Return on Information Security Investment

Links
Return On Information Security Investment

BUY THE BOOK! Most of the sites listed in this page were referenced in the dissertation. A big thanks goes to the authors mentioned in this page, without which this work would never have been published.

The dissertation contains a comprehensive reference of works that is used in the text.

Another big thanks goes to Lulu for prividing the resources necessary to publish the BOOK.

NEW! NEW! Read the recently published book - Information Security for Decision Makers . The book treats the subject of information security from a layman's viewpoint and aids the information security decision maker to make a good quality investment.

SECURITY BASICS

SECURITY GENERAL

http://www.infosecwriters.com/index.php [Information security papers; including my recently published paper]

http://www.noticebored.com/html/general.html [Excellent Site]

http://www.veridion.net/iso27001 [Veridion is an information security training and consulting firm specializing in ISO 27001, ISO 17799 / 27002 and ISMS training and consulting services.]

http://www.gtisc.gatech.edu

http://www.gtisc.gatech.edu/SecureWorld.PPT

http://itresearch.forbes.com/rlist/920045790_12/Network-Security-Software.html

http://www.mcandl.com/computer-security.pdf

http://vig.prenhall.com/catalog/academic/product/1,4096,0130355488,00.html [See sample chapters!]

http://ted.see.plym.ac.uk/nrg/presentations.htm [Links]

http://www.uscib.org/docs/information_security_biac_icc.pdf

http://www.anu.edu.au/people/Roger.Clarke/EC/IntroSecy.html [GOOD INTRODUCTION]

http://www.counterpane.com/literature.html

http://sec.ietf.org/

http://mixter.void.ru/papers.html

http://mixter.void.ru/protecting.html [Paper]

http://www.zdnet.co.uk/search/?collection=whitepapers&query=Security+Standards [Many good links]

http://sunnettalk.mentorware.net/content/subsystems/12056/courses/SNTA-20030814/0001/mwclassframe.html?classid=25219

http://www.nap.edu/books/NI000361/html/ [BOOKS]

http://books.nap.edu/books/0309043883/html/index.html [Computers at Risk]

http://www.sims.berkeley.edu/~tygar/papers.htm

http://www.sandstorm.net/security/resources?cid=88374

http://www.cs.nps.navy.mil/people/faculty/irvine/publications.html

http://www.cccure.org/Documents/HISM/ewtoc.html

http://www.notablesoftware.com/secwatch.html

http://business.att.com/insight/

http://www.research.att.com/~smb/papers/ [Many Resources]

http://veerle.duoh.com/index.php?id=P253 [Security the Reality]

http://www.techdirectory.ws/Computer_Security/default.aspx [Computer Security]

http://www.tpub.com/content/istts/14222/index.htm

http://www.cimu.gov.mt/htdocs/section.asp?s=76 [CIMU]

http://infosecuritymag.techtarget.com/ [Many Links]

http://infosecuritymag.techtarget.com/archives2001.shtml [Many Links]

http://all.net/

RISK

RISK ASSESSMENT

http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

http://www.nytimes.com/library/financial/columns/060100econ-scene.html#1

http://www.ey.com/global/download.nsf/Singapore/A_Strategic_Guide_to_Enterprise_Security/$file/CLevel%20Asia%20Security%20Supplement.pdf

http://www.foundstone.com/ [Very Good Link: Contact Mc Afee: yaniv_alfi@mcafee.com]

http://www.techdirectory.ws/Business_Software/Project_Management/Risk_Analysis/default.aspx [Risk Analysis]

http://www.analytics-solutions.com/resources.html [Risk Measurement]

http://www.active-information.co.uk/findoutmore.htm [Risk Analysis, Cobra]

http://www.gloriamundi.org/picsresources/jjjr.pdf [Methodology for Risk Assessment]

http://all.net/journal/netsec/1998-12.html [Balancing Risk]

http://csrc.nist.gov/nissc/1997/proceedings/331.pdf [Risk Analysis]

http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper012/nissc96.pdf [Risk Assessment]

http://www.riskreports.com/htdocs/publications.html [Risk Management Resources]

http://www.oit.nsw.gov.au/pdf/4.4.16.IS1.pdf [Security Risk Management]

