Kerry Ann Anderson
Kerry Anderson has 16 years of experience in security & compliance. She has been awarded an MBA, MSCIS, and MSIA. She recently completed a Certificate in Advanced Computer Security from Stanford University. She holds the following professional certifications: CISA, CISM, CRISC, CGEIT, CISSP, ISSMP, ISSAP, CSSLP, CFE, and CCSK. She is an adjunct professor of cybersecurity, author of numerous articles, and frequent conference speaker.
Education
-
Nortwich University (MSIA), Anna Maria College (MBA), Bentley University (MSCIS)
Areas of Research / Professional Expertise
-
Internal IT Audit/Risk Oversight, Business Continuity/ Disaster Recovery, State Privacy Laws, 3rd Party Security Risk Assessment, Compliance Management, Application Development, IT Risk Assessment, Software Testing, Policy And Standards Development, Records Management, PCI-DSS, GLBA, Vulnerability Management, Policy Development & Governance, Sarbanes-Oxley, And Web-Based Architecture Development
Books
Articles
The Vulnerability Management Starter Kit - Part 2
Published: Apr 01, 2014 by ISSA Journal April 2014
Authors: Kerry Ann Anderson
Subjects:
Information Technology
Offers smart practices to develop and mature an existing vulnerability management program.
A ‘HOUSE’ FULL OF INSPIRATION
Published: Feb 01, 2014 by InfoSecurity Processional (Publication of ISC2)
Authors:
Subjects:
Information Technology
Using a fictional medical diagnostician as a muse can help solve difficult cyber security mysteries
The Vulnerability Management Starter Kit - Part 1
Published: Feb 01, 2014 by ISSA Journal February 2014
Authors: Kerry Ann Anderson
Subjects:
Information Technology
Vulnerability management is a cornerstone of any effective information security program. In this article the author concentrates on building a solid foundation for a VM program.
The Importance of Considering Generational Differences in Security Awareness Pro
Published: Jan 01, 2014 by ISSA Journal
Authors: Kerry Ann Anderson
Research has soon diverse differences in on-line behaviors, attitudes toward policy compliance and privacy, and security technology knowledge across the potential five generational groups in today’s workforce. It is important that information security programs consider generational differences and incorporate strategies into programs to effectively reach each generational group.
Ways to Survive an Audit: Tips to Making Audits Easier for You and the Auditor
Published: Nov 01, 2013 by ISSA Journal
Authors: Kerry Ann Anderson
Subjects:
Information Technology
Lets’ face it, few of us looking forward to an audit. Audits can be stressful for all those involved, both auditors and auditees. However, going into an audit with a great attitude and survival tips can make the engagement easier and more productive.
Overcoming Barriers Between InfoSec and IT Audit Practitioners
Published: Sep 01, 2013 by ISSA Journal
Authors: Kerry Ann Anderson
Subjects:
Information Technology
The relationship between Audit and Information Security practitioners has often been tenuous and beleaguered by misunderstandings of each other’s roles and obsolete stereotypes. This article discusses potential ways to break away from these old misconceptions and establish a common ground for facilitating strong working relationships.
Navigating the Path From Information Security Practitioner to Professional
Published: Jul 01, 2013 by ISACA Journal Volume 4 2013
Authors: Kerry Ann Anderson
Subjects:
Information Technology
An information security practitioner must acquire core competencies to develop a holistic perspective to effectively manage security within today’s global and highly interconnected world.
Building a Better IA Degree and Promoting Cyber Security Education
Published: May 01, 2013 by ISSA Journal
Authors: Kerry Ann Anderson
Subjects:
Information Technology
For thirteen years, colleges and universities have offered degree programs and concentrations with a focus on cyber security. Much of the initial impetus in the development of these programs can be attributed to the creation National Centers of Academic Excellence (CAE) by the Nation Security Agency (NSA) to encourage universities and students to enter the information security profession.
Information Security Professional 2.0: Building the Next Generation Cyber Securi
Published: Apr 01, 2013 by ISSA Journal
Authors: Kerry Ann Anderason
Subjects:
Information Technology
This article explores a prototype for the next generation of Information Security professionals (NextGens). It discusses the attributes NextGens will need to manage the exponential changes in the technology, social, and business landscapes over the next decades.
Can We Make Information Security Awareness Training Stickier?
Published: Jan 01, 2013 by ISSA Journal January 2013
Authors: Kerry Ann Anderson
Subjects:
Information Technology
Most information security practitioners, on occasion, have had some frustrations regarding the relative effectiveness of security awareness education, leading some to consider whether it is worth the cost because incidents created by end users continue to occur. This article discusses some techniques to increase the “stickiness” of security awareness training efforts and increase the return on.investment.
Photos
Videos
Published: Aug 01, 2014