Documents worth reading

Before 1998:

• In the Dutch consumer magazine Computer thuis in bedrijf, I wrote an article on virus prevention, available here (Dutch).
  
  
• After the launch of Windows 95 there was heated debate as to whether Windows 95 was less vulnerable for virus infections. An article by me was published in the trade journal Automatisering Gids and is available here (Dutch).
  
  
• In 1997 I didn't speak at the NGN (Netwerk Gebruikersgroep Nederland) Congres '97 but instead I wrote an article 'Virusprotectie en het netwerk - stand van zaken' in their magazine (called LanVision) which is available here (Dutch).
  
  
• I wrote a story on computer viruses as a result of an NGI meeting (Dutch).
  
  

  In 1998:

• I spoke at the NGN (Netwerk Gebruikersgroep Nederland) Congres '98; the talk 'Noodprocedures en testen.' can be found here (Dutch).
  
  
• I was interviewed by Network News, a VNU publication. That story on Disaster Recovery is available here (Dutch).
  
  
• I have written a chapter on Business Continuity and Disaster recovery for the Jaarboek Informatie Beveiliging to be published sometime in 1999 by ten Hagen Stam Uitgevers. The unedited source document is available here (Dutch).
  
  
• I have written a piece for Informatiebeveiliging Praktijkjournaal (also by ten Hagen Stam Uitgevers), on the experiences gained from more than 500 Disaster Recovery cases. The unedited source document is available here (Dutch).
  
  
• I am currently writing an article on integrating Contingency Planning and ITIL/CobiT Change Management procedures. The draft version is available here (English). The final version will be posted here soon.
  
  
• I presented a lecture on 'Continuity Planning; more than ITIL Contingency Planning' at IT Beheer '98 on December 10th, 1998. The text of the talk was printed in ITIMFormatie, the unedited version is already available here (Dutch). UPDATE: The book will be launched together with the new ITIL module Security Management at a seminar called 'No Security, No Business' on April 20th 1999.
  More info on (+31) (0)36 522 47 52
  
  

  In 1999:

• The British Standard (BS 7799) for Information Security is in revision. I ordered the draft and have compared it with the current Dutch version, called the 'Code voor Informatiebeveiliging'. That full comparison is available here (Dutch). (See also next item.)
  
  
• I have written a piece for volume 2, issue 3 of Informatiebeveiliging Praktijkjournaal by ten Hagen Stam Uitgevers, summarising the differences between the revised BS 7799 and the 'Code voor Informatiebeveiliging'. That document is available here (Dutch).
  
  
• I have written a piece for Informatiebeveiliging Praktijkjournaal by ten Hagen Stam Uitgevers on the contingency planning issues to consider before selecting a backup supplier and writing procedures, like analysis of risks, critical business processes, maximum allowable downtime, data loss etc. That document is available here (Dutch).
  
  
• I am currently writing my first book(let) for ten Hagen Stam Uitgevers on contingency planning. That document will not be made available here but ordering details will be presented here.
  
  
• On April 28th I will be chairman and present a talk on disaster recovery during a half-day conference at the Internetworking Event '99 in the RAI Congres Centre in Amsterdam. More info is found here.
  
  
• On May 25th/26th the International Quality & Productivity Centre will organise a conference called Ensuring Business Continuity beyond the Year 2000 to be held in the Conrad International Hotel in Brussels. As chairman during that event I will open the conference and I will also give a presentation on Emergency Procedures for Y2K. On May 27th I will present a Disaster Recovery Methodology^tm workshop in the same venue. More info and booking information is available here.
  
  
• June 1st we will organize a free seminar on the update to BS 7799 and the consequences for the Dutch version, together with the Dutch certifier KEMA who will explain the certification process. More info on (+31) (0)320 266464.
  
  
• I spoke at the DUUA (Dutch Unisys Users Association) conference on June 3rd 1999. (Their website hasn't been updated for a long time.)
  
  
• I was interviewed by Document Manager, published by Seducom which published a story on digital archives.
  
  
• I have written an article for Informatiebeveiliging Praktijkjournaal by ten Hagen Stam Uitgevers on the legal issues concerning contingency planning. That article is available here (Dutch).
  
  
• I most likely will present a speech at the next Survive! conference in Brussels, October 14/15th 1999. (UPDATE: It got cancelled.)
  
  
• I will chair a seminar on 'Emerging Technologies' during the fair infosecurity.nl in October. I will also give a commercial presentation there about Getronics.
  
  
• I am currently projectleader in two projects implementing BS7799 (Code voor Informatiebeveiliging) and plan to publish some of our experiences here.
  
