Andrew Stewart
Information Security Professional

Email:
  andrew_j_stewart@mac.com
Homepage:
  http://homepage.mac.com/andrew_j_stewart
Linkedin:
  http://linkedin.com/in/andrewstewart

By considering economic factors and questioning conventional wisdom, my work describes how organizations can make better security decisions.  My currrent personal research interests are enterprise-scale security engineering and the ontology of security spending strategies.

Books ~

  A. Shostack and A. Stewart, The New School of Information Security, Addison-Wesley Professional, 238 pp., March 2008.
      -   The book has 50 pages of references and a 15 page bibliography.
      -   Reviewed in IEEE Cipher, the newsletter of the IEEE Technical Committee on Security & Privacy.
      -   Achieved an Amazon.com sales rank of #312 (#1 in Internet, Network Security, Information Systems, Encryption, and Privacy categories).
      -   Used as a textbook at Syracuse University and at The Heinz School of Public Policy and Management at Carnegie Mellon University.

Refereed Conference Papers ~

  A. Stewart, "Efficient visualization of change events in enterprise networks," Proc. IEEE Workshop on Enterprise Network Security, Baltimore MD, August 28, 2006.

Refereed Journal Publications ~

  A. Stewart, "A contemporary approach to network vulnerability assessment," Network Security, Vol. 2005, Issue 8, pp. 7-10, April 2005.

A. Stewart, "Information security technologies as a commodity input," Information Management & Computer Security, Vol. 13, No. 1, pp. 5-15, March 2005.

A. Stewart, "On risk: perception and direction," Computers & Security, Vol. 23, No. 5, pp. 362-370, July 2004.

A. Stewart, "No illusions: rethinking information security policies and standards," Information Security Bulletin, Vol. 8, Issue 6, pp. 229-234, July 2003.

Working Papers ~

  A. Stewart, "Can spending on information security be justified?  Evaluating the security spending decision from the perspective of a rational actor."

A. Stewart, "The future of security engineering in the enterprise."

Journal Service ~

  Member of the editorial advisory board for Information Management & Computer Security.  Reviewer for Computers & Security and The Computer Journal (all 2009-present).

Bio ~

  Vice President at Morgan Stanley.  Previously Assistant Vice President at Equifax.  I received a B.Sc (Hons) in Computer Science from Oxford Brookes University (1998) and an Executive MBA from the Goizueta Business School at Emory University (2009).