration testing, incident response, and the forensic analysis of digital evidence.

David Gursky is an Information Assurance manager and researcher at Raytheon Integrated Defense Systems working in Crystal City, Virginia. He is principal investigator for behavior-based intrusion detection systems, attribute-based access control, and resource-efficient authentication techniques. He held several senior positions as a Department of Defense Contractor supporting Information Assurance programs and has over 30 years' experience in information technology and information security. He has conducted numerous security audits for PriceWaterhouse and Coopers. Gursky has Bachelor's of Science degree in Business Management from Southern New Hampshire University, a Master's of Science degree from Norwich University, and an MBA from from Northeastern University. In addition, he holds a CISA, CISM and CISSP certifications. He lives in Northern Virginia and is an active member of (ISC)² and ISACA.

Jennifer Hadley (e-mail: [email protected]) is a member of the first Master of Science in Information Assurance graduating class at Norwich University. She is the primary Systems and Security Consultant for Indiana Networking in Lafayette, Indiana, and has served as both a network and systems administrator in higher education and private consulting. She has almost 10 years' experience as a programmer and instructor of Web technologies with additional interests in data backup, virtualization, authentication/identification, monitoring, desktop and server deployment, and incident response. At present Hadley serves as a Technology Consultant for Axcell Technologies, Inc. Previously she worked as a tester for quality and performance projects for Google, Inc., and as a collegiate adjunct instructor in computer technologies. Hadley received a Bachelor's of Science degree in Industrial and Computer Technology from Purdue University.

Carl Hallberg, CISSP, has been a Unix Systems Administrator for years as well as an Information Security Consultant. He has also written training courses for subjects including firewalls, VPNs, and home network security. He has a Bachelor's degree in Psychology. Currently he is a senior member of an incident response team for a major U.S. financial institution.

Kevin Henry has been involved in computers since 1976, when he was an operator on the largest minicomputer system in Canada. He has since worked in many areas of information technology, including computer programming, systems analysis, and information technology audit. Henry was asked to become Director of Security based on the evidence of his audits and involvement in promoting secure IT operations. Following 20 years in the telecommunications field, Henry moved to a Senior Auditor position with the State of Oregon, where he was a member of the Governor's IT Security Subcommittee and performed audits on courts and court-related IT systems.

Henry has extensive experience in Risk Management and Business Continuity and Disaster Recovery Planning. He frequently presents papers at industry events and conferences and is on the preferred speakers list for nearly every major security conference. Since joining (ISC)² as their first full-time Program Manager in 2002, Henry has been responsible for research and development of new certifications, courseware, and development of educational programs and instructors. He has also been providing support services and consulting for organizations that require in-depth risk analysis and assistance with specific security-related challenges. This has led to numerous consulting engagements in the Middle East and Asia for large telecommunications firms, government departments, and commercial enterprises.

Don Holden is a Principal Consultant with Concordant specializing in information security. He has more than 20 years of management experience in information systems, security, encryption, business continuity, and disaster recovery planning in both industry and government. Previously he was a Technology Leader for RedSiren Technologies (formerly SRI Consulting). Holden's achievements include leading a cyber-insurance joint venture project, developing privacy and encryption policies for major financial institutions, and recommending standards-based information technology security policies for a federal financial regulator. Holden is an Adjunct Professor for the Norwich University's Master's of Science in Information Assurance. He received an MBA from Wharton and is a Certified Information System Security Professional and Information System Security Management Professional.

John D. Howard is a former Air Force engineer and test pilot who currently works in the Security and Networking Research Group at the Sandia National Laboratories, Livermore, California. His projects include development of the SecureLink software for automatic encryption of network connections. He has extensive experience in systems development, including an aircraft–ground collision avoidance system for which he holds a patent. He is a graduate of the Air Force Academy, has Master's degrees in both Aeronautical Engineering and Political Science, and has a PhD in Engineering and Public Policy from Carnegie Mellon University.

Arthur E. Hutt, CCEP. The late Arthur E. Hutt was an information systems consultant with extensive experience in banking, industry, and government. He served as a contributing editor to the 1st, 2nd, and 3rd Editions of the Computer Security Handbook. He was a principal of PAGE Assured Systems, Inc., a consulting group specializing in security and control of information systems and contingency/disaster recovery planning. He was a senior information systems executive for several major banks active in domestic and international banking. His innovative and pioneering development of online banking systems received international recognition. He was also noted for his contributions to computer security and to information systems planning for municipal government. He was on the faculty of the City University of New York and served as a consultant to CUNY on curriculum and on data processing management. He also served on the mayor's technical advisory panel for the City of New York. Hutt was active in development of national and international technical standards, via ANSI and ISO, for the banking industry.