  

  In 2000:

• I have published about implementing BS7799:1995 at CAK-BZ in tenHagenStam's Informatiebeveiliging Praktijkjournaal issue 1999/10. That document, slightly edited, is available here (Dutch).
  
  
• I have written a chapter on Business Continuity Management for the Jaarboek Informatie Beveiliging to be published sometime in 2000 by ten Hagen Stam Uitgevers. The unedited source document is available here (Dutch).
  
  
• On February 8th, 2000 I will give a presentation on implementing the new BS7799:1999 information security standard at an IIR conference in Amsterdam. More information is available here.
  
  
• At the 'ICT Security Management 2000' event, April 12th, 13th, I will present a talk on Business Continuity Management. More info at the ITSMF site (Dutch).
  
  
• During the ITIL Forum, organised by IIR on May 29th, 30th and 31st in Amsterdam, I will present a talk on contingency management. More information is available here (Dutch).
  
  
• On November 1st 2000, December 6th 2000 and January 17th 2001, I will present for NEN (formerly known as Nederlands Normalisatie Instituut; the Dutch Standards Institute) a one-day workshop about the new release of the information security standard 'Code voor Informatiebeveiliging' or BS7799. More information available here.
  
  
• In the November issue of 'IT Beheer Magazine' of tenHagenStam I wrote with a collegue an article about the recent 'European Business Continuity Event' organized by Survive! and The Business Continuity Institute as well as about recent developments in the field of business continuity planning. More info soon (Dutch).
  
  
• I have written an article (Part 1 and Part 2) on the new version of the Dutch translation of BS 7799 (De Code voor Informatiebeveiliging) for the security portal Informatiebeveiliging.NL
  
  
• I will write an article on the issues involved with information security as a management process for 'Informatiebeveiligingsjaarboek 2001/2002' by tenHagenStam to be published first quarter of 2001. More info soon (Dutch).
  
  
• November 16th, I presented a talk on BS7799 to the NGI (Dutch Society of Informatics). The sheets can be found here (Dutch). An eye-witness report of that talk (with pictures!) is found here (Dutch).
  
  
• November 23rd, I will present a talk on information security at a meeting of the VBN (Dutch Society of Security specialists).
  
  

  In 2001:

• In April 2001 I presented a talk on BS7799 at the worldwide Unisys Users Association conference in Paris.
  
  
• At the Dutch CRAMM User's Association, I will present my experience with the new CRAMM V4 release. (Rumour is that I will be appointed chairman of the User's Association at that meeting.)
  
  
• November 15th 2001, I will present a talk on Business Continuity Management at the yearly seminar for Dutch association of EDP auditors, called NOREA.
  
  
• On October 30th 2001 and November 20th 2001, I will again present the one-day workshop about the new release of the information security standard 'Code voor Informatiebeveiliging' or BS7799 for NEN (formerly known as Nederlands Normalisatie Instituut; the Dutch Standards Institute). More information available here. This course will probably be repeated a number of times in 2002 as well.
  
  

  In 2002:

• I am asked again to write for the 'Informatiebeveiliging Jaarboek 2002/2003 by tenHagenStam publishers. More info to follow soon...
  
  
• Issue 7 of 'Informatiebeveiliging' - the magazine for members of the GvIB - will contain an article on Business Continuity Management written by me. It will be available here soon.
  
  
• Issue 3 of 'IT Beheer Magazine' will contain a review by me of the GvIB publication 'Risicomanagement voor de informatievoorziening'.
  
  
• I will speak at the Information Security Management Congres on April 17th on BS77799, more info here.
  
  
• On March 20th 2002 and in April 2002, I will again present the one-day workshop about the information security standard 'Code voor Informatiebeveiliging' or BS7799 for NEN (formerly known as Nederlands Normalisatie Instituut; the Dutch Standards Institute). More information available here. Later this year the course will be repeated at least two times.
  
  
• On April 2nd, 9th and 16th 2002 I will teach on business continuity during a masters programme at euForce (TU Eindhoven).
  
  
• I am asked to write a story on ISO/IEC 17799 for ISSA Password.
  
  
• I have a contract with a publisher for my first book on information security to be released November 2002. Exciting!
  
  
• May 13th I will present BS7799 auditing at the ISACA Roundtable of the Dutch Chapter.
  
  
• Issue 9 of 'Informatiebeveiliging' - the magazine for members of the GvIB - will contain an article by me about the developments of the BS7799 standard.
  
  
• I will present my experiences with CISA examination to an audience of soon-to-be CISA's during a review training organised by the Dutch ISACA chapter on May 29th 2002.
  
  
• I will present on BS7799 issues at the yearly ISF Congress in October 2002 in Sardinia, Italy. (Update: The presentation was a success.)
  