TOOLS

http://www.ptatechnologies.com [Practical Threat Analysis for Securing Computerized Systems]

http://csrc.nist.gov/asset/ [Automated Security Self Assessment Tool]

http://csrc.nist.gov/publications/nistpubs/500-174/sp174.txt [Guide for Risk tools]

http://csrc.nist.gov/publications/nistpubs/800-26/sp800-26.pdf [Self Assessment Tool]

http://www.sandstorm.net/security/resources?cid=5428 [Various Tools]

http://www.cs.kau.se/IFIP-summerschool/preceedings/Jung.pdf [Risk analysis Tools]

http://scolar.vsc.edu:8004/VSCCAT/ACB-0689 [Decision Analysis]

http://www.sans.org/rr/papers/5/83.pdf [Risk analysis Tools]

Prioritisation of Risk

http://www.cs.ucl.ac.uk/staff/W.Emmerich/lectures/3C05-01-02/aswe3.pdf

http://www.microsoft.com/technet/security/guidance/secrisk/default.mspx [Microsoft Security Risk Management Guide]

http://www.informationweek.com/698/98iursk.htm [Acceptable Risk]

SERIM (Software Engineering RIsk Management) - IEEE

http://www.devicelink.com/mddi/archive/97/06/017.html

http://www.risksig.com/members/resources/risks.htm

RISKMAN - EU Project

http://www.eas.asu.edu/~sdm/merrill/riskman.html

ROI &ALE

ROI

http://www.3com.co.uk/promotions/roi/

http://answers.google.com/answers/threadview?id=222921

http://www.itsecurity.com/asktecs/oct3201.htm

http://riskmgmt.biz/mysite/calculating-return-on-investment.html [General ROI Links]

ROI & Economics of Information Security

http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=16280&TEMPLATE=/ContentManagement/ContentDisplay.cfm [Cash Flow Appraisal of Information Security Investment, NPV, IRR]

http://www.getronics.com/NR/rdonlyres/ejhsokxgywr3iom4mn4vq43l73fmqzsqbsnz47jd2thnvawjlceksww2zuu3yd33tnybjcjmjbtbmyfyxa2r4nhpure/wp_analysis_return_on_investment.pdf [ROSI]

http://whitepapers.zdnet.co.uk/0,39025942,60064781p,00.htm [ROSI]

http://www.sbq.com/sbq/rosi/ [ROSI]

http://www.eecs.harvard.edu/~stuart/papers/fc03.pdf [Harvard Paper]

http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/econ.pdf

http://www.dtc.umn.edu/weis2004/

http://www.dtc.umn.edu/weis2004/agenda.html [Ultra Recent!]

http://www.cl.cam.ac.uk/users/rja14/econsec.html [Very Good Link]

http://www.cl.cam.ac.uk/users/rja14/econws.html [Basis of history in literature review]

http://itresearch.forbes.com/detail/RES/1057858077_908.html

http://www.intel.com/network/connectivity/emea/eng/solutions/security/roi.htm

http://csrc.nist.gov/roi/proceedings.html

http://csrc.nist.gov/roi/wksps0603-notes/NIST-Wkshp-bothsessions.pdf [Good argument with respect to ROI & NPV]

http://infosecuritymag.techtarget.com/2002/jul/curmudgeons_corner.shtml

http://www.umiacs.umd.edu/partnerships/ltsdocs/Gordon-Loeb%2003%20NSA_presentation.pdf [Economic aspects]

http://www.rainbow.com/library/8/EconomicsAspectsOfInformationSecurity.pdf [Contact authors for extra material]

http://www.cio.com/archive/021502/security.html

http://www.cio.com/archive/021502/security_sidebar.html

http://imailab-www.iis.u-tokyo.ac.jp/Members/kanta/CEF2003.pdf

http://www.whitehouse.gov/omb/inforeg/infopoltech.html [Spending]

http://www.eecs.harvard.edu/~stuart/papers/thesis.pdf [PhD thesis]

http://citeseer.ist.psu.edu/578826.html

http://ideas.repec.org/s/sce/scecf3.html

http://www.umiacs.umd.edu/partnerships/ltsdocs/Gordon-Loeb%2003%20NSA_presentation.pdf