Robert V. Jacobson, CPP, CISSP, deceased was the President of International Security Technology, Inc., a New York City–based risk management consulting firm. Jacobson founded IST in 1978 to develop and apply superior risk management systems. Current and past government and industry clients are located in the United States, Europe, Africa, Asia, and the Middle East. Jacobson pioneered many of the basic computer security concepts now in general use. He served as the first Information System Security Officer at Chemical Bank, now known as J P Morgan Chase. He was a frequent lecturer and had written numerous technical articles. Mr. Jacobson held BS and MS degrees from Yale University, and was a Certified Information Systems Security Professional. He was also a Certified Protection Professional of the American Society for Industrial Security. He was a member of the National Fire Protection Association and the Information Systems Security Association. In 1991, he received the Fitzgerald Memorial Award for Excellence in Security from the New York Chapter of the ISSA.

David J. Johnson is an information security analyst for a Fortune 1000 financial services company where he focuses primarily on information security policy and standard creation and maintenance. Additionally, he also performs analysis of information technology projects, as well as IT and business processes, for security and business continuity impact and system vulnerability management. Johnson's prior work includes nine years designing, building, and maintaining an electronic commerce (EC/EDI) infrastructure and data transfers for a national financial service company. He holds a Bachelor's of Science in Business Administration from Oregon State University and a Master's of Science in Information Assurance from Norwich University.

Sean Kelley is an Adjunct Professor in Information Assurance (IA) for Norwich and Troy University. He also teaches IA and management conferences for the SANS Institute. His information security career is diversified and has taken him to high-level organizations in Washington, DC, including the Attending Physician's Office to Congress, U.S. Capitol, where he was responsible for the development of policy and controls for the secure handling of electronic health records for 535 members of Congress, Supreme Court Justices, and officials. Kelley is a Certified Information Systems Security Professional and PMP and also holds several NSA certificates. Kelley also holds a Master's degree from Webster University in Computer Resources and Information Management and a second Master's degree from the Naval Postgraduate School in Information Technology, where he concentrated on computer and network security by taking classes through the NPS Center for INFOSEC Studies and Research.

David M. Kennedy, CISSP (e-mail: [email protected]) is TruSecure Corporation's Chief of Research. He directs the Research Group to provide expert services to TruSecure Corporation members, clients, and staff. He supervises the Information Security Reconnaissance (IS/R) team, which collects security-relevant information, both above- and underground in TruSecure Corporation's IS/R data collection. IS/R provides biweekly and special topic reports to IS/R subscribers. Kennedy is a retired U.S. Army Military Police officer. In his last tour of duty, he was responsible for enterprise security of five LANs with Internet access and over 3,000 personal computers and workstations. He holds a BS in Forensic Science.

Gary C. Kessler is an Associate Professor of Computer and Digital Forensics and Coordination of Information Assurance Education at Champlain College in Burlington, Vermont, where he is also the Director of the Champlain College Center for Digital Investigation. Kessler is a technical consultant to the Vermont Internet Crimes Task Force and a member of the High Technology Crime Investigation Association and High Tech Crime Consortium; he is also a Certified Information Systems Security Professional and Certified Computer Examiner. Kessler is a frequent speaker at industry conferences, has written two books and over 70 articles on a variety of technology topics, and is an Associate Editor of the Journal of Digital Forensic Practice and serves on the editorial board of the Journal of Digital Forensics, Security, and Law. He holds a BA in Mathematics, an MS in Computer Science, an EdS in Computing Technology in Education, and is pursuing a doctorate degree.

David A. Land. In the U.S. Army as a Counterintelligence Special Agent, Land and David Christie developed and hosted the first Department of Defense Computer Crimes Conference. Since then Land has investigated espionage cases for both the Army and the Department of Energy. He serves as the Information Technology Coordinator for Anniston City Schools in Alabama and as an Adjunct Professor for Norwich University, his alma mater.

D. T. Lang served in the United States Air Force, retiring as a Special Agent in Charge. As a Special Agent he worked in the areas of antiterrorism, executive and force protection, counterintelligence and counterespionage. Lang is a combat veteran of Operation Desert Storm and was charged with the Joint Force Protection Team for the United Nations Implementation Forces in Zagreb, Croatia. In the 1990s, he held diplomatic status as a U.S. Arms Control Treaty Inspector. In 2003, he was selected by the United Nations to be a UN weapons of mass destruction inspector in Iraq. Lang currently provides consulting support to the U.S. Intelligence Community and served as a senior instructor in the Master's of Science in Information Assurance Program at Norwich University from 2005 to 2008. Lang is a past commander of Civil Air Patrol's Wyoming Wing and a recipient of the Civil Air Patrol Distinguished Service Medal.

