WELCOME TO THE IT GOVERNANCE EXPERTS PANEL
Here at IT Governance we want to help you grow in your understanding & knowledge of the wide range of IT governance subjects. So, along with the vast array of products we have on offer to help you do this in our online shop, we've brought together a worldwide panel of experts to help answer specific questions.
The aim of the panel is to be your one-stop destination for answers to your questions and queries about the world of IT governance disciplines and issues.
As well as answering your questions, our expert panel provide high-quality articles on a range of subjects which are then available through our KnowledgeBank.
If your question is in relation to qualifications, why not start off by looking at our Info Security Qualifications page, or otherwise ask one of our experts.
To do this, please see below for the IT governance area you are interested in finding out more about, and then click on the link to the relevant 'Meet the Expert' section.
"The only source of knowledge is experience"
Quote by Albert Einstein
| Subject | Expert | Based in... |
| BS 7799 |
Paul Dwyer |
England England India Portugal Ireland |
| Change Management & Tools | Steve Watkins
Cindy Greatrex |
England
USA USA |
| Computer Forensics / Cyber Crime | Dr Julie Mehan
Michael Krausz Paul Dwyer |
USA
India India Vienna Ireland |
| Data Protection Compliance / BS10012 | Paul Dwyer | Ireland |
| Disaster Recovery / Business Continuity | Thejendra B.S
Cindy Greatrex Paul Dwyer |
India
USA Ireland |
| Enterprise Risk Management |
Kersi F. Porbunderwalla Paul Dwyer |
England Ireland |
| Ethical Hacking / Penetration Testing | Peter Wood
Paul Dwyer |
England
Ireland |
|
Information Security |
James Ritchie Paul Dwyer |
USA India England India USA USA Ireland |
| ISMS |
Paul Dwyer |
England India Portugal |
|
ISMS & Management System Auditing |
Michael Krausz Paul Dwyer |
USA EnglandIndia Vienna Ireland |
| ISO 9001 |
England |
|
| ISO 17799 |
Paul Dwyer |
England Ireland |
|
ISO 27001 |
Alan Calder James Ritchie Kersi F. Porbunderwalla Paul Dwyer |
England USA England India Portugal India USA USA Ireland |
| ISO 27002 |
Kersi F. Porbunderwalla Paul Dwyer |
England |
| IT/IA Governance |
Dr Julie Mehan
Paul Dwyer |
England England USA Ireland |
| ITIL |
USA |
|
| IT Project Management | Thejendra B.S
Michael Krausz |
India
Vienna |
| IT Service Management |
India |
|
| Lotus Notes | Anil Chiplunkar | India |
| PAS 99 Integrated Management System |
England |
|
| PCI DSS |
James Ritchie Michael Krausz Paul Dwyer |
India USA Vienna Ireland |
|
Recruiting/Staff Augmentation Solutions |
USA |
|
| Regulatory Compliance |
Cindy Greatrex Paul Dwyer |
USA USA USA Ireland |
| Risk Assessment |
Michael Krausz Cindy Greatrex Paul Dwyer |
India India USA Vienna USA Ireland |
| Security Information Management (SIM) | Vinod Vasudevan
Paul Dwyer |
India
Ireland |
| SOX (404) |
James Ritchie Kersi F. Porbunderwalla Paul Dwyer |
USA USA
Ireland |
| Supplier/Partner Risk Assessment |
USA |
|
| Total Quality Management |
USA |
|
|
Technology Risk Assessment
|
USA India |
|
| Technology People Management | Thejendra B.S | India |
If you have a question relating to an area of expertise please either send your message directly to one of our experts, or to Lisa Badcock, our Marketing Executive at lbadcock@itgovernance.co.uk and we will do our best to help you.
"If you have knowledge, let others light their candles in it."
Quote by Margaret Fuller
How to join our Expert Panel
We are still interested in attracting further experts who would like the opportunity to advise our clients and write expert content on the broad range of IT governance subjects (including ITIL, project governance, information security, compliance, risk management, etc) for publication through our online KnowledgeBank.
Members of the panel will have the opportunity to broaden their exposure to an international audience, and to be considered for book-writing opportunities through our in-house publishing imprint. They will also be given the opportunity to review our ITGP books before they are launched and our range of Best Practice Reports.