http://www.umiacs.umd.edu/docs/umiacspresentation.pdf

http://www.financetech.com/utils/printableArticle.jhtml?articleID=18901266

http://www.secure-biz.net/Spring2004/speaker_presentation/Lawrence%20Gordon.ppt

http://www.secure-biz.net/Spring2004/presentations.htm

http://www.cpppe.umd.edu/rhsmith3/agenda.htm [2nd Annual Workshop]

http://www.dtc.umn.edu/weis2004/agenda.html [3rd Annual Workshop]

http://www.fsl.cs.sunysb.edu/docs/cost-acm_ccs/acm_ccs.html

http://students.depaul.edu/~gmahjub/ [THESIS DRAFT]

http://www.computerworld.com/managementtopics/roi/story/0,10801,83450,00.html

http://www.securityfocus.com/infocus/1608 [ROI of IDS]

http://www.nai.com/us/promos/corp/article2.asp [ROI of IDS]

http://www.continuitycentral.com/news0312.htm [IDS Market Failure]

ROIT White Paper [Return on Information Technology]

Economics of Cyber Crime [NPV approach]

http://www.oict.nsw.gov.au/content/7.1.15.ROSI.asp

http://www.corsaire.com/articles/030317-rosi.html

http://comment.cio.com/talkback/021502.html [ROSI]

http://www.software602.com/products/ls/roi.html [ROI for Spam]

Vulnerability and Information Security Investment [Interesting Empirical Proof]

OVERSPENDING/UNDERSPENDING

http://www.cimu.gov.mt/htdocs/content.asp?c=764 [Dr. Albert Caruana, CIMU]

http://news.com.com/2010-1071-966448.html [Is IT Overspending in Security?]

INFORMATION ECONOMICS

http://citeseer.ist.psu.edu/rd/0%2C513304%2C1%2C0.25%2CDownload/http%3AqSqqSqwww.coiera.comqSqpapersqSqjamia-00-infoecon.pdf

http://www.sims.berkeley.edu/~hal/Papers/mattioli/mattioli.pdf

ALE

http://comment.cio.com/comments/8408.html

http://keith.mccammon.org/docs/loss_expectancy.php

http://comment.cio.com/comments/8408.html

http://citeseer.ist.psu.edu/george98practical.html [Assurance, mention of ALE]

http://citeseer.ist.psu.edu/392822.html

http://www.cccure.org/Documents/HISM/229-230.html

http://www.linuxjournal.com/article.php?sid=5567

http://www.riskinfo.com/cyberisk/Watersupply/SCADA-thesis.html [Origin of ALE???]

http://csrc.nist.gov/publications/fips/fips31/fips31.pdf [First mention of ALE]

http://www.cs.kau.se/~albin/Documents/F18-RiskAnalysis.pdf

http://www.spybusters.com/SS0202.html

http://www.drj.com/new2dr/w3_030.htm

http://linuxsecurity.org/feature_stories/feature_story-98.html [Good article]

SECURITY DATA

SECURITY METRICS

http://www.securitymetrics.org/content/

http://www.foundstone.com/resources/downloads/webcast-121903/Developing_Security_Risk_Metrics.pdf [DONE]

SECURITY COSTS

http://www.netcordia.com/tools/whitepapers.html

http://www.notablesoftware.com/Papers/SecCost.html

http://www.itl.nist.gov/fipspubs/fip191.htm

http://infosecuritymag.techtarget.com/articles/1999/enough.shtml [Budgets]

http://infosecuritymag.techtarget.com/articles/1999/chart2.shtml [Expenditure]

http://www.cic.uiuc.edu/groups/ITSecurityWorkingGroup/archive/Report/ICAMPReport2.pdf

http://www.counterstrike.com/sscostjs.html [Very good link]

http://www.siemens-consultsupport.com/en/archive/ci/2003_04/coninf_iv_06.htm [Excellent link]