David R. Lease, PhD is the Chief Solution Architect at Computer Sciences Corporation. He has over 30 years of technical and management experience in the information technology, security, telecommunications, and consulting industries. Lease's recent projects include a $2 billion security architecture redesign for a federal law enforcement agency and the design and implementation of a secure financial management system for an organization operating in 85 countries. Lease is a writer and frequent speaker at conferences for organizations in the intelligence community, Department of Defense, civilian federal agencies, as well as commercial and academic organizations. He is also a peer reviewer of technical research for the IEEE Computer Society. Additionally, Lease is on the faculty of Norwich University and the University of Fairfax, where he teaches graduate-level information assurance courses and supervises doctoral-level research.

Corinne Lefrançois is an Information Assurance Analyst at the National Security Agency. She graduated from Norwich University with a Bachelor of Science in Business Administration and Accounting in 2004 and is a current student in Norwich University's Master of Science in Information Assurance program.

Diane (“Dione”) E. Levine, CISSP, CFE, FBCI, CPS, former President/CEO of Strategic Systems Management Ltd., and one of the developers of the Certification for Information Systems Security Professionals. She has enjoyed a notable career in information security as both a developer and implementer of enterprise security systems. Levine held a series of high-level risk management and security positions at major financial institutions, spent many years as an Adjunct Professor at New York University, and is widely publicized in the trade and academic press. She is the contributor of numerous chapters in the Third, Fourth, and Fifth Editions of the Computer Security Handbook. Ms. Levine has divided her time between consulting in security and in business continuity, as well as writing and teaching worldwide. She is a frequent public speaker and a member of technical panels and has contributed articles in columns to Information Week, Information Security, Internet Week, Plant IT, ST&D, internet.com, and Smart Computing. She is an active member of the Information Systems Security Association (ISSA), the Association of Certified Fraud Examiners (ACFE), the Business Continuity Institute (BCI), the Contingency Planning Exchange (CPE), and the Information Security Auditing and Control Association (ISACA) and has devoted many years serving on the board of directors for these organizations.

James Landon Linderman, PhD (e-mail: [email protected]) is an Associate Professor in the Computer Information Systems department at Bentley College, Waltham, Massachusetts, where he has taught for 30 years. He is a Research Fellow at Bentley's Center for Business Ethics, and past Vice-Chair of the Faculty Senate. A resident of Fitzwilliam, New Hampshire, Linderman is a Permanent Deacon in the Roman Catholic Diocese of Worcester, Massachusetts, and a consultant in the area of computer-assisted academic scheduling and timetable construction.

Steven Lovaas, MSIA, CISSP, is the Information Technology Security Manager for Colorado State University. His areas of expertise include IT security policy and architecture, communication and teaching of complex technical concepts, and security issues in both K–12 and higher education. He has taught for the MS program in Information Assurance at Norwich University, and is pursuing a PhD in Public Communications and Technology at Colorado State University. Lovaas currently holds the position of Editor in Chief for the Norwich University Journal of Information Assurance. As part of his volunteer commitment to educating the next generation of scientists and engineers, he coaches, judges, and writes exams for the Science Olympiad program in Colorado.

Vic Maconachy, PhD, assumed the position of Vice President for Academic Affairs/Chief Academic Officer at Capitol College, Laurel, Maryland, in October 2007. Maconachy is charged with sustaining and enhancing the academic quality of programs of study ranging from Business Administration through Engineering, Computer Science, and Information Assurance. He also oversees the operations of the Library and the Space Operations Institute. Maconachy holds the rank of Professor and teaches graduate and undergraduate research courses in information assurance.

Prior to joining Capitol College, Maconachy served at the National Security Agency in several leadership positions. He was appointed by the Director of the NSA as the Deputy Senior Computer Science Authority, where he built a development program for a new generation of Cryptologic Computer Scientists. Prior to this position, Maconachy served as the Director of the National Information Assurance Education and Training Program (www.nsa.gov/ia/academia/acade00001.cfm). He was responsible for implementing a multidimensional, interagency program, providing direct support and guidance to the services, major Department of Defense components, federal agencies, and the greater national information infrastructure community. This program fosters the development and implementation of information assurance training programs as well as graduate and undergraduate education curricula. In this capacity, he served on several national-level government working groups as well as in an advisory capacity to several universities. Maconachy was the principal architect for several national INFOSEC training standards in the national security systems community. During his time at the NSA, he held many different positions, including work as an INFOSEC Operations Officer, INFOSEC Analyst and a Senior INFOSEC Education and Training Officer.

