Information Systems Security Editorial Board

Managing Editor

Jim Tiller, CISM, CISA, CISSP, is Chief Security Officer and Managing Vice President of Security Services for International Network Services (INS). Jim has been with INS since 1998 and has provided security solutions for global organizations for the past 13 years. He is the author of The Ethical Hack: A Framework for Business Value Penetration Testing and A Technical Guide to IPSec Virtual Private Networks. He has published several papers on information security issues in the Information Security Management Handbook and in Information Systems Security.

Editorial Advisors

Anton Chuvakin, Ph.D., GCIA, GCIH, is a senior security analyst with net- Forensics, where he is involved with designing the product and researching potential new security features. His areas of InfoSec expertise include intrusion detection, UNIX security, forensics, and honeypots, etc. He is the author of a book entitled Security Warrior and is a contributor to Know Your Enemy II and Information Security Management Handbook. In his spare time, he maintains his security portal at www.info-secure.org.

Todd Fitzgerald, CISSP, CISA, CISM, is the Director of Systems Security and Systems Security Officer for United Government Services, LLC, which is the largest processor of Medicare hospital claims on behalf of the Centers for Medicare and Medicaid Services (CMS) and is a subsidiary of WellPoint, Inc. He has over 25 years of broad-based information technology experience, holding senior IT management positions with Fortune 500 and Global Fortune 250 companies. Todd is a member of the board of directors and security taskforce co-chair for the HIPAA Collaborative of Wisconsin (HIPAA COW), a participant in the CMS/Gartner Security Best Practices Group, Blue Cross Blue Shield Association Information Security Advisory Group, previous board member for several Information Systems Security Associations (ISSA), and is a frequent speaker and writer on security issues. Todd focuses largely on issues related to security management, risk assessments, policy development, organizing security, security assessments, regulatory compliance (HIPAA, CAST, NIST, ISO 17799), security awareness, and developing security programs. He has published several papers on information security issues in the Information Security Management Handbook, in Information Systems Security, and in The HIPAA Program Reference Handbook.

Julio César Hernández Castro, Ph.D., is Associate Professor at Carlos III University in Madrid, Spain. He got a Mathematics degree, with specialization in Computer Science, in 1995. Then, he spent a number of years working as a security engineer and consultant for different companies, before obtaining a M.Sc. in Network Security and Coding Theory. After that, he joined Carlos III University where, since then, he has focused his research in the fields of cryptology, steganography & steganalysis, network & computer security ( forensics, malware, attacks & defense, etc.) He has published more than 30 articles in International Conference and Journals, notably in Information Systems Security, Computational Intelligence, IEEE Computer, IEEE Latin America, Cryptologia, etc. He is the editor of various books, and has been guest editor and reviewer for a number of special issues of different journals, including the July/August 2004 issue of Information Systems Security. He is also involved with the organization of various International Conferences and Workshops.

Ralph Spencer Poore, CFE, CISA, CISSP, CHS-III, Principal Consultant, Innovč LLC and Senior Partner, Pi R Squared Consulting, LLP, provides security, privacy, and compliance consulting services, continuing a 30-plus year distinguished career in information security as an inventor, author, consultant, CISO, CTO, college instructor and entrepreneur. He has published widely including articles on information security issues in the Information Security Management Handbook and in Information Systems Security (where he was a past consulting editor). He served in numerous capacities with (ISC)˛ including as a past International President, as founding Chairman of the Test Development Committee, and as Chairman of the Governance Committee. He currently serves on the Professional Conduct Committee, the CBK Committee, and the Americas Advisory Board.

Ben Rothke, CISSP, CISM, is a New York City-based senior security consultant with ThruPoint, Inc., and has over 15 years of industry experience in the area of information systems security. His areas of expertise are in PKI, HIPAA, 21 CFR Part 11, security and privacy regulatory issues, design and implementation of systems security, encryption, firewall configuration and review, cryptography, and security policy development. Ben is the author of Computer Security: 20 Things Every Employee Should Know and a contributing author to the Information Security Management Handbook.

Peter Stephenson, Ph.D., CISSP, CISM, FICAF, is Associate Program Director for the Master of Science in Information Assurance Program at Norwich University. The author of Investigating Computer-Related Crime, he has published several papers on information security issues in Information Systems Security.

Harold F. Tipton, CISSP, currently an independent consultant and Past-President of the International Information System Security Certification Consortium [(ISC)2,] was Director of Computer Security for Rockwell International Corporation for 15 years. He initiated the Rockwell computer and data security program in 1977 and then continued to administer, develop, enhance and expand the program to accommodate the control needs produced by technological advances until his retirement from Rockwell in 1994.

He has been a member of the Information Systems Security Association (ISSA) since 1982, was president of the Los Angeles Chapter in 1984, and president of the national organization of ISSA (1987 to 1989). He was added to the ISSA Hall of Fame and the ISSA Honor Role in 2000. He received the Computer Security Institute "Lifetime Achievement Award" in 1994 and the (ISC)2, "Hal Tipton Award" in 2001. He was a member of the National Institute for Standards and Technology (NIST) Computer and Telecommunications Security Council and the National Research Council Secure Systems Study Committee (for the National Academy of Science).He has published several papers on information security issues in the Information Security Management Handbook, Data Security Management, Information Systems Security, and the National Academy of Sciences report, Computers at Risk.

He has been a speaker at all of the major information security conferences including: Computer Security Institute, the ISSA Annual Working Conference, the Computer Security Workshop, MIS Conferences, AIS Security for Space Operations, DOE Computer Security Conference, National Computer Security Conference, IIA Security Conference, EDPAA, UCCEL Security & Audit Users Conference, and Industrial Security Awareness Conference. He has conducted and participated in information security seminars for (ISC)2, Frost & Sullivan, UCI, CSULB, System Exchange Seminars and the Institute for International Research. He is currently the editor of the Information Security Management Handbook.

© Copyright 2005 Auerbach Publications.