PRICING SECURITY

http://citeseer.ist.psu.edu/rd/41699131%2C489327%2C1%2C0.25%2CDownload/http%3AqSqqSqwww.cert.orgqSqresearchqSqiswqSqisw2000qSqpapersqSq54.pdf

http://citeseer.ist.psu.edu/camp00pricing.html

http://citeseer.ist.psu.edu/577738.html

http://citeseer.ist.psu.edu/schechter02quantitatively.html

http://citeseer.ist.psu.edu/578826.html

http://infosecuritymag.techtarget.com/2002/aug/securitymarket.shtml

Surveys

http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2004.pdf

http://www.csoonline.com/csoresearch/report35.html

http://www.security-survey.gov.uk/

http://www.cs.um.edu.mt/~csaw/Proceedings/00.pdf [Very Recent Survey re: e-commerce]

http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss486_art1005,00.html [Comparison of antivirus suppliers support]

http://www.pbs.org/wgbh/pages/frontline/shows/hackers/risks/csi-fbi2000.pdf [FBI Survey]

SECURITY CONTEXTS

PHYSICAL SECURITY

http://www.stormingmedia.us/74/7426/A742604.html

http://www.tisp.org/files/pdf/criticalinfreport.pdf [Critical Infrastructure]

SECURITY IN E-COMMERCE

http://www.ecommercetimes.com/perl/section/security/ [Security in e-commerce]

SME & Security

http://www.giac.org/practical/GSEC/Jeff_Herbert_GSEC.pdf

http://www.giac.org/practical/GSEC/Anna_Smears_GSEC.pdf

http://www.dmst.aueb.gr/dds/pubs/jrnl/1999-IMCS-Soft-Risk/html/soho.html

http://www.cio.com.au/index.php?id=119118373&fp=2&fpid=2%20

http://www.cisco.com/global/DK/docs/print/sikkerhedsseminar_2003_idc.pdf [Security & SME]

MOBILE USERS

http://www.securityfocus.com/infocus/1777

PEOPLE

http://www.economist.com/surveys/displayStory.cfm?story_id=1389553 [See other links in page]

http://www.kevinmitnick.com/news-030300-senatetest.html

http://www.humanfirewall.org/default.asp [Human Firewall]

http://www.humanfirewall.org/SMIReport/SMIReport2003.pdf [Survey]

http://ted.see.plym.ac.uk/nrg/presentations/Security_Training.htm [Awareness]

http://news.com.com/2009-1001-843375.html

http://www.computer.org/security/V2n5/gei.htm [Usability]

http://infosecuritymag.techtarget.com/articles/1999/buck.shtml [Salaries]

POLICIES, STANDARDS & GUIDELINES

POLICIES

http://www.information-security-policies-and-standards.com/download.htm

DOCUMENTATION

http://crpit.com/confpapers/CRPITV21AFung.pdf

IT GOVERNANCE

http://www.e-mountaincorp.com/securitylinks.html

http://www.itgovernance.co.uk/page.home

http://www.theiia.org/eSAC/pdf/BLG0331.pdf

http://www.isaca.org.pl/PIR/POLCACS2001/williams1_eng.pdf

COBIT/ ITL/ ISO 17799 / ISO 27001

http://infosecuritymag.techtarget.com/2002/mar/iso17799.shtml

http://www.dti-bestpractice-tools.org/healthcheck/

http://www.itsmf.org.za/Presentations/CobiT%20ITIL%20and%20BS7799.pdf

http://www.all.net/books/audit/bs7799.html

http://www.riskwatch.com/index.php?option=com_content&task=view&id=32&Itemid=53

http://www.securityrisk.co.uk/bs7799/cobdown.htm

http://www.infosyssec.net/infosyssec/secpol1.htm

http://www.giac.org/practical/GSEC/Marc_Vaughan_GSEC.pdf

http://emea.bsi-global.com/InformationSecurity/Overview/WhatisanISMS.xalter

http://www.itsc.org.sg/standards_news/2001-09/TaewanPark-Korea-Business-Experience-of-BS7799-Certification.pdf

http://www.securityauditor.net/iso17799/

http://www.dnv.no/Binaries/BS7799_brochure_tcm28-9012.pdf

http://www.itsc.org.sg/standards_news/2001-09/JohnSnare-Australia-ISO-IEC-17799-Australia-Perspective.pdf