Prior to joining the NSA, Maconachy worked for the Department of Navy. He developed and implemented INFOSEC training programs for users and system maintainers of sophisticated cryptographic equipment. He also served as the Officer in Charge of several INFOSEC-related operations for the Department of Navy, earning him the Department of Navy Distinguished Civilian Service medal. Maconachy holds a PhD from the University of Maryland. He has numerous publications and awards related to information assurance and is the recipient of the prestigious National Cryptologic Meritorious Service Medal.

John Mason is a Manager for SingerLewak's Enterprise Risk Management Group. He has over 20 years of combined experience in internal audit, regulatory compliance, information security, investigations, and process reengineering. He has held senior positions, such as Chief Internal Auditor and Vice President of Audit and Compliance in a variety of companies. While at two multibillion-dollar institutions, he was the Chief Information Security Officer and helped establish information risk management programs as well as designed risk-based audit programs several years before Sarbanes-Oxley. Mason has routinely authored, reviewed, and researched finance control policies and procedures. He has performed audits for governmental agencies and managed a full spectrum of financial, operational, SOX compliance, and data processing audits. He possesses an MBA and numerous certificates, including a CISM, CISA, CFE, CBA, CFSA, and CFSSP and is an Adjunct Professor in Norwich University's Master's of Science in Information Assurance program.

Peter Mell is a senior computer scientist in the Computer Security Division at the National Institute of Standards and Technology. He is the Program Manager for the National Vulnerability Database as well as the Security Content Automation Protocol validation program. These programs are widely adopted within the U.S. government and used for standardizing and automating vulnerability and configuration management, measurement, and policy compliance checking. He has written the NIST publications on patching, malware, intrusion detection, common vulnerability scoring system, and the common vulnerabilities and exposures standard. Mell's research experience includes the areas of intrusion detection systems, vulnerability scoring, and vulnerability databases.

Michael Miora has designed and assessed secure, survivable, highly robust systems for Industry and government over the past 30 years. Miora, one of the original professionals granted the Certified Information Systems Security Professional in the 1990s and the ISSMP in 2004, was accepted as a Fellow of the Business Continuity Institute in 2005. Miora founded and currently serves as President of ContingenZ Corporation. Michael Miora was educated at the University of California, Los Angeles and Berkeley, earning Bachelor's and Master's in Mathematics. He is an Adjunct Professor at Norwich University in the MS Information Assurance program and serves on the editorial boards of the Norwich University Journal of Information Assurance and the Business Continuity Journal.

Allysa Myers is the Director of Research for West Coast Labs. Her primary responsibilities are researching and analyzing technology and security threat trends as well as reviewing and developing test methodologies. Prior to joining West Coast Labs, Myers spent 10 years working in the Avert group at McAfee Security, Inc. While there, she wrote for the Avert blog and Sage magazine, plus several external publications. She also provided training demonstrations to new researchers within McAfee along with other groups such as the Department of Defense and McAfee Technical Support and Anti-Spyware teams. Myers has been a member of various security industry groups, such as the Wildlist and the Drone Armies mailing list.

Scott J. Nathan, Esq. (e-mail: [email protected]) is an attorney whose practice includes litigation concerning intellectual property and technology matters, computer fraud and abuse, and environmental and insurance coverage matters involving the exchange of millions of pages of documents. In addition, he advises clients about, among other things, Internet-related risks and risk avoidance, proprietary and open source software licensing, service-level agreements, and insurance coverage. Nathan has written and spoken extensively about such issues as online privacy, cyberspace jurisdiction, and the legal issues surrounding the use of open source software. He is admitted to practice before the United States Supreme Court, the United States Court of Appeals for the First Circuit, the Federal District Court for the District of Massachusetts, and the Courts of the Commonwealth of Massachusetts. Nathan is a member of the American Bar Association's Litigation and Computer Litigation Committees.

Carl Ness, MS, CISSP, is a Senior Security Analyst for the University of Iowa. Ness has more than 10 years' experience in the information technology and information security fields, mainly in the academic and healthcare sector. He is a speaker, author, and educator on information assurance, including security in the academic environment, messaging security, disaster recovery and business continuity, safe home computing, and information technology operations. Ness previously served as a systems administrator, network administrator, information technology director, and information security officer. He also provides consulting to several security software development organizations.

