Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Agile Security: Balancing Security with the Need for Agility written by Jeff Lowder

Jeff Lowder

Jeff Lowder is an information security executive with a passion for innovation in information risk management, with an exceptionally strong background in IT governance, inductive logic, and decision theory as it relates to risk analysis and risk management. He has over 14 years of management experience and 17 years of IT experience that span risk management, Internet security, strategic planning, incident response, compliance, information systems audit, business continuity planning, and project management.

He is the President of the Society for Information Risk Analysts, which is devoted exclusively to continually improving the practice of information risk analysis, and Director, Global Information Security for OpenMarket. His previous assignments include Director, Information Security / Risk Management at Disney Interactive Media Group, a branch of The Walt Disney Company; Sr. Security Architect / Manager, Network Security at NetZero; Director, Security and Privacy at Elemica; and Director, Network Security at the United States Air Force Academy, where he was named Information Protection Individual of the Year.

He has been published in multiple editions of the HANDBOOK OF INFORMATION SECURITY MANAGEMENT (ed. Harold F. Tipton and Mikki Krause, Auerbach Publications). He is a member of the ISSA and the Society for Risk Analysis. A graduate of Seattle Pacific University, with a B.S. degree in Computer Science, Lowder also is a Certified Information Systems Security Professional (CISSP) and has served on the boards of the Delaware Valley ISSA and the SANS Institute’s GSEC Certification Advisory Board.

Review and Critique of Generally Accepted Privacy Principles — Part 4

March 21, 2012 – 6:00 am – 2.4. GAPP Assessment Procedures GAPP Approach: Again, the AICPA and CICA claim that each of GAPP’s 10 privacy principles is supported by “relevant, objective, complete, and measurable criteria.” Critique: While in many cases it is obvious how an auditor should test compliance…
Posted in Privacy | Tagged , , | Comments (0)

Review and Critique of Generally Accepted Privacy Principles — Part 3

March 19, 2012 – 6:00 am – 2.3. The Structure of GAPP Apart from the problem of how to determine the scope of personal information, GAPP faces a further problem concerning how to interpret the overall framework.  In database terminology, GAPP may be thought of as a database consisting of two tables: principles and…
Posted in Privacy | Tagged , , , | Comments (0)

Review and Critique of Generally Accepted Privacy Principles — Part 2

March 5, 2012 – 6:00 am – 2. Critique 2.1. GAPP’s Definition of Privacy GAPP Approach: The AICPA and CICA define privacy as “the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information.”[1] Critique: There are four…
Posted in Privacy | Tagged , , , , | Comments (0)

Review and Critique of Generally Accepted Privacy Principles (GAPP) — Part 1

February 21, 2012 – 9:00 am – 1. Overview Service management has ITIL. Quality has ISO 9000. Information security has numerous options, including ISO/IEC 27001, COBIT, and NIST SP 800-53. What about information privacy? Many regulatory and standards organizations have adopted their own frameworks or approaches to information…
Posted in Privacy | Tagged , , | Comments (0)

How to be a Software Engineer without Understanding Software

January 30, 2012 – 6:00 am – Imagine a world where the majority of people who claim to “do” software engineering do not know even basic concepts that are taught in computer science 101 classes, such as basic data structures and why they matter. A world in which most accountants didn’t know how to read a…
Posted in Risk Analysis, software engineering | Tagged , , , , , | Comments (0)