Chris Brown, CISSP, CISA

I have been working in information security for a number of years now. Early in my career I was able to work for a smaller company where I had to be able to install, maintain, and fix anything with a computer chip - unix systems, microsoft systems, firewalls, routers, phone systems, and so on. After that I moved to a medium-sized (3000 staff) consulting firm, at first on the corporate side of the house in the IT department and later as the company's information security manager, and then eventually as a senior consultant in the client-facing information security solutions practice. I left consulting and now I am developing the information security program for a regional healthcare insurer.

Professional Biography

Chris Brown, the IT Security Program Administrator for Independent Health, is a Certified Information System Security Professional (CISSP) and Certified Information System Auditor (CISA) with nine years experience in information system design, management, and implementation. During the last seven years he has had primary responsibility for Information Security at the companies in which he worked.

Previsously, Mr. Brown was Senior Consultant in the CTG Information Security Solutions practice. In addition to being a consultant, Mr. Brown was concurrently serving as the Manager of Information Security for CTG. He has also served as CTG's Global Manager of IT Infrastructure and Operations.

His background includes a variety of experiences as a system and network administrator and analyst, and he has extensive experience in web application development, network architecture, and in the planning, design and development of business critical applications.

Mr. Brown is also the founder and current president of the Information System Security Association (ISSA) Buffalo Niagara chapter. He serves at the president of the Information Systems Audit and Control Association (ISACA), Western New York chapter. He also serves as a member of various Information Systems Security Association committees. Mr. Brown holds a Bachelor of Science in Computer Science from the University of New York at Buffalo.

Projects

I am currently undertaking two major projects. One project is to start an ISSA chapter in Buffalo, and the second is to start a free, open-content information security encyclopedia and handbook.

ISSA Buffalo Niagara Chapter

ISSA Buffalo Niagara is a local chapter of the Information Systems Security Association. I started the local chapter in April of 2003. I currently serve as the chapter president.

Infosecpedia Project

Infosecpedia is a free information security encyclopedia started by me in August of 2003. The project has about 230 articles on topics ranging from home computer security to social engineering to data classification and issues with SMTP. Stop by to read a few articles, and if you are so inclined you can write or contribute to an article!

Publications

HIPAA Programs: Design and Implementation is an article that I wrote for CRC Press, originally for a book on HIPAA, but subsequently published in their Information Systems Security Journal.

Associations and Boards

ISACA Western New York

The Western New York Chapter of the Information Systems Audit and Control Association (ISACA) runs semi-regular programs for the local membership. I became the president in May of 2004.

National Science Foundation Grant Proposal Advisory Committee

The Computer Information Systems Department at Erie Community College, a State University of New York college, is seeking a federal grant for work in information security education. I joined the committee in September of 2003.

Economic Crime Investigation Advisory Board

The Economic Crime Investigation Department at Hilbert College solicits the advisory board for their input to and support for the Economic Crime Investigation degree offered by Hilbert. I joined the advisory board in June of 2003.

CyberSecurity Advisory Board

The Department of Information Systems at Canisius College is developing an undergraduate program in CyberSecurity. I joined the advisory board in April of 2003.

ISSA Professional Ethics Committee

Information Systems Security Association (ISSA) Professional Ethics Committee endeavors to develop information security ethics guidelines, and to provide mechanisms for reviewing reports of unethical behavior on the part of members. I joined the committee in June of 2002.

ISSA Certification Programs Committee

Information Systems Security Association (ISSA) Certification Program Committee endeavors to evaluate and report to the membership on industry certification programs, and to offer suggestions for their improvement. I joined the committee in June of 2002.

ISSA Standards Committee

Information Systems Security Association (ISSA) Standards Committee. I joined the committee in June of 2002. For various reasons, the committee not been particularly active since the summer of 2003.

Workshops and Conferences

Secure Knowledge Management 2004

Program Committee member and Session Chair

Memberships

Secure Member, FBI InfraGard

04/01 to present

Member, Information Systems Audit and Control Association (ISACA)

02/01 to present

Member, Information Systems Security Association (ISSA)

11/00 to present

Member, Association for Computing Machinery (ACM)

02/97 to present