Peter G. Neumann has doctorates from Harvard and Darmstadt. He has been in SRI International's Computer Science Lab since September 1971, after spending 10 years at Bell Labs in Murray Hill, New Jersey. His work is concerned with computer systems and networks, trustworthiness and high assurance, security, reliability, survivability, safety, and many risk-related issues, such as voting-system integrity, crypto policy, social implications, and human needs including privacy. He moderates the ACM Risks Forum (risks.org) and created ACM SIGSOFT's Software Engineering Notes in 1976. He has participated in four studies for the National Academies of Science. His 1995 book, Computer-Related Risks, is still timely. He is a Fellow of the ACM, IEEE, and AAAS.

Lester E. Nichols earned a BS degree from the University of Phoenix and an MS degree in Information Assurance from Norwich University. He is currently working on his doctoral degree in Information Security at Capella University. He holds the CISSP, MCSA, MCP, and Security+ certifications. Nichols has over 10 years' experience in computer technology in the medical, nonprofit, financial, and local and federal government sectors, in a variety of roles, including application development, network engineering, and information security. Nichols is currently with Knowledge Consulting Group as a Senior Security Engineer, providing security oversight as well as security justification for network and system design implementations, while working with network engineering to integrate security mind-sets to the design stage of projects. Prior to this, he was employed with Prolific Solutions, LLC as a Senior Information Assurance Manager.

Justin Opatrny is currently an information systems manager for a Fortune 500 company, with previous roles specializing in network infrastructure and security. He earned a Master's degree in Information Assurance from Norwich University; holds industry certifications including CISSP, GCFA, and GSNA; and is an active member of ISSA and InfraGard. Opatrny also works as an independent consultant providing technology and information assurance expertise and guidance.

John Orlando, PhD, is the Program Director for the Master of Science in Business Continuity Management at Norwich University. He received his PhD from the University of Wisconsin, and has published articles in a variety of applied ethics fields, including information ethics, business ethics, and medical ethics. He has also published a number of articles on business continuity management and consults with universities on business continuity programs. Orlando helped develop online programs at the University of Vermont and Norwich University, and was the Associate Program Director for the Master of Science in Information Assurance at Norwich University.

Raymond Panko, PhD (e-mail: [email protected]) is a Professor of Information Technology Management in the Shidler College of Business at the University of Hawaii. His interest in security began during lunches with Donn Parker in the 1970s at SRI International and has grown ever since. His textbook on IT security, Corporate Computer and Network Security, is published by Prentice-Hall. His current research focuses are security for end user applications (especially spreadsheets), how to deal with fraud, and human and organizational controls. His main teaching focus, however, remains networking. In his networking classes and textbook, he emphasizes security throughput, pointing out the security implications of network protocols and practices.

Robert A. Parisi, Jr., is the Senior Vice-President and National Technology, Network Risk and Telecommunications Practice Leader for the FINPRO unit of Marsh USA. Parisi has spoken at various businesses, technology, legal, and insurance forums throughout the world and has written on issues affecting professional liability, privacy, technology, telecommunications, media, intellectual property, computer security, and insurance. In 2002, Parisi was honored by Business Insurance magazine as one of the Rising Stars of Insurance.

Immediately prior to joining Marsh, Parisi was the Senior Vice-President and Chief Underwriting Officer of eBusiness Risk Solutions (a unit of the property and casualty companies of American International Group, Inc.). Parisi joined the AIG group of companies in 1998 as legal counsel for its Professional Liability group and held several executive and legal positions within AIG, including the position of Chief Underwriting Officer for Professional Liability and Technology. While at AIG, Parisi oversaw the creation and drafting of underwriting guidelines and policies for all lines of professional liability. Prior to joining AIG, Parisi had been in private practice, principally as legal counsel to various Lloyds of London syndicates handling a variety of professional liability lines.

Parisi graduated cum laude from Fordham College with a B.A. in Economics and received his law degree from Fordham University School of Law. He is admitted to practice in New York and the U.S. District Courts for the Eastern and Southern Districts of New York.

Donn B. Parker, CISSP, Fellow of the Association for Computing Machinery (e-mail: [email protected]) is a retired (1997) senior management consultant who has specialized in information security and computer crime research for 35 of his 50 years in the computer field. He has written numerous books, papers, articles, and reports in his specialty based on interviews with over 200 computer criminals and reviews of the security of many large corporations. He received the 1992 Award for Outstanding Individual Achievement from the Information Systems Security Association, the 1994 National Computer System Security Award from the U.S. NIST/NCSC, the Aerospace Computer Security Associates 1994 Distinguished Lecturer award, and The MIS Training Institute Infosecurity News 1996 Lifetime Achievement Award. Information Security Magazine identified him as one of the five top Infosecurity Pioneers (1998).