  
• I will present on information security at the regional meeting of the Association for Security Managers (VBN) on May 30th 2002.
  
  
• I will present on BS7799 and CobiT auditing at ISACA's EuroCACS in Amsterdam in March 2003.
  
  
• I will write an article for issue 10 of 'Informatiebeveiliging' - the magazine for members of the GvIB - on the research done by researchers in the USA into the Return On Security Investment nicely reflecting my ideas on the synergy between quality and information security.
  
  
• I am working on a matrix referencing ISO 17799 and CobiT. More info to follow soon...
  
  
• On September 4th 2002 and on November 7th 2002, I will again present the one-day workshop about the information security standard 'Code voor Informatiebeveiliging' or BS7799 for NEN (formerly known as Nederlands Normalisatie Instituut; the Dutch Standards Institute). More information available here.
  
  
• My book on BS7799 implementation is currently in the proofreading stage. September 2nd 2002 the manuscript was sent to the publisher. Update: It was released in mid November 2002. A sneak preview of the book and its associated webpage is available here (Dutch).
  
  
• I will hold a talk on September 10th at a GvIB meeting about Business Continuity Management.
  
  
• I will present on BS7799 and e-commerce at an event held at Mediaplaza on October 30th 2002.
  
  
• I will present, together with Dr. Ir. Paul Overbeek from KPMG Information Risk Management, on Information Security Management at the 5th Annual E-Business Congress & Expo 2002 organized by ECP.NL on November 13th 2002. (See graphic; a quote from the congress website.)
  
  

  In 2003:

• At the end of February 2003, I will present on BS7799 implementation during a MIS Training Institute conference in London called 'Internal Auditor's Risk and Governance Conference 2003'.
  
  
• In IT Beheer Magazine issue 10, I will review the ISF (Information Security Forum) Congress held from October 5th until October 8th in Sardinia, Italy.
  
  
• In IT Beheer Magazine issue 9, I will discuss Urenco's unique solution against hacking e-mail servers; an automatic airgap, recently approved by an applicable governmental agency.
  
  
• In April 2003 I will again teach on IT Service Continuity Management at the Masters In Information Security course given at the TU/e.
  
  
• A Dutch magazine for the safety/security business, 'Beveiliging', contains the full story of my BS7799 implementation project at Urenco. More info here.
  
  
• On May 8th 2003 and June 12th 2003, I will again present the one-day workshop about the information security standard 'Code voor Informatiebeveiliging' or BS7799 for NEN (formerly known as Nederlands Normalisatie Instituut; the Dutch Standards Institute). More information available here.
  
  
• In June and September 2003 I presented three talks on the new NEN 7510 standard for information security in the Dutch healthsector, organized by Infoland. More info to follow soon.
  
  
• I have developed a practical risk analysis method (project name PRISM) that automatically selects controls from BS7799. Perhaps it will be released in the public domain. More info to follow soon.
  
  
• I discussed ISO 17799 and BS7799 compliance auditing at a Roundtable of the Dutch ISACA Chapter on September 9th 2003.
  
  
• On October 9th 2003 and November 6th 2003, I will again present the one-day workshop about the information security standard 'Code voor Informatiebeveiliging' or BS7799 for NEN (formerly known as Nederlands Normalisatie Instituut; the Dutch Standards Institute). More information available here.
  
  
• I will present ISO 17799 and BS7799 compliance auditing at the 3rd International Conference on Information Security (Nicosia, Cyprus - 22/25 October 2003). My submitted paper for the conference will be available here soon.
  
  
• I am developing a two-day course on information security risk management for the Dutch standards institute (NEN). More info here.
  
  
• During the ISACA Network Security Conference (Milan, Italy - 17/19 November 2003) I will give a three hour workshop on implementing ISO 17799.
  
  

  In 2004:

• In January 2004 I will be chairman at a Heliview conference on Business Continuity Management. More info here.
  
  
• I wrote an article for the Dutch 'IB Jaarboek 2003/2004' (tenHagenStam) on the organizational aspects of security management. The article can be downloaded here (Acrobat PDF, Dutch).
  
  
• I wrote two modules of the distance learning (English) IMF course 'Information Security Management'. More information here.
  
  
• I wrote an article in the Norea magazine 'EDP-auditor' on ISO 17799 compliance auditing.
  
  
• With a number of senior security specialists we are developing a maturity model for BS7799. More information here soon.
  
  
• For the Dutch Kluwer publication 'Handboek EDP-auditing' I have written an article on risk assessment methodologies. Update: instead this article is published in two parts in the Norea magazine 'EDP-auditor'.
  