If you would like to be considered, please write directly to Lisa Badcock at lbadcock@itgovernance.co.uk with details of your qualifications and areas of expertise.
MEET THE EXPERTS
|
|
Alan Calder is an international authority on information security management. He led the world’s first successful implementation of BS 7799, the information security management standard upon which ISO 27001 is based, and with Steve Watkins wrote the definitive compliance guide for this standard, ‘IT Governance: A Manager’s Guide to Data Security and ISO27001/ISO27002’. The 3rd edition of this book is the basis for the UK Open University’s postgraduate course on Information Security.
He is a consultant to companies including Cisco. He regularly blogs on IT security issues at www.alancalderitgovernanceblog.com.
Email your questions to Alan at: acalder@itgovernance.co.uk |
| BS, Thejendra
|
Thejendra B.S has 17+ years of experience in IT support, disaster recovery, business continuity, IT asset management and other related areas. Starting as a computer field engineer in the previous century he has also been directly or indirectly involved in a range of technical project implementations. He has worked in Saudi Arabia, Dubai, Bahrain, Qatar and Australia, and has interacted with countless flavors of customers and organizations of all sizes. He is also a life member of the Bangalore Management Association. Prior to entering the IT waters he was a lecturer in electronics for a short duration in 1989.
Apart from IT work, he is also a writer and author. He has written books like Disaster Recovery & Business Continuity and Practical IT Service Management, both published by IT Governance Publishing, U.K and other books on business humor and self improvement. He also pens articles and books on technology, self improvement, workplace humor, business management and a variety of other topics. His articles have appeared on many reputed websites like geekleaders.com, cio.com, techrepublic.com, cnbc.com, ezinearticles.com, itmuseum.org, drj.com, thecareermag.com sourcingmag.com and many ezines and blogs. A couple of his humor articles were also published by Swift magazine, an in-house magazine published by Harvard College in Cambridge, MA .
Contact him on thejendra@yahoo.com . Visit his web cave www.thejendra.com for his free articles and details of his books.
|
| Chiplunkar, Anil
|
Anil has 23+ years of experience in Information Systems and is working in the information security space for last 9+ years. He is a Certified Information Security Manager (CISM), Certified Fraud Examiner (CFE), and Certified Lead Auditor for ISO27001 and BS7799. He had managed multiple consulting projects for implementation of information security management system (ISMS) for variety of clients. During ISMS projects he handled formulation of security strategies, policies, procedures, Information Security Audits and IS Risk Assessment. He was involved in advising his clients for establishing and improving the holistic information security posture for the individual organizations which includes areas like information technology, physical and environmental security, logical access controls, security in information systems development process etc. He has substantial experience in SUN ERP- financial modules and has implemented it end-to-end. He was the principal design consultant for Finance Workflow Management software using Lotus Notes. He as a consultant had developed and implemented Forex Management software for one of the renowned bank in India. Worked across Asia Pacific, Middle East Countries: India, Nepal, Sri Lanka, Hong Kong, Singapore, Japan, Korea, Taiwan, Indonesia, Malaysia, Philippines, Thailand, Saudi Arabia, Jordan, Oman, Bahrain and Australia. Anil can be contacted at anilchiplunkar@gmail.com
|
| Coelho, Paulo
|
Paulo Coelho has participated in several ISO 27001 projects in leading Portuguese institutions. From the year 2000 onwards he has worked successively in IT security, network security, information security and, at the moment, he is strongly involved with risk and compliance management projects. In those projects he led the development and application of compliance tools against COBIT 4.1, Solvency II, internal IT procedures, etc.
He currently holds a couple of information security qualifications (CISSP, CISA, ISO 27001 Lead Auditor, ISO 27001 Consultant), apart from IT certifications (Cisco´s CCNA and CCDA and Microsoft´s MCSE) and a Master in Information System Management. Paulo is also a part-time University lecturer and Trainer and his memberships include IT Security Normalization Commission in Portugal (CT 163), ISACA and (ISC)².
Currently Paulo is working at KPMG at Information Protection Services (IPS) and when he is not working, he is editing the Information Security Community Portugal website at www.ismspt.blogspot.com, or studying for another certification, he enjoys hiking in mountains with his spouse.
