Charles Cresson Wood, JD, MBA, MSE
Charles Cresson Wood, JD, MBA, MSE, CISA, CISSP, CISM, CIPP/US, CGEIT is an Independent Management Consultant, High-Tech Licensed Attorney, and Independent Researcher focused on Artificial Intelligence Risk Management at InfoSecurity Infrastructure.
Charles has been in the information security and privacy field since 1979 and worked as an information security management consultant at SRI International (formerly Stanford Research Institute) until 1984, when he joined the Bank of America as Lead Network Security Consultant.
He has done information security work with over 125 organizations — many of them Fortune 500 companies — including a large number of financial institutions and high-tech companies. His consulting work has taken him to over 20 different countries around the world.
Charles is a Consultant and serves as a security professional at InformationShield, for their Ask the Experts panel, providing customers with time-saving products and services to help build, update and maintain information security and data privacy policies.
His most recently published book is entitled Internal Policies for Artificial Intelligence Risk Management. The book provides 175+ already-written policies that can be selected, edited, approved, and republished internally at licensee AI user organizations.
Charles has been in the information technology risk management area for 40+ years. He works as an expert witness, as well as an internal consultant to companies, nonprofits, and government agencies. He is often called upon to write/update IT risk management policies and design both management and governance systems in support of information technology. Read Solving the Information Security & Privacy Crisis by Expanding the Scope of Top Management Personal Liability.
Charles is best known for his book entitled Information Security Policies Made Easy. used by 70%+ of Fortune 500 companies, which is now in its twelfth edition. In addition to TV and radio appearances, he has been quoted as an expert in publications such as Business Week, Christian Science Monitor, Computerworld, IEEE Spectrum, Infoworld, LA Times, Network Computing, Network World, PC Week, The Wall Street Journal, and Time. He has also presented innovative information security ideas at over 125 technical and professional conferences around the globe.
He also wrote and published a book entitled Corporate Directors’ & Officers’ Legal Duties for Information Security and Privacy: A Turn-Key Compliance Audit Process.
Charles has written about information security and privacy related roles and responsibilities. With the recent rapid rise in the popularity of outsourcing and cloud services, it is more important than ever to definitively clarify roles and responsibilities of all the involved parties, and manifest those roles and responsibilities in outsourcing contracts, service level agreements (SLAs), and contingency plans. This topic is further addressed in Charles’ book entitled Information Security Roles and Responsibilities Made Easy.
Charles has been a Senior North American Editor for the Elsevier journals Computers & Security and Computer Fraud & Security Bulletin. He has also been on the Editorial Board for the European newsletter called Inside Fraud Bulletin, published by Maxima Group. For many years, he wrote a monthly information security policies column for United Business Media’s publication called Computer Security Alert. He has also been an information security columnist for the SearchSecurity.com web portal maintained by TechTarget Media Group.
Charles earned his JD in law from St. Francis School of Law in 2016. He is an active licensed attorney in both California and Washington, and he can work as either in-house counsel or an independent legal compliance auditor for firms in most US states. He earned his MBA in financial information systems and a BSE in accounting from the Wharton School of Business at the University of Pennsylvania in 1979. He earned his MSE in computer science from the Moore School of Engineering at the University of Pennsylvania in 1979.
Charles has been designated as Certified in the Governance of Enterprise Information Technology (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), and Certified Information Privacy Professional (CIPP/US).
He is also the recipient of the 1996 Lifetime Achievement Award from the Computer Security Institute for “sincere dedication to the computer security profession.”
Read Information Management & Computer Security and Burning computer security, privacy, and freedom issues.
Listen to the CISO Stories Podcast: Five Mistakes Impacting Security and Privacy Policy Creation.
Visit his LinkedIn profile, Abundant Reality page, Google Scholar page, and ResearchGate profile. Follow him on Facebook, dblp, and JUSTIA Lawyers.