Press
Wired External Link
Wired Magazine (German Edition) quoted me and cited some of my research in their recent article: "Google for the Darknet." 
Read it here:  https://www.wired.de/collection/latest/ein-google-fur-das-darknet




Publications



Information Technology Management Topics


Analysis of Enterprise Risk Management of Two Retail Industry Competitors

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    The purpose of this report is to investigate the Enterprise Risk Management (ERM) programs of two retail industry competitors: Wal-Mart Stores, Inc. and Target Corporation. Through in-depth research on the overall retail industry as well as each individual company, this paper explores the fundamental bases for each ERM program including risk governance, risk identification, risk analysis and evaluation, risk treatment, business continuity planning, and disaster recovery.
    Two specific risks, reputation degradation and cyber threats, are further investigated from the perspective of each company and a comparison is made analyzing the similarities and differences in respect to ERM. Furthermore, a review of the history of incidents for each company and each risk highlights several positive and negative aspects contributing to the evolution of the ERM programs. Additional analysis comparing both companies’ ERM programs and history is provided culminating in three significant lessons learned.
    Lastly, this paper introduces a hypothetical small to medium-sized retail company, develops an ERM program applying many of the lessons learned, and identifies some potential challenges. Both reputation degradation and cyber threat risks are incorporated into this company’s ERM program and recommendations are made on best treatment options. Also, business continuity plans and disaster recovery is addressed particularly in response to the two identified risks.


The Internet of Things in the Retail Industry
Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    The Internet of Things will have a profound impact on businesses and consumers in the near future. Most industries will develop innovative ways to leverage the power of the IoT through the use of sensors and actuators, extensive connectivity, and intelligent people and processes. In particular, companies within the retail industry are positioned to gain significant benefits for early adoption impacting several strategic areas: energy, security, smarter analytics, new revenue streams, productivity, and travel. More specifically, creative use of IoT can enable retailers to increase revenue through additional product lines, decrease costs through lean processes and green initiatives, and enable technical innovation through next-generation supply chains and cashier-less RFID checkouts.
    Despite these opportunities, the IoT does have several challenges that must be considered. Lack of industry standards, weak cybersecurity posture, inefficient or nonexistent infrastructure, and privacy concerns must all be addressed when planning an IoT initiative. Regardless, the rewards are greater than the risks so the IoT opportunity should still be explored. Through business, organizational, and information systems strategy, a phased implementation allowing opportunity to adjust to consumer demands and build trust, expand existing infrastructures, and ensure security measures are sufficient will position the retail company favorably to profit in the short and long-term.
  Download PDF



Managing Information Technology Enabled Change - Course Portfolio

Author:  Christopher Furton
Date: December 20th, 2011
Abstract: 
    This portfolio was developed to provide a comprehensive summary of the course on Information Technology (IT) Change Management with the intention to be continuously updated throughout my career. The structure of the document, as shown in the table of contents, consists of three modules with several parts per module. Each part begins with a summary of the readings, lectures, and discussions then evolves into assessments of case studies and/or reflections on my work experiences.
    The material discussed in this portfolio starts with Module one where information technology and change management are dissected from a theoretical standpoint. Linkages between organizational strategy and technology are examined with the emphasis on creating a constructive partnership. This module helps the reader understand the uniqueness of every change initiative and introduces several perspectives on how to manage throughout the entire change process.
    The second module departs slightly from the purely theoretical perspective as seen in module 1 and develops a toolbox for change managers. Models are introduced that help the change agent analyze the structure of an organization, the readiness to change, and analysis of key elements that can help or hinder the initiative. Discussion on how a change agent can identify stakeholders, assess the culture, deal with resistance, and influence work systems.
    Lastly, module three discusses the various roles that a change agent can assume. These roles help form the basis for how the change agent communicates, motivates, acts, and measures progress. This module will help the change agent decide how to approach a change initiative and how to better influence the people, the organization, and the structure.
Information Technology is critical for the success of most organizations. When harnessed properly, technology can help develop competitive market advantage, organizational communication, and productivity. If not handled properly, IT can destroy an organization’s financial posture with potential to destroy its longevity. This portfolio builds the foundation for successful management of IT change initiatives.