http://www.netlab.hut.fi/opetus/s38153/k2004/Lectures/ISO17799L_Overview_TKK.pdf

http://assetz.com/AssetzConsulting/dloads/BS7799_CRAMM_Explained_Assetz11-02.pdf

http://www.gammassl.co.uk/bs7799/The%20Newly%20Revised%20Part%202%20of%20BS%207799ver3a.pdf

http://www.hkcert.org/ppt/event106/isms.pdf

http://www.sans.org/score/checklists/ISO_17799_checklist.pdf

http://www.pelttech.com/issa/Preparing%20for%20ISO%2017799.pdf

http://www.lucent.com/livelink/209341_Whitepaper.pdf

http://www.software.org/pub/externalpapers/UnderstandingISO17799.pdf

http://www.software.org/pub/externalpapers/UsingISO17799.pdf

http://www.itsc.org.sg/standards_news/2003-03/introduction_to_ISMSWG_status_update.pdf

http://www.imonline.co.uk/aboutthefirm/downloads/pages_from_BG_review_march_04.pdf

http://www.netegrity.com/PDFS/REGULATORY/BS7799%20Sheet.PDF

http://www.guidancesoftware.com/corporate/whitepapers/downloads/ISO17799.pdf

http://www.phi-solutions.com/documents/ISO17799_SSE_CMM_comparison.pdf

http://www.iso-17799.com/evaluate.htm

http://www.itsc.org.sg/synthesis/2001/itsc-synthesis2001-thowchang-siewmun-alvinfoo-isms.pdf

http://documents.iss.net/marketsolutions/ISOMatrix.pdf

OECD Guidelines

http://www.oecd.org/document/42/0,2340,en_2649_34255_15582250_1_1_1_1,00.html

http://www.oecd.org/dataoecd/16/22/15582260.pdf [latest OECD guidelines]

http://www.oecd.org/document/19/0,2340,en_2649_34255_1815059_1_1_1_1,00.html [Original OECD guidelines]

http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html [1980 OECD guidelines]

http://webdomino1.oecd.org/COMNET/STI/IccpSecu.nsf?OpenDatabase [OECD - Towards a culture of security]

http://www.olis.oecd.org/olis/2003doc.nsf/43bb6130e5e86e5fc12569fa005d004c/81dd07040a1c0e43c1256eb6005423d4/$FILE/JT00166335.PDF [OECD Survey]

EU Guidelines

http://europa.eu.int/eur-lex/en/com/cnc/2001/com2001_0298en01.pdf

http://europa.eu.int/information_society/eeurope/2005/doc/all_about/csirt_handbook_v1.pdf

http://www.enisa.eu.int/

PRIVACY

CENSORSHIP

http://www.cl.cam.ac.uk/users/gd216/redblue.pdf

PRIVACY

http://privacybird.com/

DATA PROTECTION

http://www.redcar-cleveland.gov.uk/pdf/Data-Protection.pdf

SECURITY METHODS

ENCRYPTION & SECURITY METHODS

http://csrc.nist.gov/CryptoToolkit/dss/ecdsa/NISTReCur.pdf [Elliptical Curves]

http://news.com.com/2100-7345-5180510.html?part=dht&tag=ntop [XML]

http://www.infoworld.com/article/04/02/16/07NNforum_1.html [XML Firewall]

2-FACTOR AUTHENTICATION

http://www.nwfusion.com/newsletters/dir/2004/0614id1.html

http://www.itsecurity.com/asktecs/may901.htm

http://www.net-security.org/press.php?id=1805

http://www.wikidsystems.com/

http://motp.dyndns.org/

http://www.megaas.co.nz/

SECURITY PRODUCTS

http://www.scanalert.com/Technical

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns413/networking_solutions_package.html

ASSURANCE

SOFTWARE ASSURANCE

http://www.economist.com/science/tq/displayStory.cfm?story_id=1841081

http://www.cesg.gov.uk/ [Information assurance]

OPEN SOURCE

http://www.cl.cam.ac.uk/ftp/users/rja14/toulousebook.pdf

CORPORATE SECURITY (SECURITY MODEL)

