ACKNOWLEDGEMENTS

The writing of any broad work on IT governance and management is not possible without the dialogue and experiences of the GRC community and the wonderful people at ITGI. There are innumerable encounters, discussions, and individuals who brought their perspective, experience, and gracious support to this endeavor. A few individuals deserve particular mention because of their inspirational insights and very hard work in IT that contributed to my on-the-job training.

Angela Wilde and Vicki Utting, my gratitude for patience and expertise that knows no bounds. Brian Johnson CA, Giuseppe G. Zorzino CISA CGEIT CRISC, Security Architect, and Michael Quailo for your useful contributions during the review process, thank you.

One of the best teams of leaders one could ask for was involved in the effort at AT&T Wireless in 2003–04. Steve Broadbent, Shailesh Grover, Mike Hagen, Kathy Hager, Janet Kerns, Mark King, Bob Maynard, Kirsten Simonitsch, Gary Toretti, Vanessa Pegueros and Susan Yetti, and David Zager helped to navigate the organizational challenge of implementing best practices for an IT organization based on ITIL^® and COBIT^® in the first year of Sarbanes–Oxley 404. Without them, the experience of what it meant to be part of a group to re-engineer a best of breed IT organization and reducing risk could not have happened. Our auditors literally taught us how to think about control environments for IT: Suzanne Cragin, Rick Hewitt and Lynnette Richman made our success possible, even as we lost stomach lining.

We would have been lost at AT&T Wireless without the online resources of ITGI and ISACA^® during the first year of SOX 404.

At SRI Consulting and Atomic Tangerine, the ultimate experience of the International Information Integrity Institute (I-4®) shaped my thinking and perspective. The late Bruce Baker, Donn Parker, the late Gene Schultz, Doug Webb, Suzuki, and Susan Swope provided amazing expertise and helped me learn the meaning of “thought leadership.”

My friend, professional mentor, and colleague, Jim Maloney, was, and continues to be, a constant inspiration to be “incredibly prepared.”

Rhonda MacLean gave me opportunities in business continuity management within the financial services industry that led to my interface with business continuity standards, financial services regulatory organizations, and technical problem solving.

Alan Weindorf, CFO and friend, tolerated me following him with a book of financial terms in order to learn the finances necessary to put together a meaningful cost model.

Jeffrey Ritter ESQ passionately informed and instructed me on the issues surrounding due diligence and a standard of care.

Steve Whitlock and Mig Hoffman were the brains and the solid experience at Boeing that taught me the benefit of understanding the technical bits about one’s network in order to manage risk, and the benefit of bucking the system in order to improve security and risk in IT.

Certainly not least, but last, is my friend, husband, and professional collaborator, Craig Worstell, who has supported my professional commitments that often took me far away from home for months at a time throughout my professional career, and always takes the time to explain the details of the latest information security technology risks. In countless ways, without him, none of this would be possible.

So many people influenced this effort through their inspiration, support, collaboration, expertise, and hard work that they are impossible to name. For anyone I inadvertently omitted, I apologize. Every person with whom I’ve worked over the past many years has contributed a great deal to the cumulative experience that makes writing any work, however, brief, possible. To everyone: Thank you.