Paulo can be contacted by email at pcoelho@kpmg.com
|
| Davis, Robert E
|
Robert E. Davis is an independent management audit consultant, a Pleier Corporation author as well as a Boson Software, Inc. author and instructor. His IT audit specializations include Control Objectives for Information and related Technology, Sarbanes-Oxley Act, and the Foreign Corrupt Practices Act. Regarding information security and privacy, Robert is available to provide International Organization for Standardization-27002, U.S. Federal Information Security Management Act, Gramm-Leach-Bliley, and Basel II consulting. Furthermore, his primary computer technology research interests are databases, operating systems, and distributed information systems processing. As a CISA, Robert has provided data security consulting and information systems auditing services to the U.S. Securities and Exchange Commission, the United States Enrichment Corporation, Raytheon Company, the U.S. Interstate Commerce Commission, Dow Jones & Company, and Fidelity/First Fidelity (Wachovia) corporations. In particular to management information systems, some of his professional software and hardware experience includes MVS, UNIX, Windows, Oracle, Clarity, the International Money Management System, MS-Project, PERL, COBOL, PASCAL, DEC, IBM, Tandem, Compaq, and DELL. Robert graduated from Temple University and West Chester University of Pennsylvania with a Bachelor of Business Administration and Master of Business Administration degree, respectively. While attending Temple University, his major areas of study were Business Law and Accounting. He successfully completed the requirements for a Management Information Systems subject major at West Chester University. Robert also obtained the Certified Information Systems Auditor (CISA) certificate, after passing the 1988 Information Systems Audit and Control Association’s rigorous 350 multiple-choice questions examination and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls. Robert's workbook credits include: Assuring IT Legal Compliance, IT Auditing: An Adaptive Process, IT Auditing: Assuring Information Assets Protection, IT Auditing: Business Continuity and Disaster Recovery, IT Auditing: Information Security Governance, IT Auditing: Irregular and Illegal Acts, IT Auditing: IT Governance, IT Auditing: IT Service Delivery and Support and IT Auditing: The Process. You can contact Robert at: bobdcisa@yahoo.com |
| Dwyer, Paul
|
TeamInfoSec Ireland Ltd was founded by Paul C Dwyer, an internationally recognised Information Security expert with over 18 years experience. A certified industry professional by the International Information Systems Security Consortium (ISC2) and the Information System Audit & Control Association (ISACA).
Paul's credentials include being a qualified hacker, Sarbanes Oxley auditor, ISO 27001 Lead Auditor, Digital Forensic Investigator and he also holds many other leading qualifications in all areas of information security.
Originally a network guru, Paul’s career developed from IT Manager of a large legal firm to senior designer of the network operation centre’s for EuroControl (Air Traffic) in Luxembourg and communication hubs for Chevron Oil in Kazakhstan and Moscow.
He has worked and trained with such organisations as the US Secret Service, Scotland Yard, FBI, National Counter Terrorism Security Office (MI5), is approved by the National Crime Faculty and is a member of the High Tech Crime Network (HTCN).
Paul has designed a number of specialist commercial information security assessment tools including: 7799Audit – ISO 27001 404Audit – Sarbanes Oxley CispAudit – PCI Management DSS CispScan – PCI Technical DSS
These tools have been utilised by organisations worldwide to achieve compliance and the CispScan tool has been recently evaluated and approved by MasterCard International (Cert #4087-01-02).
Paul has excellent management and communication skills and a prolific contributor in the media on information security related events. He leads from the front and has built TeamInfoSec into Ireland's leading indigenous consultancy firm, providing specialised services to both public and private sector.
Paul can be contacted at paul@teaminfosec.com |
| Greatrex, Cindy
|
Cindy has been actively involved with IT for over 15 years, most notably in Telecom and Network Security. At present she is the Vice President of Channel for Security integrator Integralis. Technology proficiencies include: Enterprise Managed Security Services, SaaS Design/Delivery, Identity and Access Management, Strong Authentication, Intrusion Detection/Prevention Systems, Security +, Virtualization, NAC, SOA, Enterprise Risk Management, Corporate Governance Risk and Compliance suites (ITIL, SAS70 II, COBIT, NERC/CIP, ISO/IEC, SCADA, NIST, FDIC/OCC, SOX). BC/DR, Enterprise Mobility Management, Unified Communications, SAP Security, Vulnerability Management, Sustainable Compliance, Security Policy Design, Forensic Analysis, Cloud Security, Biometrics, Recoverable Network Architecture, BGM/MITM Defense, Enterprise Dynamic Access Control, Change Management, Security Metrics and Measurements, Vulnerability Assessments, Critical Infrastructure Protection and Legacy Data Remediation. Certified in Aviation Security. Author of noted whitepapers on advances in cochlear implant technologies.
