ABOUT THE AUTHOR

Andrea Simmons, M.Inst.ISP, CISSP, CISM, FBCS CITP, MA, ISSA Senior Member and IISP Director, is Global Head of Policy Governance, HP Enterprise Security Services.

Andrea is an enthusiastic information governance evangelist and specialist with extensive experience in both the private sector and the UK-wide public sector – including local government, non-departmental public bodies (NDPBs), and health and emergency services. Andrea has expertise in information security management systems (ISMSs) (ISO27001, strategy and planning, policies and procedures development and implementation, etc.), information rights legislation/regulation and standards (including data protection (DP) and freedom of information (FOI)), records management (RM), governance risk and compliance (GRC), information assurance (IA), business continuity planning (BCP), resilience and disaster recovery. This covers the breadth of UK public and private sector compliance requirements including ISO27001, FSA, ICO, data handling, PCI, CoCo, GCx, security architecture and design, implementing compliance programmes and ISMSs, through the deliverance of change management programmes and innovative training solutions, whilst being heavily influenced by US and global legislation, regulation and standards development and maturation. Andrea has been an active information security industry contributor for a decade, writing articles and blogs and presenting at conferences, seminars and workshops.

Andrea has contributed to standards developments and industry research and is now working on a PhD in information assurance through the University of Wolverhampton, researching the background to the development of the subject itself – its genus and meaning across the industry – and tackling the language barriers created by our complex web of industry acronyms and misconstrued meanings, which appear to be hampering the implementation of best-practice information assurance in the context of the information society.

Andrea has also held the role of consultant security forum manager for the BCS Chartered Institute of IT: www.bcs.org/security and is now a member of the BCS Security Community of Expertise (SCoE), and has been a member of the Management Committee of IAAC, www.iaac.org.uk, for several years. She is also a full, Chartered Fellow of the BCS and its relevant specialist groups: security, audit and law, and is on the BCS Register of Security Experts. Andrea is also a member of ISACA, ISSA, ISC2 and the Cyber Security KTN, and a founding member of the Institute of Information Security Professionals, to name but a few!

Andrea achieved Chartered IT Professional Status in February 2007 and M.Inst.ISP in 2008. In January 2012, Andrea was awarded Senior Member status of the ISSA, http://www.issa.org/.