Profiles search

Charles Cresson Wood, JD,MBA,MSE,CISSP,CISM,CGEIT,CIPP,CISA

Attorney & Management Consultant Specializing In Information Security & Privacy
Lakebay, WA, United States

Details

Education: JD

law (magna cum laude)

St. Francis School of Law

2012 : 2016

MBA

financial information systems

The Wharton School

1977 : 1979

MSE

computer science

University of Pennsylvania - Moore School of Engineering

1977 : 1979

BSE

accounting

University of Pennsylvania - The Wharton School

1974 : 1976

Germantown Friends
Experience: Charles provides private sector clients with third-party independent compliance audits related to information security and privacy laws and regulations (HIPAA, GDPR, CCPA, SOX, GLBA, etc.). These services can be used as part of the due diligence process performed prior to a merger or acquisition, prior to disclosing a trade secret to a business partner, or prior to selling information assets in bankruptcy proceedings. To prepare for these compliance audits, he also provides a wide variety of infrastructure development services, such as data flow mapping across legal entities, so as to then be sure that the necessary controls are applied at the appropriate control points. Charles also provides information security and privacy related risk assessment services including a review of the adequacy of information technology management and governance systems. Other infrastructure development services include writing policies, developing technical standards, preparing training and awareness materials, briefing top management team members about their fiduciary duties, and preparing project-based action plans to markedly improve a client's information security and privacy posture.

1985 : Present

InfoSecurity Infrastructure, Inc.

Attorney & Management Consultant - Specializing in Information Security and Privacy

Perform banking network information security risk analyses, develop new encryption and digital signature policies and standards, and act as an interface person with industry groups, lawmakers, and the public. Write speeches for senior executives. Act as an information security liaison with lawmakers.

1984 : 1985

Bank of America

Senior Information Security Consultant

Helped develop the first manual for the investigation of computer crime, assisted with research populating the first public database of computer crimes, performed information security consulting and research projects for Fortune 500 companies and government agencies. Investigated and documented the human factors causes and management failures that permitted computer crimes and computer abuses to take place. Wrote research papers on information security and privacy issues such as why open book management cannot be fully implemented across an organization. Wrote research reports about privacy and trans-border data flows, security and information resource management, the societal and economic impacts of public key encryption, and related cutting-edge information security and privacy related topics.

1979 : 1984

SRI International (Stanford Research Institute)

Computer Security Management Consultant
Company: InfoSecurity Infrastructure, Inc.
Years of Experience: 45

Skills

Analytical Skills, California Consumer Privacy Act (CCPA), Certified Information Security Manager (CISM), CISA, CISM, CISSP, Compliance Auditing, Computer Security, Cyber-security, Cybercrime, Data Privacy, Data Security, Encryption, Governance, Information Security, Information Security Management, Information Technology, Insurance Policies, IT Audit, Management, Network Security, Payment Card Industry Data Security Standard (PCI DSS), PCI DSS, Policies & Procedures, Risk Assessment, Security, Security Audits, Security Policy, Software Documentation, Vulnerability Assessment

About

Charles is an independent management consultant and legal compliance auditor, specializing in the field of information security and privacy. He has been in this same field for more than 40 years. He provides independent compliance audits to determine whether companies are operating in a manner that is fully consistent with laws and regulations, making practical recommendations for coming into full compliance where necessary. He also works as an internal consultant to companies, designing and implementing both management and governance systems in support of information security and privacy. He also assists clients by developing internal infrastructure documents such as user training materials, system development guidelines, security and privacy policies, related procedures, and job descriptions. Charles is best known for his book entitled Information Security Policies Made Easy (used by 70%+ of Fortune 500 companies). His most recent book is Corporate Directors' & Officers' Legal Duties for Information Security and Privacy: A Turn-Key Compliance Audit Process (see www.dutiesaudit.com).