WELCOME TO THE IT GOVERNANCE EXPERTS PANEL
Here at IT Governance we want to help you grow in your understanding & knowledge of the wide range of IT governance subjects. So, along with the vast array of products we have on offer to help you do this in our online shop, we've brought together a worldwide panel of experts to help answer specific questions.
The aim of the panel is to be your one-stop destination for answers to your questions and queries about the world of IT governance disciplines and issues.
If your question is in relation to qualifications, why not start off by looking at our
Info Security Qualifications page, or otherwise ask one of our experts.
To do this, please see below for the IT governance area you are interested in finding out more about, and then click on the link to the relevant 'Meet the Expert' section.
"The only source of knowledge is experience"
Quote by Albert Einstein
| Subject | Expert | Based in... |
| BS 7799 |
England USA England |
|
| CESG Green Check standard | Ken Munro | England |
| Change Management & Tools | Steve Watkins | England |
| CITRIX and Thin Client Testing | Ken Munro | England |
| DMZ (Demilitarised Zone) and Firewall
Security Testing |
Ken Munro | England |
| Enterprise Risk Management |
England |
|
| Email and Content Filter Testing | Ken Munro | England |
| HMG Memorandums |
England |
|
|
Information Security |
Mark Edmead |
USA USA |
| ISMS |
England |
|
|
ISMS & Management System Auditing |
USA England |
|
| ISO 9001 |
England |
|
| ISO 17799 |
England |
|
| ISO 20000 |
USA |
|
|
ISO 27001 |
Alan Calder |
England USA USA England England |
| ISO 27002 |
England |
|
| ITIL |
USA |
|
| IT Service Management |
USA |
|
|
Management Systems (including integration) |
England |
|
| Mobile Workforce Security Assessment | Ken Munro | England |
| PAS 99 Integrated Management System |
England |
|
| PCI DSS |
England England |
|
| PRINCE2 (Programme Manager) |
England |
|
| RAS (Remote Access Service) and VPN
(Virtual Private Network) testing |
Ken Munro | England |
|
Recruiting/Staff Augmentation Solutions |
USA |
|
| Regulatory Compliance | Mark Edmead |
USA USA |
| Risk Assessment |
England |
|
| RFID (Radio Frequency Idenitification)
Security Assessment |
Ken Munro | England |
| RMADS (IS1, IS2) |
England |
|
| SCADA (Supervisory Control and Data
Acquisition) Security Assessment |
Ken Munro | England |
| Server Build Security Testing | Ken Munro | England |
| Social Engineering | Ken Munro | England |
| SOX (404) |
USA England |
|
|
Standardization |
England |
|
| Supplier/Partner Risk Assessment |
USA |
|
| Total Quality Management |
USA |
|
|
Technology Risk Assessment
|
USA USA |
|
| Voice and Video Over IP | Ken Munro | England |
| Web 2.0 Application Security | Ken Munro | England |
If you have a question relating to an area of expertise please either send your message directly to one of our experts, or to Donna Garner, our Client Services Executive at dgarner@itgovernance.co.uk and we will do our best to help you.
"If you have knowledge, let others light their candles in it."
Quote by Margaret Fuller
How to join our Expert Panel
We are still interested in attracting further experts who would like the opportunity to advise our clients and write expert content on the broad range of IT governance subjects (including ITIL, project governance, information security, compliance, risk management, etc) for publication through our online KnowledgeBank.
Members of the panel will have the opportunity to broaden their exposure to an international audience, and to be considered for book-writing opportunities through our in-house publishing imprint.
If you would like to be considered, please write directly to Donna Garner dgarner@itgovernance.co.uk with details of your qualifications and areas of expertise.
MEET THE EXPERTS
Listed alphabetically by surname
|
|
Alan Calder is an international authority on information security management. He led the world’s first successful implementation of BS 7799, the information security management standard upon which ISO 27001 is based, and with Steve Watkins wrote the definitive compliance guide for this standard, ‘IT Governance: A Manager’s Guide to Data Security and BS7799/ISO17799’. The 3rd edition of this book is the basis for the UK Open University’s postgraduate course on Information Security.
He is a consultant to companies including Cisco. He regularly blogs on IT security issues at http://alancalder.blogspot.com/.
Email your questions to Alan at: acalder@itgovernance.co.uk |
||
| Davis Robert E
|
Robert E. Davis is an independent management audit consultant, a Pleier Corporation author as well as a Boson Software, Inc. author and instructor. His IT audit specializations include Control Objectives for Information and related Technology, Sarbanes-Oxley Act, and the Foreign Corrupt Practices Act. Regarding information security and privacy, Robert is available to provide International Organization for Standardization-27002, U.S. Federal Information Security Management Act, Gramm-Leach-Bliley, and Basel II consulting. Furthermore, his primary computer technology research interests are databases, operating systems, and distributed information systems processing.
Lastly, Robert's workbook credits include: "IT Auditing: An Adaptive Process", "IT Auditing: Information Assets Protection", "IT Auditing: Irregular and Illegal Acts", "IT Auditing: IT Governance", "IT Auditing: IT Service Delivery and Support" and "IT Auditing: The Process".
Email your questions to Robert at: bobdcisa@yahoo.com |
|
Mark Edmead has over 25 years of experience in computer systems architecture, information security, and project management. Mark has extensive knowledge in IT and Application audits, IT Governance, including Sarbanes-Oxley compliance auditing.
He understands all aspects of information security and protection including access controls, cryptography, security management practices, network and Internet security, computer security law and investigations, and physical security.
