Authors

About Charles Cresson Wood

Recipient of Computer Security Institute’s Lifetime Achievement Award

Charles Cresson Wood, CISSP, CISM, CISA is an author, researcher, and management consultant based in Mendocino, California. In the information security field on a full-time basis since 1979, he has worked as an information security management consultant at SRI International (formerly Stanford Research Institute), as well as lead network security consultant at Bank of America. He has done information security work with over 120 organizations, many of them Fortune 500 companies, including a significant number of financial institutions and high-tech companies. His consulting work has taken him to over twenty different countries around the world.

He is noted for his ability to integrate competing objectives (like ease-of-use, speed, flexibility and security) in customized and practical compromises that are acceptable to all parties involved. Acknowledging that information security is multi-disciplinary, multi-departmental, and often multi-organizational, he is additionally noted for his ability to synthesize a large number of complex considerations and then to document these in information security architectures, information security requirement statements, risk assessments, project plans, policy statements, and other clear and action-oriented documents.

He has published over 375 technical articles and six books in the information security field. In addition to various TV and radio appearances, he has been quoted as an expert in publications such as Business Week, Christian Science Monitor, Computerworld, IEEE Spectrum, Infoworld, LA Times, Network Computing, Network World, PC Week, The Wall Street Journal, and Time. He has also presented cutting-edge information security ideas at over 100 technical and professional conferences around the globe.

For over 10 years, Mr. Wood was a Senior North American Editor for the Elsevier academic research journal called “Computers &Security” and the practitioner’s newsletter entitled “Computer Fraud & Security Bulletin.” For over 17 years, for the Computer Security Institute, he wrote a monthly column about information security policies for the newsletter entitled “Computer Security Alert.” He as also been an information security strategy columnist for the global technology media company called TechTarget.

He holds an MBA in financial information systems, an MSE in computer science, and a BSE in accounting from the Wharton School of Business at the University of Pennsylvania. He has also passed the Certified Public Accountant (CPA) examination. He is a Certified Information Security Manager (CISM), a Certified Information Systems Auditor (CISA), and a Certified Information Systems Security Professional (CISSP). In November 1996 he received the Lifetime Achievement Award from the Computer Security Institute for his “sincere dedication to the computer security profession.” Mr Wood is currently attending St. Francis School of Law, on a part-time basis, and when he graduates and passes the California bar exam, he intends to specialize in intellectual property protection and privacy matters.

Here is a sampling of the over 375 security related articles by Charles Cresson Wood:

“Researchers Must Disclose All Sponsors And Potential Conflicts,” Computer Security Alert, No. 197, March 2000; Publisher:Computer Security Institute, San Francisco, CA. [pub. no.220]
“Integrated Approach Includes Information Security,”Security, pp. 43-44,February 2000; Publisher: Cahners, Des Plains, IL. [pub. no.219]

“Get Data Safety Policies In Place,” American Banker, 11 February 2000, p. 7;Publisher: American Banker, New York, NY.[pub. no. 218]
“All Internet Personal Data Gathering Techniques Must Be Disclosed,” Computer Security Alert, No. 196,
February 2000; Publisher: Computer SecurityInstitute, San Francisco, CA. [pub.no. 217]

“The Information Security Profession: Evolutionary Career Paths,” Information Security, November 1999;Publisher: published by ICSA.net, Norwood, MA. [pub. no. 214]

“Disclosures Of Private Information Without Data Subject Consent,” Computer Security Alert, No. 193, November 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no.212]

“Termination Of Outsourcing Contracts For Security Violations,” Computer Security Alert, No. 191, September 1999; Publisher:Computer Security Institute, San Francisco, CA. [pub. no. 210]

“Top Ten Impediments To Implementing An Information Security Policy,” Information Security, September 1999, Publisher: Information Security, Norwood, MA (cover story). [pub. no.209]
“A Functional Comparison Of Tandem Data Replication Software Packages,”
an extensive independent report prepared for customers and prospects, August 1999; Publisher: Compaq Corporation, Cupertino,CA. [pub. no. 207]

“Subjects Given Opportunity To Block Private Information Disclosures,”Computer Security Alert, No. 189, June 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub.no. 205]

“Use Of Personal Digital Assistants, Hand-Held Computers, And Smart Phones For Corporate Business Information,” Computer Security Alert, No. 186, March 1999; Publisher: Computer Security Institute,
San Francisco, CA. [pub. no.202]

“All Systems Access Privileges Cease When Workers Terminate,” Computer Security Alert, No. 185, February 1999; Publisher: Computer Security Institute, San Francisco, CA. [pub. no.202]

“Non-Compliance And Disciplinary Action,” Computer Security Alert, No. 182, November 1998; Publisher: Computer Security Institute, San Francisco, CA. [pub.no. 198]

“Convenience Versus Multi-Factor User Authentication,” Computer Security Alert, No. 181, October 1998; Publisher: Computer Security Institute, San Francisco, CA. [pub. no.196]

“Twelve New Vulnerabilities Introduced by Internet Commerce,” Information Security Bulletin, September 1998 (volume 3, issue 6, cover story), Publisher: Chi Publishing Ltd., London, England. [pub. no.195]

“All Telephone Transactions Require Positive Caller Identification,” Computer Security Alert, No. 179, August 1998; Publisher: Computer Security Institute,San Francisco, CA. [pub. no.193]

“TheTruth About Masquerading and Spoofing,” Network Magazine, February 1998; Publisher: Miller Freeman,San Francisco, CA. [pub. no.183]

“Unauthorized Information Disclosure and Loss of Stock Options,” Computer Security Alert, No. 173, December 1997; Publisher: Computer Security Institute, San Francisco, CA. [pub. no.185]