Multi-Country Analysis of Strategic Information Management in the Airline Industry

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    This project explores how information management is used to help develop strategy within the airline industry today. During collaboration our group researched different trends in the airline industry as a whole, then broke down our findings into specific countries/regions. To address how information management is used we looked at trends in the United States, China, and
South Africa where we successfully analyzed our findings.
Download PDF

Download PDF: 
Christopher-Furton-Multi-Country-Analysis-of-Strategic-Information-Management-in-Airlines.pdf


A Case Study on Effective IS Governance within a Department of Defense Organization

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    This case study develops influencing factor that should be considered when developing an effective information security governance program with a Department of Defense weapons system test and evaluation organization. The influencing factors are then incorporated into an existing governance framework developed by A. Da Veiga and J. H. P. Eloff (2007). The result is a unique framework tailored to the organization which can be used as the foundation to building a holistic information security program.
Download PDF

Download PDF: 
Christopher-Furton-Case-Study-on-Effective-IS-Governance-within-DoD.pdf

 

IT Capital Planning: Enterprise Architecture and Exhibit 300 processes for the CDC and NNSA

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    This paper explores two of the topics relating to IT Capital Planning and compares those processes in place at two federal agencies. The Enterprise Architecture and the Exhibit 300 business cases are reviewed from the Centers for Disease Control and Prevention (CDC) and the National Nuclear Security Administration (NNSA). The findings are that both agencies have programs in place to address Enterprise Architecture and the Exhibit 300, however, the amount of information made public varies resulting in inadequately level grounds for comparing and contrasting. Regardless, this paper explores the agencies’ programs highlighting the positive aspects and the growth opportunities of each while evaluating the overall IT Capital Planning posture.

Case Study: PetSmart & Petco Analysis

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    The pet specialty retail industry is a growing and competitive market with two major retailers, PetSmart and PETCO, and thousands of small businesses. This case study analyzes the two major national retailers PetSmart, Inc. and PETCO Animal Supplies, Inc. by comparing five management topics: perception management, innovation, social responsibility, role of information technology, and strategic planning. Ultimately, both companies are competitive and operate based on similar management strategies. With comparable product lines, animal services, and charitable organizations, PetSmart and PETCO will continue to fight for competitive advantage for years to come.

Cyber Security Topics

  

Configuration Management: a Critical Component to Vulnerability Management

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    Managing software vulnerabilities is increasingly important for operating an information technology environment with an acceptable level of security. Configuration Management, an often overlooked Information Technology process, directly impacts an organization’s ability to manage vulnerabilities. This paper explores a Department of Defense organization that currently struggles with vulnerability management. An analysis of current vulnerability and configuration management programs reveals a gap between two. Further examination of the assets, vulnerabilities, and threats as well as a risk assessment results in recommendation of a new configuration management program. This new program leverages configuration management databases to track the assets of the organization ultimately increasing the effectiveness of the vulnerability management program.

  

Mitigating Botnet Information Security Risks through Enterprise Architecture and the Information Technology Security Architecture

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    This paper investigates the threats of botnets to the enterprise environment. First, this paper looks at the history of botnets and the evolution of command and control topologies. Propagation techniques are reviewed as well as analysis of advanced botnets that target enterprise information systems. The use of botnets is analyzed resulting in a list of 19 botnet risk area topics that, if unmitigated, can be devastating to the organization’s business processes. Next, this paper examines mitigation activities, namely the Information Technology Security Architecture model (Bernard & Ho, 2008), that can help organizations reduce the possibility of botnet infection and reduce the impact if an infection occurs. Lastly, this paper presents a case study where a nation-state uses part of the business continuity planning process of the Information Technology Security Architecture to mitigate a distributed denial of service attack.