Mark has consulted with Fortune 500 and Fortune 1000 companies in the areas of information systems, and Internet security. He has worked with many international firms, and has delivered security presentations in Japan, China, Singapore and Europe. He has taught advanced Windows NT courses and presented technical papers on Windows performance and implementing information security solutions at numerous conferences worldwide. He currently teaches audit and IT security courses for the Institute of Internal Auditors (IIA) and Learning Tree International. He is currently an adjunct professor at Keller Graduate School of Management.
Email your questions to Mark at: mark@mteadvisor.com |
|
|
Barry Kouns, is principal and information security director for SQM-Advisors, an Information Security, Quality Systems and IT Service Management consultancy. Barry leads SQM-Advisors’ pre-certification consulting and training services in the areas of ISO 27001, ISO 20000 and quality management systems. With over 25 years of experience in information security consulting, quality management and professional staffing, Barry has performed work for financial, healthcare, defense, insurance, manufacturing and aerospace companies.
He is a trained BS7799/ISO 27001 lead auditor and implementer and was the lead consultant responsible for guiding the Federal Reserve Bank of New York to the first ISO 27001:2005 certification in North America.
Barry is an accomplished presenter and trainer and has contributed to numerous information security articles for leading IT, banking and financial publications. He holds a BS in Statistics from Virginia Tech and a MS in Industrial Engineering from NDSU. Email your questions to Barry at bkouns@sqm-advisors.com Website: www.sqm-advisors.com |
||
| Munro Ken
|
Ken Munro is Managing Director of SecureTest, an independent penetration testing consultancy specialising in security assurance which performs security testing across a wide range of commercial industries, from IT to telecoms, to finance, and also across the public sector. Adept at translating technical vulnerability into meaningful business risk, Ken has a wealth of experience in meeting compliance standards (such as the PCI initiative) and in providing business continuity using security best practice. Ken is a regular contributor to SC Magazine, Infosecurity Today and also writes for FT Digital Business and has become well-known for his investigations into the security weaknesses of cutting edge technologies such as RFID and biometrics. Prior to founding SecureTest, Ken held various positions with security experts Vigilante of Denmark and Network Associates as well as the anti-virus software provider Dr Solomon’s. He has worked in the field of security since 1996 before which he read Applied Physics at Lancaster University. Email your questions to Ken at ken.munro@securetest.com Website: www.securetest.com |
||
|
|
Randy is the author of the book Implementing ITIL – Adapting Your IT Organization to the Coming Revolution in IT Service Management. Randy has been a frequent speaker at a number of itSMFUSA conferences around the country and was one of the keynote speakers at the national itSMFUSA Conference in 2004. Randy also serves as the co-chair for the itSMFUSA Research Committee and edits the ITSM Research Newsletter for that organization.
Randy has over 25 years of extensive hands-on IT Service Management and operations experience gained from many clients around the world. He is the co-author of an ITSM methodology and operational framework formerly used by Andersen Consulting (now Accenture) worldwide. He was an early ITIL champion while at IBM and served a stint as Global Head of Service Management for Reuters, a worldwide major media company. Randy is currently a Senior Business Associate with Migration Technologies, an ITIL implementation company, leading large scale IT Service Management (ITSM) efforts for their clients. His second ITIL book: “Measuring ITIL - Measuring, Reporting and Modeling the IT Service Management Metrics That Matter Most to IT Senior Executives” was recently published in 2006.
Randy is ITIL Service Manager certified. He is also ISO20000 Consultant certified and holds a Project Management Professional (PMP) designation. Email your questions to Randy at: RandyASteinberg@aol.com |
||
|
|
Steve is co-author of the book on IT Governance, and provides consultant and training services for IT Governance Limited.
Steve has held posts with HM Crown Prosecution Service Inspectorate, London Underground, Focus Central London, Business Link, a large photocopier sales and service organization and in local Government. In his various roles he has been responsible for most support disciplines. He has over 17 years' experience of managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. As well as being a trained ISO27001 and ISO9000 auditor Steve is a trained EFQM Assessor and holds diplomas in safety and financial management.
He is Chair of the ISO/IEC27001 User Group, the UK Chapter of the ISMS International User Group, and also sits on the Management Committee of the British Standards Society where he chairs the Corporate Governance Group.
Email your questions to Steve at: swatkins@itgovernance.co.uk |
||
|
|
Steve Wright is a highly qualified, motivated and adaptable Business Leader and Information Security Consultant who is an effective communicator and organizer, accustomed to meeting tight deadlines and targets. With a wide range of experience and proven track record, possesses positive self-motivation as well as excellent interpersonal and presentation skills.
He is the Senior Consultant providing Professional advice in relation to Information Security/Technology/Management to meet BS7799, ISO27001, ITIL, ISO20000, PAS56, PAS99, PCI DSS, ISO13335 and works under other compliance frameworks such as Basel II, FSA, SOX and Turnbull requirements. In addition, he is accustom to implementing risk best practices such as Enterprise Risk Management Frameworks and conducing risk assessments, using tools such as CRAMM.
He is currently project managing many implementations of ISO27001 ISMS systems, both virtually and physically, from initiation through to final delivery, to meet certification requirements of ISO27001, ISO9001 and ISO20000 in both financial, private and public service sectors, two of which have recently achieved Certification to ISO/IEC27001:2005 in late 2005 alone.
Email your questions to Steve at: Steve.Wright@ISO27002.INFO |