Padgett Peterson, P.E., CISSP, IAM/IEM, has been involved with computer security and encryption for over 40 years. Since 1979 he has been employed by different elements of a major aerospace contractor. Peterson is also an Adjunct Professor in the Master's of Science in Information Assurance program at Norwich University.

Franklin Platt (e-mail: [email protected] or telephone: 603 449-2211) is Founder and President of Office Planning Services, a Wall Street consultancy for 20 years headquartered in Stark, New Hampshire since 1990. He has worked extensively in security planning, management, and preparedness in both the private and public sectors. His academic background includes business administration and electrical engineering. He has received extensive government training in emergency management, including terrorism and weapons of mass destruction, much of which is not available to the public. He holds many security certifications and is currently vetted by the FBI and by several states. Platt's areas of expertise include: security risk management; compliance with the latest Homeland Security procedures and other federal regulations that affect the private sector; risk identification and assessment; vulnerability analysis; cost-value studies; response planning; site security surveys and compliance auditing; briefing and training; second opinion; and due diligence.

Jerrold M. Post, PhD, is Professor of Psychiatry, Political Psychology, and International Affairs and Director of the Political Psychology Program at George Washington University. He has devoted his entire career to the field of political psychology. Post came to George Washington after a 21-year career with the Central Intelligence Agency, where he was the Founding Director of the Center for the Analysis of Personality and Political Behavior. He played the lead role in developing the Camp David profiles of Menachem Begin and Anwar Sadat for President Jimmy Carter and initiated the U.S. government program in understanding the psychology of terrorism. He is a widely published author, whose most recent book is The Mind of the Terrorist: The Psychology of Terrorists from the IRA to al-Qaeda. Post is also a frequent commentator on national and international media.

N. Todd Pritsky is the Director of E-learning Courseware at Hill Associates, a telecommunications training company in Colchester, Vermont. He is a Senior Member of the Technical Staff and an instructor of online, lecture, and hands-on classes. His teaching and writing specialties include e-commerce, network security, TCP/IP, and the Internet, and he also leads courses on fast packet and network access technologies. He enjoys writing articles on network security and is a contributing author of Telecommunications: A Beginner's Guide (McGraw-Hill/Osborne). Previously he managed a computer center and created multimedia training programs. He holds a BA in Philosophy and Russian/Soviet Studies from Colby College.

Karthik Raman (e-mail: [email protected]) is a Research Scientist at McAfee Avert Labs, an internationally renowned research group for fighting malicious software. His work at McAfee focuses on vulnerability research, malware analysis, and security-research automation. His interests include the application of computer and social sciences to computer-security problems and developing security tools. Karthik graduated with BS degrees in Computer Science and Computer Security from Norwich University in 2006, where he studied under Dr. Mich Kabay.

Bridgitt Robertson has been teaching business and technology courses for over six years. Her multidisciplinary approach to security awareness analyzes threats in the global enterprise and investigates how an educated workforce can mitigate risks and enhance corporate competitiveness. Prior to teaching, Robertson worked for global companies in the areas of project management, business analysis, and consulting. She is looking forward to obtaining her doctorate in 2009. She is a member of InfraGard.

Marc Rotenberg is Executive Director of the Electronic Privacy Information Center in Washington, DC. He teaches information privacy law at Georgetown University Law Center. He has published many articles in legal and scientific journals. He is the coauthor of several books, including Information Privacy Law, Privacy and Human Rights, The Privacy Law Sourcebook, and Litigation under the Federal Open Government Laws. He frequently testifies before the U.S. Congress and the European Parliament on emerging privacy issues. He is a Fellow of the American Bar Foundation and the recipient of several awards, including the World Technology Award in Law.

K. Rudolph, CISSP, is President and Chief Inspiration Officer of Native Intelligence, Inc., a Maryland-based consulting firm focused on providing creative and practical information security awareness solutions. Rudolph develops security awareness products including posters, images, 60-second daily security tips, Web-based and computer-based courses designed in accord with adult-learning principles. She facilitates security awareness peer group meetings and is a frequent speaker at security conferences. In 2006, Rudolph was honored by the Federal Information Security Educators' Association as the Security Educator of the Year. Special areas of interest to Rudolph include storytelling in security awareness and behavior-based messages and metrics.