  
• In 2004 both the one-day course on BS7799 and the new two-day course on risk management will be held. More information here.
  
  
• I have been reviewer of the ISACA publication 'COBIT Mapping: Overview of International IT Guidance'.
  
  
• I presented a talk on the new NEN7510 security standard for the healthcare sector to a security SIG for academic hospitals.
  
  
• On September 14th, I presented on 'Matching (Security) Standards' at a security conference organized by all major Dutch associations for security and audit. Keynote speaker at this conference was Donn Parker.
  
  
• I was interviewed by IT Service Magazine as a result of the talk on September 14th (see above).
  
  
• I am in contact with my publisher about a new book on Business Continuity Management.
  
  
• My reaction on this silly article was publised in Automatisering Gids (week 38).
  
  
• I will be one of the trainers and course material developers for the BCM Academy.
  
  
• I have been asked to teach one module of a course on the new security implementation methodology GrIB. Download the brochure here.
  
  
• I have been asked to give a presentation on security implementation to the security coordinators of the local government of Amsterdam.
  
  

  In 2005:

• On February 16th I will present on experiences with ISO 17799 at a NetwIT meeting.
  
  
• I have written an article on international standars for the ISACA Journal, which will appear in May.
  
  
• I have a new contract with Academic Service for a book on Business Continuity Management, to be published the 2nd quarter of 2006. More info soon.
  
  
• In April I will again lecture on Business Continuity at the Master of Security in Information Technology course at the TIAS Business School.
  
  
• This year I will again present the courses on ISO 17799 and Risk Management at NEN. More info here.
  
  
• On June 22nd I will present on CobiT and ISO 17799 at ISACA's International Congress in Oslo. More information here.
  
  
• I lectured four evenings in June on information security for Novi, the Dutch AMBI module educational institute.
  
  
• I wrote an article on auditing of - and standards for - Business Continuity Plans for the Dutch magazine 'De EDP-auditor' published by Norea.
  
  
• I will present and/or chair at Heliview's seminar on Business Continuity and Risk Management on September 21st.
  
  
• I will write an article for the 'IT Beheer Jaarboek 2005/2006' on BS15000 and BS7799.
  
  
• I will write an article for the GvIB magazine 'Informatiebeveiliging' on the update of ISO/IEC 17799:2005 and the coming ISO 27001:2005.
  
  
• On October 11th I will present on information security at a NetwIT meeting.
  
  
• I will present on ISO 17799 and CobiT at the ISACA Network Conference in Amsterdam on November 15th.
  
  

  In 2006:

• I wrote a lesson for the IMF correspondence course on Business Continuity Management.
  
  
• I wrote a lesson for the IMF correspondence course information security for CISSP candidates.
  
  
• A day of my life will be documented in the Dutch magazine 'De EDP-auditor' published by Norea.
  
  
• I contributed to the expert briefing on security KPI's for the GvIB.
  
  
• I will be part of the review team for ISACA's revised CobiT mapping document.
  
  
• I presented a talk on ISO 17799 at an ISC2 conference in Amsterdam.
  
  
• This year I will give the NEN course on ISO 17799 several times, both for the general public as well as in-company.
  
  
• In Q1 and Q2 of 2006 I present five times the two-day course on NEN7510 risk management organized by the Nederlandse Vereniging van Ziekenhuizen. NEN7510 is the Dutch version of ISO 17799 for the healthcare sector.
  
  
• In April 2006 I will lecture again the module on Business Continuity Planning within the Masters of Security in Information Technology of TIAS Business School.
  
  
• In July 2006 a special issue of GvIB's magazine Informatiebeveiliging on BCM will appear. I will write an article in it.
  
  
• On March 29th I will present on Business Continuity Management at a Heliview conference.
  
  
• In June 2006 (and January 2007) I presented a module on BCP at Mediaplaza.
  
  
• In December 2006 I lectured on physical security at the EDP-auditor course at the Vrije Universiteit in Amsterdam.
  
  
• Further on in 2006 I spoke at an ISACA International Conference, at Cibit's security masterclass and at a NEN security meeting.
  
  

  In 2007, 2008 and beyond:

• I will present a talk at the ISACA International Conference in Zurich in May.
  
  
• I will write an article on security management for the IT Beheer jaarboek.
  
  
• Also this year I will teach DRP for a subsidiary of Det Norske Veritas and physical security at the Vrije Universiteit.
  
  
• I spoke at a congress on risk management.
  
  
• I spoke on the New World Of Work at a congres for HR professionals.
  
  
• I lectured on ISO27001 implementation at Atos Origin Netherlands B.V.
  
  

  In 2009 and beyond:

• I will present a talk on children and security at a conference in October.
  
  
• More to follow ...