More About the Author
Recipient of Computer Security Institute's Lifetime Achievement Award.
Charles Cresson Wood, CISSP, CISM, CISA is an author and independent information security consultant based in Mendocino, California. In the information security field on a full-time basis since 1979, he has worked as an information security management consultant at SRI International (formerly Stanford Research Institute) as well as lead network security consultant at Bank of America. He has done information security work with over 120 organizations, many of them Fortune 500 companies, including a large number of financial institutions and high-tech companies. His consulting work has taken him to over twenty different countries around the world.
He is noted for his ability to integrate competing objectives (like ease-of-use, speed, flexibility and security) in customized and practical compromises that are acceptable to all parties involved. Acknowledging that information security is multi-disciplinary, multi-departmental, and often multi-organizational, he is additionally noted for his ability to synthesize a large number of complex considerations and then to document these in security architectures, system security requirements, risk assessments, project plans, policy statements, and other clear and action-oriented documents.
He has published over 300 technical articles and five books in the information security field. In addition to TV and radio appearances, he has been quoted as an expert in publications such as Business Week, Christian Science Monitor, Computerworld, IEEE Spectrum, Infoworld, LA Times, Network Computing, Network World, PC Week, The Wall Street Journal, and Time. He has also presented cutting-edge information security ideas at over 100 technical and professional conferences around the globe.
Mr. Wood is Senior North American Editor for the journals "Computers & Security" and "Computer Fraud & Security Bulletin", as well as a monthly columnist for "Computer Security Alert". He holds an MBA in financial information systems, an MSE in computer science, and a BSE in accounting from the Wharton School of Business at the University of Pennsylvania. He has passed the Certified Public Accountant (CPA) examination and is both a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP). In November 1996 he received the Lifetime Achievement Award from the Computer Security Institute for "sincere dedication to the computer security profession."
Here is a sampling of the over 335 security related articles by Charles Cresson Wood:
"Researchers Must Disclose All Sponsors And Potential Conflicts," Computer Security Alert, No. 197, March 2000; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 220]
"Integrated Approach Includes Information Security," Security, pp. 43-44, February 2000; Publisher: Cahners, Des Plains, IL. [pub. no. 219]
"Get Data Safety Policies In Place," American Banker, 11 February 2000, p. 7; Publisher: American Banker, New York, NY. [pub. no. 218]
"All Internet Personal Data Gathering Techniques Must Be Disclosed," Computer Security Alert, No. 196, February 2000; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 217]
"The Information Security Profession: Evolutionary Career Paths," Information Security, November 1999; Publisher: published by ICSA.net, Norwood, MA. [pub. no. 214]
"Disclosures Of Private Information Without Data Subject Consent," Computer Security Alert, No. 193, November 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 212]
"Termination Of Outsourcing Contracts For Security Violations," Computer Security Alert, No. 191, September 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 210]
"Top Ten Impediments To Implementing An Information Security Policy," Information Security, September 1999, Publisher: Information Security, Norwood, MA (cover story). [pub. no. 209]
"A Functional Comparison Of Tandem Data Replication Software Packages," an extensive independent report prepared for customers and prospects, August 1999; Publisher: Compaq Corporation, Cupertino, CA. [pub. no. 207]
"Subjects Given Opportunity To Block Private Information Disclosures," Computer Security Alert, No. 189, June 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 205]
"Use Of Personal Digital Assistants, Hand-Held Computers, And Smart Phones For Corporate Business Information," Computer Security Alert, No. 186, March 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 202]
"All Systems Access Privileges Cease When Workers Terminate," Computer Security Alert, No. 185, February 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 202]
"Non-Compliance And Disciplinary Action," Computer Security Alert, No. 182, November 1998; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 198]
"Convenience Versus Multi-Factor User Authentication," Computer Security Alert, No. 181, October 1998; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 196]
"Twelve New Vulnerabilities Introduced by Internet Commerce," Information Security Bulletin, September 1998 (volume 3, issue 6, cover story), Publisher: Chi Publishing Ltd., London, England. [pub. no. 195]
"All Telephone Transactions Require Positive Caller Identification," Computer Security Alert, No. 179, August 1998; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 193]
"The Truth About Masquerading and Spoofing," Network Magazine, February 1998; Publisher: Miller Freeman, San Francisco, CA. [pub. no. 183]
"Unauthorized Information Disclosure and Loss of Stock Options," Computer Security Alert, No. 173, December 1997; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 185]
"Managing Perceptions About Internet Electronic Commerce Security," Computer Security, Audit & Control, February 1997; Publisher: Management Advisory Services Publications, Wellesley Hills, MA. [pub. no. 165]
"Information Security: Are We Winning the Game?" Computer Fraud &Security Bulletin, January 1997; Publisher: Elsevier Science Technology, Oxford, England. [pub. no. 162]
"Encryption for Files Left on Anonymous FTP Servers," Computer Security Alert, No. 163, October 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 159]
"Encryption Systems Must Include Key Escrow," Computer Security Alert, No. 157, April 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 152]
"Cryptography Plays Central Role in Future Electronic Commerce," March 1996, pp. 9-10, Computer Fraud & Security Bulletin; Publisher: Elsevier Science Technology, Oxford, England. [pub. no. 151]
