Papers & Publications

NOTICE: There is a publication gap from June 2013 to March 2015 due to my time spent with Gartner.


Work-Related Articles, Interviews, Quotes, Bylines, Etc.
White Papers
  • LockPath white papers, available from
    • "Building a Better Vulnerability Profile"
    • "Enabling ISO/IEC 31000 Adoption with the LockPath Keylight Platform"
    • "Leveraging GRC for PCI DSS Compliance"
  • "PCI: Requirements to Action" (May 2009 for Truth to Power Association, sponsored).
  • GWU Masters Thesis: "The Total Enterprise Assurance Management (TEAM) Model: A Unified Approach to Information Assurance Management" ABSTRACT: This research thesis addresses the problem of identifying or creating a unified information assurance management model that harmonizes the key competency areas of enterprise risk management, operational security management, and audit management. The research was conducted by performing a literature review of existing information assurance related models, frameworks, and methodologies; creating a new model to unify the three competencies (given the absence of such a model); and, validating the research results with subject-matter experts (SMEs). The research concluded with the development of the Total Enterprise Assurance Management (TEAM) model, which was well validated by the SMEs. Survey results include that the work was overwhelmingly viewed as favorable and logical, and that a majority of respondents agreed that all four hypotheses of the research had been achieved.
  • "Alphabet Soup: Making Sense of Models, Frameworks, and Methodologies" ABSTRACT: This paper will provide a US-centric overview and analysis of commercially-oriented information security models, frameworks, and methodologies. As a necessary component of the analysis, a cursory look is taken at a sampling of applicable laws within the US, such as the Sarbanes-Oxley Act of 2002 (SOX), the Gramm-Leech-Bliley Act of 1999 (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). Additionally, industry standards will be weighed, such as the Payment Card Industry Data Security Standard, as adopted by Visa and MasterCard. The paper will attempt to thoroughly describe the goals of these models, frameworks, and methodologies, contextualizing them within the current business, regulatory, and legislative environment, helping to identify the usefulness of each model, framework, and methodology. The analysis will demonstrate the value of each model, framework, and methodology and where application of each would benefit an organization.
  • DRAFT v2.0: "Alphabet Soup: Making Sense of Models, Frameworks, and Methodologies" (abandoned)
Grad School Papers
Disclaimer: The following papers are original works of research and analysis. Attribution is given whenever appropriate. These works are independent of my current employer. Any similarities that may exist between language or structures represented within a work and language or structures represented within my employer are purely coincidental.
Other / Miscellaneous

About this Archive

Find recent content on the main index or look in the archives to find all content.

Creative Commons License
This blog is licensed under a Creative Commons License.
Powered by Movable Type 6.3.7