Eric Salveggio is an information technology security professional who enjoys teaching online courses in CMIS for Liberty University and Auditing for Norwich University. He works as a trained ISO 17799, NSTISSI 4011 and 4013 consultant for Dynetics Corporation of Huntsville, Alabama, in IT Security and Auditing, and as a Private Consultant in networking, network design, and security (wired and wireless) with 10 years experience. He previously worked as the IT Director for the Birmingham, Alabama, campus of Virginia College, where he opened two start-up campuses—on ground and online—and created three accredited programs (two undergrad, one graduate level) at state and federal levels in Network and Cyber Security. While in this position, he was chosen as a nominee for the 2006 Information Security Executive Award, and enjoyed being the only educational facility recognized. He was personally awarded a plaque of recognition by the Stonesoft Corporation for the same. He is a published author and photographer, and enjoys working at times as a Technical Editor for Pearson Education and Thomson Publishing on cyber forensics, cyber security, and operating systems.

Ravi Sandhu is Cofounder and Chief Scientist of SingleSignOn.Net in Reston, Virginia, and Professor of Information Technology and Engineering at George Mason University in Fairfax, Virginia. An ACM and an IEEE Fellow, he is the founding Editor in Chief of ACM's Transactions on Information and System Security, Chairman of ACM's Special Interest Group on Security, Audit and Control, and Security Editor for IEEE Internet Computing. Sandhu has published over 140 technical papers on information security. He is a popular teacher and has lectured all over the world. He has provided high-level consulting services to numerous private and government organizations.

Sondra Schneider is CEO and Founder of Security University, an Information Security and Information Assurance Training and Certification company. She and SU have challenged security professionals for the past 10 years, delivering hands-on tactical security classes and certifications around the world.

Starting in 2008, SU set up an exam server to meet the demand for tactical security certifications. In 2005, SU refreshed the preexisting AIS security training program to the new “SU Qualified Programs,” which meet and exceed security professionals requirements for hands-on tactical security “skills” training. SU delivers the Qualified/Information Security Professional and Qualified/Information Assurance Professional certifications, which are the first of their kind that measure a candidate's tactical hands-on security skills.

In 2004, Schneider was awarded Entrepreneur of the Year for the First Annual Women of Innovation Award from the Connecticut Technology Council. In 2007, she was Tech Editor for the popular 2007 CEH V5 Study Guide, and a multiple chapter author for the 2007 CHFI Study Guide. She sits on three advisory boards for computer security (start-up) technology companies and is a frequent speaker at computer security and wireless industry events. She is a founding member of the NYC HTCIA and IETF chapters, works closely with (ISC)², ISSA, and ISACA chapters, and the security and wireless vendor community. She specializes in information security, intrusion detection, information assurance (PKI), wireless security and security awareness training.

William Stallings, PhD (e-mail: [email protected]) is a consultant, lecturer, and author of over a dozen professional reference books and textbooks on data communications and computer networking. His clients have included major corporations and government agencies in the United States and Europe. He has received numerous awards for the Best Computer Science Textbook of the Year from the Text and Academic Authors Association. He has designed and implemented both TCP/IP-based and OSI-based protocol suites on a variety of computers and operating systems, ranging from microcomputers to mainframes. Stallings created and maintains the Computer Science Student Resource Site at http://WilliamStallings.com/StudentSupport.html.

Peter Stephenson, PhD, is a writer, researcher and lecturer on information assurance and risk, information warfare and counterterrorism, and digital investigation and forensics on large-scale computer networks. He has lectured extensively on digital investigation and security and has written or contributed to 14 books and several hundred articles in major national and international trade, technical and scientific publications.

He is the Associate Program Director in the Master's of Science in Information Assurance program at the Norwich University School of Graduate Studies, where he teaches information assurance, cyber crime and cyber law, and digital investigation on both the graduate and undergraduate levels. He is Senior Research Scientist at the Norwich University Applied Research Institutes, Chair of the Department of Computing, and the Chief Information Security Officer for the university.

He has lectured or delivered consulting engagements for the past 23 years in 11 countries plus the United States and has been a technologist for over 40 years. He operated a successful consulting practice for over 20 years and has worked for such companies as Siemens, Tektronix, and QinetiQ (UK).

Stephenson obtained his PhD in computer science at Oxford Brookes University, Oxford, England, where his research was in the structured investigation of digital incidents in complex computing environments. He holds a Master's of Arts degree in Diplomacy with a concentration in Terrorism from Norwich University.

He is on the editorial advisory boards of International Journal of Digital Evidence and the Norwich University Journal of Information Assurance among several others. Stephenson is technology editor for SC Magazine and the editor in chief for Norwich University Press.

