| |
|
|
Andrew Stewart
Information Security Professional
|
By considering economic factors and questioning conventional wisdom, my work describes how organizations can make better security decisions. My current personal research interests are enterprise-scale security engineering and the ontology of security spending strategies.
Books ~
| |
A. Shostack and A. Stewart, The New School of Information Security, Addison-Wesley Professional, 238 pp., March 2008.
| |
- |
|
The book contains 50 pages of references and a 15 page bibliography. |
| |
- |
|
Reviewed in IEEE Cipher, the newsletter of the IEEE Technical Committee on Security & Privacy. |
| |
- |
|
Achieved an Amazon.com sales rank of #312 (#1 in Internet, Network Security, Information Systems, Encryption, and Privacy categories). |
| |
- |
|
Used as a course text at Syracuse University, City University of Seattle, and at The Heinz School of Public Policy and Management at Carnegie Mellon University. |
|
|
 |
Refereed Conference Papers ~
Refereed Journal Publications ~
| |
A. Stewart, "A contemporary approach to network vulnerability assessment," Network Security, Vol. 2005, Issue 8, pp. 7-10, April 2005.
A. Stewart, "Information security technologies as a commodity input," Information Management & Computer Security, Vol. 13, No. 1, pp. 5-15, March 2005.
A. Stewart, "On risk: perception and direction," Computers & Security, Vol. 23, No. 5, pp. 362-370, July 2004. This paper is referenced in the book Security Metrics (2007), the book Decision-making in Complex Environments (2007) and is cited in several research articles including "Incentives and Perceptions of Information Security Risks" by Konsynski et al. (2008).
A. Stewart, "No illusions: rethinking information security policies and standards," Information Security Bulletin, Vol. 8, Issue 6, pp. 229-234, July 2003.
|
Invited Lectures ~
Journal Service ~
| |
Member of the editorial advisory board for Information Management & Computer Security. Reviewer for Computers & Security and The Computer Journal (all 2009-present).
|
Qualifications ~
| |
I earned a B.Sc. (with Honors) in Computer Science from Oxford Brookes University and an MBA from the Goizueta Business School at Emory University. My MBA advisor was Prof. Benn Konsynski. Additionally, I have achieved five professional certifications in information security, security architecture, security management, and IT audit.
|
Work Experience ~
| |
Vice President at Morgan Stanley. Previously Assistant Vice President at Equifax. I have also held full-time positions at Barclays Capital and Deutsche Bank.
|
|
|