Email any questions to Cindy at cindy.greatrex@diplomats.com |
|
|
Barry Kouns, is principal and information security director for SQM-Advisors, an Information Security, Quality Systems and IT Service Management consultancy. Barry leads SQM-Advisors’ pre-certification consulting and training services in the areas of ISO 27001, ISO 20000 and quality management systems. With over 25 years of experience in information security consulting, quality management and professional staffing, Barry has performed work for financial, healthcare, defense, insurance, manufacturing and aerospace companies.
He is a trained BS7799/ISO 27001 lead auditor and implementer and was the lead consultant responsible for guiding the Federal Reserve Bank of New York to the first ISO 27001:2005 certification in North America.
Barry is an accomplished presenter and trainer and has contributed to numerous information security articles for leading IT, banking and financial publications. He holds a BS in Statistics from Virginia Tech and a MS in Industrial Engineering from NDSU. Email your questions to Barry at bkouns@sqm-advisors.com Website: www.sqm-advisors.com |
| Krausz, Michael |
Mr. Michael Krausz studied physics, computer science and law at the University of Technology Vienna and Webster University Vienna. He is a Certified ISMS Manager and Auditor as well as a licensed professional investigator. Pioneering information security in Austria since 1995 he designed the first training class for a modern comprehensive approach on information security in 1998, the technical examination questionnaire for all future ISO 27001 auditors in Austria in 2002 and a two-year training program on Computer Forensics for a foreign public sector customer. After 10 years as system administrator and IT-Manager he now serves as a consultant for national and international corporations in a consulting, training and investigations capacity.
Email your questions to Michael at mkrausz@i-s-c.co.at
|
| Mehan, Julie
|
Dr Julie Mehan is a Principal Analyst for a strategic consulting firm in the State of Virginia. She has been a career Government Service employee, a strategic consultant, and an entrepreneur – which either demonstrates her flexibility or inability to hold on to a steady job! Until November 2007, she was the co-founder of a small woman-owned company focusing on secure, assured software modernization and security services. She led business operations, as well as the information technology governance and information assurance-related services, including certification and accreditation, systems security engineering process improvement, and information assurance strategic planning and programme management. During previous years, Dr Mehan delivered information assurance and security-related privacy services to senior department of defence, federal government, and commercial clients working in Italy, Australia, Canada, Belgium, and the United States.
She served on the President’s Partnership for Critical Infrastructure Security, Task Force on Interdependency and Vulnerability Assessments. Dr Mehan is Chair for the development of criteria for the International System Security Engineering Professional (ISSEP) certification, a voting board member for development of the International Systems Security Professional Certification Scheme (ISSPCS), and chair of the Systems Certification Working Group of the International Systems Security Engineers Association. She also serves as an Associate Professor at the University of Maryland University College, specializing in courses in Information Technology and Organizational Structure, and Ethics in Information Technology.
Dr Mehan graduated summa cum laude (with highest honour) with a PhD from Capella University in Organization and Management, focusing her research into challenges facing Chief Security Officers in large government and commercial organizations and development of a dynamic model of Chief Security Officer leadership. She holds a Master of Arts with honours in International Relations and Law from Boston University and a Bachelor of Science degree in History and Languages from the University of New York. Dr Mehan was elected 2003 Woman of Distinction by the Women of Greater Washington and has published numerous articles including Framework for Reasoning About Security – A Comparison of the Concepts of Immunology and Security; System Dynamics, Criminal Behavior Theory and Computer-Enabled Crime; The Value of Information-Based Warfare To Affect Adversary Decision Cycles; and Information Operations in Kosovo: Mistakes, Misteps, and Missed Opportunities, released in Cyberwar 4.0. Dr Mehan is also fluent in German and has conversational skills in French and Italian. The author can be contacted at jem9608@cox.net
|
|
Porbunderwalla, Kersi F.