"Users Must Not Attempt to Eradicate Viruses," Computer Security Alert, No. 156, March 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 150]
"EDP Audit Must Be Independent of Information Security," Computer Security Alert, No. 155, February 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 147]
"Reliance on Information Downloaded From Internet," Computer Security Alert, No. 153, December 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 145]
"When to Report Computer Crimes to Law Enforcement," Computer Security Alert, No. 151, October 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 141]
"New Intellectual Property and the Need for Information Security," Computer Fraud & Security Bulletin, September 1995, pp. 18-19; Publisher: Elsevier Science Ltd., Oxford, England. [pub. no. 139]
"Require Approval for Official Statements Posted to the Internet," Computer Security Alert, No. 149, August 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 136]
"Internet Anarchy and the Effectiveness of Laws," Computerworld, 12 June 1995. Expanded version also appears as "Need for Worldwide Internet Laws," in Computer Fraud & Security Bulletin, p.10, July 1995, Elsevier Science Publishers, Oxford, England. [pub. no. 133]
"ISO 9000 and Information Security," Computers & Security, vol. 14, no. 4, pp. 287-288, October 1995; Publisher: Elsevier Science Publishers, Oxford, England (co-author Karen Snow). [pub. no. 131]
"Why SATAN Should Not Have Been Distributed As It Was," Computer Security Alert, No. 146, May 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 128]
"Destroy Archived Electronic Mail Periodically," Computer Security Alert, No. 142, January 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no. 124]
"Wireless Network Security," Proceedings of Wireless Datacom '94 Conference held in Washington, DC, 6-8 December 1994; Publisher: Business Communications Review, Hinsdale, IL. [pub. no. 122]
"Fifty Ways to Secure Dial-Up Communications," Computers & Security, May 1994, vol. 13, no. 3, pp. 209-215; Publisher: Elsevier Advanced Technology, Oxford, England. [pub. no. 118]
"Identity Token Usage at American Commercial Banks," Computer Fraud & Security Bulletin, March 1995; Publisher:Elsevier Science Publishers, Oxford England, pp. 14-16. [pub. no. 114]
"Security Problems in Collaborative Computing," Network World, October 1994; Publisher: International Data Group, Framingham, MA. [pub. no. 113]"The Newest Threat to Information Security: Open Book Management," EDPACS, August 1994; Publisher: WarrenGorham Lamont, Boston, MA. [pub. no. 110]
"Principles of Secure Information Systems Design with Groupware Examples," Proceedings of the Groupware '92 Conference, held in San Jose, California 3-5 August 1992; Publisher: Morgan Kaufmann Publishers, San Mateo, CA. [pub. no. 75]"A Strategy for Developing Information Security Documents," Journal of Information Systems Security, vol. 1, issue 2, Summer 1992, pp. 71-78; Publisher: Auerbach Publishers, New York, NY (co-author: Juhani Saari). [pub. no. 68]
"Using Information Security to Achieve Competitive Advantage," Proceedings of the 18th Annual CSI Conference, Miami, Florida, November 11-15, 1991; Publisher: Computer Security Institute, San Francisco, California. [pub. no. 58]"Data Dictionaries and Information Security," Proceedings of SECURICOM '84 International Conference, Cannes, France, 29 February - 2 March 1984, pp. 55-63; Publisher: SEDEP, Paris, France. [pub. no. 24
"International Barriers to Information Flows," SRI International Business Intelligence Report, Report #1057, March 1981; Publisher: SRI International, Menlo Park, CA. [pub. no. 10]
"Computer Crime: Criminal Justice Resource Manual," with Parker, Donn B., Publisher: U.S. Government Printing Office, Washington, DC; prepared for U.S. Department of Justice; order no. 1979-311-379/1710, 1979. [pub. no. 1]
Books Written by Charles Cresson Wood:
Information Security Policies Made Easy [a book of 1300+ already-written policies provided in both hardcopy and CD-ROM], AND in it's 11th edition, 2010; Publisher: Information Shield, Houston, TX, USA; ISBN# 1-881585-16-9.
Information Security Roles & Responsibilities Made Easy provides practical, step-by-step instructions on how to develop specific information security roles and responsibilities.It includes 40 different job descriptions, 24 organizational mission statements, 15 alternative reporting relationships, and the most comprehensive set of already-written information security roles & responsibilities documents available anywhere. Publisher: NetIQ Corporation, San Jose, USA; ISBN# 1-881585-08-5.
Best Practices in Internet Commerce Security [derived from a survey of Internet merchants, Internet service providers (ISPs), Internet commerce hosting firms, Internet Trusted Third Parties (TTPs), and Internet commerce software vendors], 1998; Publisher: NetIQ Corporation, San Jose, CA, USA; ISBN#1-881585-05-0.
How to Handle Internet Electronic Commerce Security: Risks, Controls & Product Guide [a guide for the design and specification of Internet security measures], released in 1996; Publisher: NetIQ Corporation, San Jose, CA, USA; ISBN#1-881585-03-4.
Effective Information Security Management [a book of tools and techniques for dealing with information security problems], 1991; Publisher: Elsevier Advanced Technology, Oxford, England; ISBN#1-85617-070-5.
Computer Security: A Comprehensive Controls Checklist [a book detailing standard control practices -- particularly useful for audits and reviews], 1987; Publisher: John Wiley & Sons, New York, NY, USA; ISBN#O-471-84795-X.
Consulting Services Include:
Information systems risk analysis and EDP audits
Enterprise-wide information security policy development
Organizational infrastructure for information security
Customized security solutions for cutting-edge application systems
Security design reviews for Internet commerce merchants and banks
Network security architecture compilation and documentation
Expert witness testimony and strategy for computer crime trials
Training and awareness program development and presentation
For more information about information security consulting services click here.
As a matter of policy, Mr. Wood does not accept referral fees, marketing finder's fees, sales commissions, or any other financial remuneration for mentioning information security products or services to clients. In this way he can be truly independent and make recommendations, which are unquestionably in the best interests of consulting clients.