Stephenson is a Fellow of the Institute for Communications, Arbitration and Forensics in the United Kingdom and is a member of Michigan InfraGard and the International Federation of Information Processing Technical Committee 11, Working Group 11.9, Digital Forensics. He serves on the steering Committee of the Michigan Electronic Crime Task Force. His research is focused on information conflict.

Gary L. Tagg is a highly experienced information security professional with over 20 years working in the financial and government sectors. The organizations he has worked with include Deutsche Bank, PA Consulting group, Clearstream, Pearl Assurance, and Lloyds TSB. He has performed a wide range of security roles including risk management, consulting, security architecture, policy and standards, project management, development, testing and auditing. Tagg is currently a risk consultant in Deutsche Bank's IT security Governance Group.

Nicholas Takacs is an information security professional and Business Systems Director for a long-term care insurance company. He is also an Adjunct Professor of Information Assurance at Norwich University. Takacs has expertise in the areas of security policy management, security awareness, business continuity planning, and execution. Prior to moving into the insurance industry, Takacs spent several years in the public utility industry focusing on the areas of regulatory compliance, disaster recovery, and identity management.

James Thomas, MSc CISSP, is a Senior Partner with Norwich Security Associates, a full-spectrum information assurance consultancy headquartered in Scotland. Thomas spends most of his professional time providing policy, process, and governance advice to large banking and financial organizations in the United Kingdom and Europe. He is a 2004 graduate of the Norwich University Master of Science in Information Assurance program. Prior to focusing his efforts in the security space, he had a long career in Information Technology and Broadcast Engineering spanning the United Kingdom and the eastern United States.

Lee Tien, Esq., is a Senior Staff Attorney with the Electronic Frontier Foundation in San Francisco, California. He specializes in free speech and surveillance law and has authored several law review articles. He received his undergraduate degree in psychology from Stanford University and his law degree from Boalt Hall School of Law, UC Berkeley. He is also a former newspaper reporter.

Timothy Virtue is an accomplished information assurance leader with a focus in strategic enterprise technology risk management, information security, data privacy, and regulatory compliance. Virtue has extensive experience with publicly traded corporations, privately held businesses, government agencies, and nonprofit organizations of all sizes. Additionally he holds these professional designations: CISSP, CISA, CCE, CFE, and CIPP/G.

Myles Walsh is an Adjunct Professor at three colleges in New Jersey: Ramapo College, County College of Morris, and Passaic County Community. For the past 12 years, he has taught courses in Microsoft Office and Web Page Design. He also implements small Office applications and Web sites. From 1966 until 1989, he worked his way up from programmer to director in several positions at CBS, CBS Records, and CBS News. His formal education includes an MBA from the Baruch School of Business and a BBA from St. John's University.

Karen F. Worstell, CISM, is Cofounder and Principal of W Risk Group, a consultancy serving clients across multiple sectors to define due diligence to a defensible standard of care for information protection. Her areas of expertise include incident detection and management, compliance, governance, secure data management and risk management. She is coauthor of Evaluating the Electronic Discovery Capabilities of Outside Law Firms: A Model Request for Information and Analysis (BNA, 2006) and is a frequent speaker and contributor in risk management and information security forums internationally. She participates in ISACA, IIA, and the ABA Science and Technology Section, Information Security Committee, and serves as President of the Puget Sound Chapter of the ISSA.

Noel Zakin is President of RANCO Consulting LLC. He has been an information technology/telecommunications industry executive for over 45 years. He has held managerial positions at the Gartner Group, AT&T, the American Institute of CPAs, and Unisys. These positions involved strategic planning, market research, competitive analysis, business analysis, and education and training. His consulting assignments have ranged from the Fortune 500 to small start-ups and have involved data security, strategic planning, conference management, market research, and management of corporate operations. He has been active with ACM, IFIP, and AFIPS and currently with ISSA. He holds an MBA from the Wharton School.

William A. Zucker, Esq., is a partner at McCarter & English, LLP's Boston office. Zucker serves as a senior consultant for the Cutter Consortium on legal issues relating to information technology, outsourcing, and risk management, and is a member of the American Arbitration Association's National Technology Panel and a member of the CPR Institute's working group on technology business alliances and conflict management. He has also served on the faculty of Norwich University, where he taught the intellectual property aspects of computer security. Zucker is a trial lawyer whose practice focuses on negotiation/litigation of business transactions, outsourcing/ebusiness and technology/intellectual property. Among his publications are: “The Legal Framework for Protecting Intellectual Property in the Field of Computing and Computer Software,” written for the Computer Security Handbook, 4th edition, coauthored with Scott Nathan; and “Intellectual Property and Open Source: Copyright, Copyleft and Other Issues for the Community User.”