ASSETS

http://www.dawgroup.com/mc/

http://unix.knowledgestorm.com/ksunix/search/viewabstract/70569/index.jsp [Protecting Enterprise Information Assets]

https://www.nascio.org/washwatch/FlyIn07-03.pdf [Protecting Government's Information Assets]

http://www.sans.org/rr/whitepapers/basics/594.php [Protection of Information Assets]

FAILURE/VULNERABILITIES

http://www.cl.cam.ac.uk/users/rja14/wcf.html

http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-471.pdf

http://www.research.att.com/~smb/papers/ipext.pdf [TCP/IP]

http://www.deter.com/unix/papers/dragons_bellovin.pdf [Tools]

http://www4.gartner.com/ps/asset_61048_1535.jsp

http://www.tracking-hackers.com/papers/berferd.pdf

THREATS

http://www.securityfocus.com/infocus/1768 [SQL injection]

http://www.all.net/journal/ntb/cause-and-effect.html [Threats, Attacks]

INSIDER THREATS

http://www.symantec.com/region/reg_ap/smallbiz/library/insider.html

EXTERNAL FACTORS

INTERNATIONAL SECURITY

http://artilect.org/altman/moy.pdf [Information Warfare]

http://www.dodccrp.org/publications/pdfs.htm [Ultra Important - Information Warfare]

http://www.mors.org/meetings/oa_nco/oa_bibliography.htm

http://www.fas.org/irp/congress/1996_hr/s960605l.htm

e-GOVERNMENT

http://www.integralis.com/downloads/english/case_studies/southampton.pdf

http://www.eema.org/static/isse/index.htm#

http://www.euractiv.com/cgi-bin/cgint.exe?204&OIDN=1507413&-tt=me

http://www.enisa.eu.int/

http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=SPEECH/04/148|0|RAPID&lg=EN&display= [INCLUDED]

http://www.eubusiness.com/imported/2002/12/98660

http://europa.eu.int/comm/enterprise/ict/studies/publications.htm

PUBLICATIONS

BOOKS AND RESOURCES

http://www.cccure.org/

http://www.cccure.org/modules.php?name=Downloads

http://www.amazon.com/exec/obidos/ASIN/0072230835/thecisspopens-20/102-6846541-7596113?creative=125581&camp=2321&link_code=as1

http://www.econbooks.com/Against_the_Gods_The_Remarkable_Story_of_Risk_0471295639.html [Risk]

http://www.ams.org/notices/199901/rev-zabell.pdf [Risk]

http://www.net-security.org/dl/newsletter/pdf/issue184.pdf [Links]

Papers to Obtain

http://www.cpppe.umd.edu/rhsmith3/papers/Final_session2_cavusoglu.raghunathan.mishra.pdf

http://www.cpppe.umd.edu/rhsmith3/papers/Final_session2_farahmand.navathe.sharp.enslow.pdf

http://www.cpppe.umd.edu/rhsmith3/papers/Final_session7_galor.ghose.pdf

http://www.rainbow.com/library/8/EconomicsAspectsOfInformationSecurity.pdf

http://www.extenza-eps.com/extenza/contentviewing/viewArticle.do?articleId=9709&objectIDValue=9709&type=article

Orlikowski, W.J. & Baroudi, J.J. "Studying Information Technology in Organizations: Research Approaches and Assumptions", Information Systems Research (2) 1991, pp. 1-28.

http://portal.acm.org/citation.cfm?id=35201&coll=portal&dl=GUIDE [Case Study research]

http://www.misq.org/archivist/vol/no27/Issue4/Dube.html [Case Study research]

http://harvardbusinessonline.hbsp.harvard.edu/b01/en/common/item_detail.jhtml;jsessionid=IKYV1NU1GFUOOCTEQENR5VQKMSARUIPS?id=5933&referral=8835&_requestid=10132 [Balanced Score Card]

http://www.sciamdigital.com/browse.cfm?sequencenameCHAR=item2&methodnameCHAR=resource_getitembrowse&interfacenameCHAR=browse.cfm&ISSUEID_CHAR=07C2E454-8DC1-46F7-BE85-4068FD11960&ARTICLEID_CHAR=0214DB35-E43D-4BD4-8E92-621BC11A4ED&sc=I100322 [How Computer Security Works]

CAREERS

http://www2.norwich.edu/mkabay/infosecmgmt/careers.pdf