Alan wrote the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO27001/ISO27002 5th edition (co-written with Steve Watkins), which is the basis for the UK Open University's postgraduate course on information security. This work draws on his experience of leading the world's first successful implementation of BS7799 (now ISO27001).

Other books written by Alan include The Case for ISO27001, ISO27001 - Nine Steps to Success, Risk Assessment for Asset Owners, IT Governance: Guidelines for Directors, IT Governance: A Practitioner's Handbook and IT Regulatory Compliance in the UK.

Alan is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

Alan was previously CEO of Wide Learning, a supplier of e-learning; of Focus Central London, a training and enterprise council; and of Business Link London City Partners, a government agency focused on helping growing businesses to develop. He was a member of the Information Age Competitiveness Working Group of the UK Government's Department of Trade & Industry, and a member of the DNV Certification Committee, which certifies compliance with international standards including ISO/IEC 27001.

Alan's previous speaking engagements include:

• BrightTALK™ Threat and Risk Management Summit (2013) - Cyber-Resilience: The Core of Modern Risk Management
• ICSA Corporate Governance Conference (2013)
• BrightTALK™ Cloud and Mobile Compliance Summit (2013) - Winning the Battle for Mobile Data Security
• Information Security and Cyber Crime Summit, London (2012) – Joined-up Cyber Defence Strategies
• BCM World Conference and Exhibition, London (2012) - Achieve Real Cyber-Resilience by Integrating ISO 22301 with ISO 27001
• Effective Governance Seminar (agendaNi), Belfast, Ireland (2012) - IT Governance: Too important to leave to the IT function!
• Cloud Computing and Virtualization for Public Sector & Enterprize, London (2012) - Information Assurance in the Cloud
• Information Security Europe, London (2012) - Making Sense of Cyber Threats - Management Overview
• CREST Ethical Security Testing Conference , London (2012) - Cyber Security - A Critical Business Risk
• United Nations' Information Security Special Interest Group Symposium, Geneva (2011)
• Information Security Europe (2011) - Penetration testing: is your website an open door to cybercrime?
• IT Governance Conference, London (2010) - IT Governance - and chaired the conference
• Privacy Laws & Business Annual Conference (2010)
• BSI Conference, London (2010) - Information Security - also chaired the conference.
• Capita IT Governance Conference, London (2010) - IT Governance: Practitioner Perspective
• Information Security Europe, London (2010) - Selling Information Security to the Board
• Public Sector Forum (PSF) Event, London (2009) Data Security - also chaired the conference
• Expedite & Barracuda Network Event, London (2009) - Compliance and Information Security
• SC Magazine Information Security Forum, London (2009)- Data Protection Act Compliance
• BSI Conference, London (2009) - IT Governance
• Institute of Directors' Event, London (2009) - The Successful Consultant
• BSI Conference, London (2009)- Best Practice and Standards for Business Results
• National IT and E-Security Conference (NITES) Conference, Dublin, Ireland (2009) - Data Security
• Athens International Forum on Information Security (AIFS) Conference, Athens (2009)
• Public Sector Forum (PSF) Event, London (2008) - PCI DSS for Local Government - and chaired the conference
• IACON Annual Conference, London (2008)
• NCC IT Governance Conference, Birmingham (2007) - Strategic Regulatory Compliance
• ISACA Conference on Information Security, Canada (2007)- Mastering ISO27001
• Intellect Business Assurance Group (IBC) Conference (2007) - Regulatory Compliance
• ISSA e-conference (2007) - Strategic Approach to Regulatory Compliance
• IT Web Conference, South Africa (2006)- IT Governance
• Information Security Conference, Dubrovnik, Croatia(2006) - Best Practice Frameworks
• CCitDG (Charities Consortium IT Directors Group) Annual Conference (2005) - IT Governance

Steve sits on the IST/33 committee responsible for the UK's contributions to the revisions of the ISO2700x series of standards and RM/1, the committee responsible for BS31100, the British Standard for Risk Management and the UK's contributions to ISO 31000. Steve is also co-author (with Alan Calder) of the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO27001/ISO27002.

Steve's previous speaking engagements include:

• SC IT-GRC Conference, London, UK (2012) - How Can You Ensure Effective Information Governance?
• IT GRC Conference, Lisbon, Portugal (2012) - GRC and IA - where does IT fit in?
• IT GRC Conference, Lisbon, Portugal (2011) - Information Security and Supply Chain Assurance
• ISSA-UK AGM and Chapter Meeting, UK (2010) - ISO27001 Certification for SMEs: The Why, The How and the Therefores
• Speaker at various regional meetings of the Chartered Quality Institute (2009 - current)
• ISO27001 Goes Global Conference (2007) - Information Security Risk Assessments in the ERM context