“Managing Perceptions About Internet Electronic Commerce Security,” Computer Security, Audit & Control, February 1997; Publisher: Management Advisory Services Publications, Wellesley Hills,MA. [pub. no. 165]

“Information Security: Are We Winning the Game?” Computer Fraud &Security Bulletin, January 1997;
Publisher: Elsevier Science Technology,Oxford, England. [pub. no.162]

“Encryption for Files Left on Anonymous FTP Servers,” Computer SecurityAlert, No. 163, October 1996; Publisher: Computer Security Institute, SanFrancisco, CA. [pub. no.159]

“Encryption Systems Must Include Key Escrow,” Computer Security Alert, No. 157, April 1996; Publisher: Computer Security Institute, San Francisco, CA. [pub.no. 152]

“Cryptography Plays Central Role in Future Electronic Commerce,” March 1996, pp. 9-10, Computer Fraud & Security Bulletin; Publisher: Elsevier Science Technology, Oxford, England. [pub. no.151]

“Users Must Not Attempt to Eradicate Viruses,” Computer Security Alert, No. 156, March 1996; Publisher:Computer Security Institute, San Francisco, CA. [pub. no.150]

“EDPAudit Must Be Independent of Information Security,” Computer Security Alert, No. 155, February1996; Publisher: Computer Security Institute, SanFrancisco, CA. [pub. no.147]

“Reliance on Information Downloaded From Internet,” Computer Security Alert, No. 153, December 1995; Publisher:Computer Security Institute, SanFrancisco, CA. [pub. no.145]

“When to Report Computer Crimes to Law Enforcement,” Computer Security Alert, No. 151, October 1995; Publisher: Computer Security Institute, SanFrancisco, CA. [pub. no.141]

“New Intellectual Property and the Need for Information Security,” ComputerFraud & Security Bulletin, September 1995, pp. 18-19; Publisher: Elsevier Science Ltd., Oxford, England. [pub.no. 139]

“Require Approval for Official Statements Posted to the Internet,” Computer Security
Alert, No. 149, August 1995; Publisher: Computer Security Institute, San Francisco, CA. [pub. no.136]

“Internet Anarchy and the Effectiveness of Laws,” Computerworld, 12 June1995. Expanded version also appears as “Need for Worldwide Internet Laws,” inComputer Fraud & Security Bulletin, p.10, July 1995, Elsevier Science Publishers, Oxford, England. [pub. no.133]

“ISO9000 and Information Security,” Computers & Security, vol. 14, no. 4,pp. 287-288, October 1995; Publisher: Elsevier Science Publishers, Oxford,England (co-author Karen Snow). [pub.no. 131]

“WhySATAN Should Not Have Been Distributed As It Was,” Computer Security Alert,No. 146, May 1995; Publisher: Computer Security Institute, San Francisco, CA.[pub. no. 128]

“Destroy Archived Electronic Mail Periodically,” Computer Security Alert, No. 142, January 1995; Publisher:Computer Security Institute, San Francisco, CA. [pub. no.124]

“Wireless Network Security,” Proceedings of Wireless Datacom ’94 Conference held in Washington, DC, 6-8 December 1994;Publisher: Business Communications Review,Hinsdale, IL. [pub. no.122]

“Fifty Ways to Secure Dial-Up Communications,” Computers & Security, May 1994, vol. 13, no. 3, pp. 209-215; Publisher: Elsevier Advanced Technology, Oxford, England. [pub. no.118]

“Identity Token Usage at American Commercial Banks,” Computer Fraud & Security Bulletin, March 1995; Publisher:Elsevier Science Publishers, Oxford England, pp. 14-16. [pub. no.114]

“Security Problems in Collaborative Computing,” Network World, October 1994; Publisher: International Data Group, Framingham,MA. [pub. no. 113]“The Newest Threat to Information Security: Open Book Management,” EDPACS, August 1994; Publisher: WarrenGorham Lamont, Boston,MA. [pub. no. 110]

“Principles of Secure Information Systems Design with Groupware Examples,” Proceedings of the Groupware ’92 Conference, held in San Jose, California 3-5 August 1992; Publisher: Morgan Kaufmann Publishers, San Mateo, CA. [pub. no. 75]“A Strategy for Developing Information Security Documents,”
Journal of Information Systems Security, vol. 1, issue 2,Summer 1992, pp. 71-78; Publisher: Auerbach Publishers, New
York, NY (co-author: Juhani Saari). [pub. no. 68]

“Using Information Security to Achieve Competitive Advantage,” Proceedings of the 18th Annual CSI Conference, Miami, Florida, November 11-15, 1991; Publisher: Computer Security Institute, San Francisco, California.[pub. no. 58]“Data Dictionaries and Information Security,” Proceedings of SECURICOM ’84 International Conference, Cannes, France,29 February – 2 March 1984, pp. 55-63; Publisher: SEDEP, Paris,
France. [pub. no. 24

“International Barriers to Information Flows,” SRI International Business Intelligence Report, Report #1057, March 1981; Publisher: SRI International, Menlo Park, CA. [pub. no. 10]

“Computer Crime: Criminal Justice Resource Manual,” with Parker, Donn B., Publisher: U.S. Government Printing Office, Washington, DC; prepared for U.S. Department of Justice; order no. 1979-311-379/1710,
1979. [pub. no. 1]

Please leave this field empty

Stay in touch with Our Updates

Email Address *

We don’t spam!

Check your inbox or spam folder to confirm your subscription. You can also read some of our recent <a href="https://www.rothstein.com/news/business-survival-blog" target="_blank">Updates</a>.