|
Andrew Stewart Information Security Professional
|
By considering economic factors and questioning conventional wisdom, my work describes how organizations can make better security decisions. My currrent personal research interests are enterprise-scale security engineering and the ontology of security spending strategies.
Books ~
A. Shostack and A. Stewart, The New School of Information Security, Addison-Wesley Professional, 238 pp., March 2008.
|
Refereed Conference Papers ~
| A. Stewart, "Efficient visualization of change events in enterprise networks," Proc. IEEE Workshop on Enterprise Network Security, Baltimore MD, August 28, 2006. |
Refereed Journal Publications ~
|
A. Stewart, "A contemporary approach to network vulnerability assessment," Network Security, Vol. 2005, Issue 8, pp. 7-10, April 2005.
A. Stewart, "Information security technologies as a commodity input," Information Management & Computer Security, Vol. 13, No. 1, pp. 5-15, March 2005. A. Stewart, "On risk: perception and direction," Computers & Security, Vol. 23, No. 5, pp. 362-370, July 2004. A. Stewart, "No illusions: rethinking information security policies and standards," Information Security Bulletin, Vol. 8, Issue 6, pp. 229-234, July 2003. |
Working Papers ~
|
A. Stewart, "Can spending on information security be justified? Evaluating the security spending decision from the perspective of a rational actor."
A. Stewart, "The future of security engineering in the enterprise." |
Journal Service ~
| Member of the editorial advisory board for Information Management & Computer Security. Reviewer for Computers & Security and The Computer Journal (all 2009-present). |
Bio ~
| Vice President at Morgan Stanley. Previously Assistant Vice President at Equifax. I received a B.Sc (Hons) in Computer Science from Oxford Brookes University (1998) and an Executive MBA from the Goizueta Business School at Emory University (2009). |