|
My extensive experience in performing GRC controls, walk-through and pre-testing of controls for application Security, etc (ExxonMobil, IBM and Shell),clean up the roles and assigned privileges by removing redundant accesses, by implementing mitigating controls for IT risks (IBM, Shell, Volvo, Lundin Mining, ExxonMobil) and by providing the business with the obligatory data to manage the remediation and controls of existing business user SoD conflicts (Volvo Group and several others) provides the background to implementing comprehensive holistic requirements of GRC regulatory mandates . Recently an ISO 27001/2 project for an IBM Partner IT product related to E-mail Management proved the importance of GRC policies and controls. For the past 5 years I have built up a risk management and compliance solutions business, based on 20 years of accounting and finance experience in blue chip corporations. I speak all Scandinavian languages (except Finnish) as I have worked in UK, USA, Norway, Sweden and Denmark. English is my mother tongue. Kersi can be contacted at info@eurosox.dk |
| Ritchie, James | James Ritchie, CISA, CISSP, is an IT Lead Auditor, and has over 25 years of experience as a systems engineer in the information technology arena and consulting. The last six years focusing on compliance auditing for GLBA, SOX, HIPAA, PCI-DSS, and FISMA. James has been an adjunct faculty for Briarwood College, a previous trainer in both New Horizons and for ISACA. James also has performed forensic investigations for corporate fraud and criminal defense teams.
He can be contacted at james_ritchie@sbcglobal.net |
|
|
Steve is co-author of the book on IT Governance, and provides consultant and training services for IT Governance Limited.
Steve has held posts with HM Crown Prosecution Service Inspectorate, London Underground, Focus Central London, Business Link, a large photocopier sales and service organization and in local Government. In his various roles he has been responsible for most support disciplines. He has over 17 years' experience of managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. As well as being a trained ISO27001 and ISO9000 lead auditor Steve is a trained EFQM Assessor and holds diplomas in safety and financial management.
He is Chair of the ISO/IEC27001 User Group, the UK Chapter of the ISMS International User Group, and also sits on the Management Committee of the British Standards Society where he chairs the Corporate Governance Group.
Email your questions to Steve at: swatkins@itgovernance.co.uk |
| Vasudevan, Vinod
|
Vinod Vasudevan, CISSP, is a co-founder of Paladion and has over 13 years of experience in technology and information risk management domain. As the Director for Managed Risk Services at Paladion, Vinod has serviced large enterprise organizations across the globe for setting up of integrated risk management systems and for stream lining system based operations. He has held key technical positions with global firms including Microsoft. He is the co-author of "Application Security in the ISO27001 Environment" and "Enhancing Computer Security with Smart Technology". He has also authored several papers.
He wrote the chapter ‘Application Security and ISO27001’.
Contact Vinod at vinod.vasudevan@paladion.net |
|
|
Peter Wood founded First Base in May 1989 as a vendor-independent consultancy. The firm now provides security testing and audit services to clients including B&Q, Bradford & Bingley, Co-operative Group, the Learning & Skills Council, Skipton Building Society and Xchanging. Peter has hands-on technical involvement in the firm on a daily basis, working in areas as diverse as penetration testing, social engineering and skills transfer.
Peter’s innovative and entertaining speaking style has led him to present to the boards of the largest international companies as well as at international conferences on many IT security-related topics. He has made several documentaries with the BBC and was recently rated the British Computer Society’s number one speaker.
Peter has worked in the electronics and computer industries since 1969. During the mid 1970's, he ran the UK operation for Raytheon International Data Systems: a major supplier of wide area network systems for airlines. He also provided training for customers and staff at Raytheon's headquarters in Amsterdam.
In 1979, he founded Amplicon Micro Systems: one of the first personal computer dealerships in the UK. Amplicon grew to be one of the largest suppliers of personal computers in the South of England. In 1983, Amplicon gained IBM Systems Centre accreditation, specialising in network systems and host connectivity. As a main board director, Peter was responsible for all technical issues and staff training. Peter Wood is a Fellow of the British Computer Society and a member of the BCS Register of Security Specialists.
Peter has a blog site address which is http://fpws.blogspot.com/. Contact Peter at peterw@firstbase.co.uk |
