Kerry Ann  Anderson Author of Evaluating Organization Development
FEATURED AUTHOR

Kerry Ann Anderson


Kerry Anderson has 16 years of experience in security & compliance. She has been awarded an MBA, MSCIS, and MSIA. She recently completed a Certificate in Advanced Computer Security from Stanford University. She holds the following professional certifications: CISA, CISM, CRISC, CGEIT, CISSP, ISSMP, ISSAP, CSSLP, CFE, and CCSK. She is an adjunct professor of cybersecurity, author of numerous articles, and frequent conference speaker.

Areas of Research / Professional Expertise

    Internal IT Audit/Risk Oversight,  Business Continuity/ Disaster Recovery, State Privacy Laws, 3rd Party Security Risk Assessment, Compliance Management, Application Development, IT Risk Assessment, Software Testing, Policy And Standards Development, Records Management, PCI-DSS, GLBA,  Vulnerability Management, Policy Development & Governance, Sarbanes-Oxley, And Web-Based Architecture Development

Books

Featured Title
 Featured Title - The Frugal CISO: Using Innovation & Smart Approaches - 1st Edition book cover

Articles

 ISSA Journal April 2014

The Vulnerability Management Starter Kit - Part 2


Published: Apr 01, 2014 by ISSA Journal April 2014
Authors: Kerry Ann Anderson
Subjects: Information Technology

Offers smart practices to develop and mature an existing vulnerability management program.

InfoSecurity Processional (Publication of ISC2)

A ‘HOUSE’ FULL OF INSPIRATION


Published: Feb 01, 2014 by InfoSecurity Processional (Publication of ISC2)
Authors:
Subjects: Information Technology

Using a fictional medical diagnostician as a muse can help solve difficult cyber security mysteries

ISSA Journal February 2014

The Vulnerability Management Starter Kit - Part 1


Published: Feb 01, 2014 by ISSA Journal February 2014
Authors: Kerry Ann Anderson
Subjects: Information Technology

Vulnerability management is a cornerstone of any effective information security program. In this article the author concentrates on building a solid foundation for a VM program.

ISSA Journal

The Importance of Considering Generational Differences in Security Awareness Pro


Published: Jan 01, 2014 by ISSA Journal
Authors: Kerry Ann Anderson

Research has soon diverse differences in on-line behaviors, attitudes toward policy compliance and privacy, and security technology knowledge across the potential five generational groups in today’s workforce. It is important that information security programs consider generational differences and incorporate strategies into programs to effectively reach each generational group.

ISSA Journal

Ways to Survive an Audit: Tips to Making Audits Easier for You and the Auditor


Published: Nov 01, 2013 by ISSA Journal
Authors: Kerry Ann Anderson
Subjects: Information Technology

Lets’ face it, few of us looking forward to an audit. Audits can be stressful for all those involved, both auditors and auditees. However, going into an audit with a great attitude and survival tips can make the engagement easier and more productive.

ISSA Journal

Overcoming Barriers Between InfoSec and IT Audit Practitioners


Published: Sep 01, 2013 by ISSA Journal
Authors: Kerry Ann Anderson
Subjects: Information Technology

The relationship between Audit and Information Security practitioners has often been tenuous and beleaguered by misunderstandings of each other’s roles and obsolete stereotypes. This article discusses potential ways to break away from these old misconceptions and establish a common ground for facilitating strong working relationships.

ISACA Journal Volume 4 2013

Navigating the Path From Information Security Practitioner to Professional


Published: Jul 01, 2013 by ISACA Journal Volume 4 2013
Authors: Kerry Ann Anderson
Subjects: Information Technology

An information security practitioner must acquire core competencies to develop a holistic perspective to effectively manage security within today’s global and highly interconnected world.

 ISSA Journal

Building a Better IA Degree and Promoting Cyber Security Education


Published: May 01, 2013 by ISSA Journal
Authors: Kerry Ann Anderson
Subjects: Information Technology

For thirteen years, colleges and universities have offered degree programs and concentrations with a focus on cyber security. Much of the initial impetus in the development of these programs can be attributed to the creation National Centers of Academic Excellence (CAE) by the Nation Security Agency (NSA) to encourage universities and students to enter the information security profession.

ISSA Journal

Information Security Professional 2.0: Building the Next Generation Cyber Securi


Published: Apr 01, 2013 by ISSA Journal
Authors: Kerry Ann Anderason
Subjects: Information Technology

This article explores a prototype for the next generation of Information Security professionals (NextGens). It discusses the attributes NextGens will need to manage the exponential changes in the technology, social, and business landscapes over the next decades.

ISSA Journal January 2013

Can We Make Information Security Awareness Training Stickier?


Published: Jan 01, 2013 by ISSA Journal January 2013
Authors: Kerry Ann Anderson
Subjects: Information Technology

Most information security practitioners, on occasion, have had some frustrations regarding the relative effectiveness of security awareness education, leading some to consider whether it is worth the cost because incidents created by end users continue to occur. This article discusses some techniques to increase the “stickiness” of security awareness training efforts and increase the return on.investment.

InfoSecurity Professional Magazine (ISC2) Volume 20 Dec 2012

Teaching Moment: Using Fairy Tales for Security Awareness


Published: Dec 01, 2012 by InfoSecurity Professional Magazine (ISC2) Volume 20 Dec 2012
Authors: Kerry Ann Anderson
Subjects: Information Technology

Using story telling through fairy tales to relate information security concepts

ISSA Journal October 2012

Secure Development: Continuing to Gain Traction or Losing Traction


Published: Oct 01, 2012 by ISSA Journal October 2012
Authors:
Subjects: Information Technology

This article looks at the current state of secure development and the factors that may have contributed to the failure of secure development practices in achieving their full potential in minimizing application security vulnerabilities.

ISSA Journal July 2012

Are There More Security Breaches? Or Are We Just Reporting Them Now


Published: Jul 01, 2012 by ISSA Journal July 2012
Authors: Kerry Ann Anderson

The potential sources of data breaches are examined to identify root causes or combinations of factors that might make enterprises more susceptible to unauthorized data losses. The author also offers suggestions on practices that might diminish the possibility for security breaches.

ISACA Journal, Volume 2 (Feb 2012)

A Case for a Partnership Between Information Security & Records Information Mana


Published: Feb 01, 2012 by ISACA Journal, Volume 2 (Feb 2012)
Authors: Kerry Ann Anderson
Subjects: Information Technology

The closer alignment between RIM and information security may provide an approach to managing increasing data protection concerns and tough privacy regulations rather than maintaining the separation between these critical compliance functions

Photos

Videos

InfoSec Video

Published: Aug 01, 2014