  

The Sony Hack: Information Technology Strategy Lessons Learned

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    On November, 24, 2014, someone claiming to be a former Sony Pictures Entertainment (SPE) employee announced via the website reddit.com that current employees were being sent home due to a network hack. Over the following couple weeks, details of the hack emerged highlighting the severity of the intrusion. This paper analyzes open source information gathered within the first three months after the attack and highlights several Information Technology Strategic lessons learned.

  

Phishing Prevention Using Digital Signatures and PKI

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
   Phishing attacks pose a significant risk to an organization’s information and information systems. The risk can be reduced by implementing technical controls such as Public Key Infrastructure and policy controls mandating use of digital signatures. With added encryption capability and non-repudiation, the investment in a complete PKI system is worth the cost. Although the risk associated with phishing cannot be eliminated due to the ever changing technology and the human factor, the addition of this layer of defense will prove beneficial.

  

Continuous Monitoring of Information Systems

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    Continuous monitoring offers great promise for the future of managing information system security. Specifically for the federal government, the principles of continuous monitoring can help with compliance to law as well as achieve certification and accreditation. When leveraged, continuous monitoring can help managers make better risk decisions. There are some disadvantages, but with the industry involvement sought by DHS, the future of continuous monitoring looks good.

  

Commercial Mobile Devices and Organizational Cyber Security

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    Commercial Mobile Devices are critical to organizations and, if implemented and used properly, are a business-enabler that significantly enhances communication. For the purpose of this paper, Commercial Mobile Device (CMD) is defined as any portable device that is purchased from a commercial vendor that processes, stores, and/or transmits organizational information. Laptops, smart phones, external media such as flash media or external hard drives, and digital cameras are all common examples of CMDs in use throughout many organizations. Although these devices provide flexibility and mobility to businesses, considerations must be made to secure what is stored on devices, how the device communicates back to the organization, and how users authenticate to the device. Additionally, the policy aspects must also be considered.



Privacy Topics


DARPA Memex Project Erodes Internet Privacy

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    In February of 2014, the Defense Advanced Research Projects Agency (DARPA) announced the Memex Project that is currently being used by Federal agencies, law enforcement, and Non-Governmental Organizations (NGOs). The Memex project deploys technology that crawls, indexes, analyzes, extracts, and provides search functionality across the entire Internet including the criminal underground referred to as the Dark Net. Despite the good intention of DARPA, the Memex tool raises several privacy concerns such as scope of use, oversight and transparency, data retention, and information security. With this powerful big data capability, precautions must be taken to protect citizen’s privacy rights.



Information Architecture Topics


Burn Institute Web Design Strategy Report

Author:  Christopher Furton
Date: May 7th, 2012
Abstract: 
    As a leader in burn prevention, education, and treatment, the Burn Institute has earned national recognition for excellence. In the office, the Burn Institute’s value to the community is seen through the numerous charitable benefits and the long-lasting positive impact on burn victim recovery. Since inception, the organization has grown to include a substantial portfolio of services. Even with forty years of growth, the organization still continues to improve its products and services to reach out and help more people in more places.
    On the digital frontier, the Burn Institute already provides an informative website supporting the San Diego community. With the current plans of expanding regionally, the Institute is primed for taking the next big step on the Internet. In America, 68 percent of households used broadband Internet access during 2010. The Institute’s cyber presence offers a method to grow the customer base to a regional and potentially national level while increasing and personalizing the experience for our native San Diego clients.
    To accomplish this, the Burn Institute needs to go through a Cyber Transformation. This project, referred to as BurnInst v2.0, will accomplish just that. Integrated with Social Media, BurnInst v2.0 will provide burn survivors with positive and welcoming home on the Internet. But the new site isn’t just a tool for survivors; this new site streamlines and leans business process such as grant requests, volunteer coordination, and information dissemination. The new media libraries provide quick access to the right information making the Burn Institute website the place to go for fireman, paramedics, and the academic community.


Information Architecture Techniques and Best Practices

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    Developing information structures, such as websites or systems, involves a complex set of processes with the goal of making information usable, findable, and organized. Information Architecture tools, techniques, and best practices provide the building blocks to achieving the end state. With hundreds and possibly thousands of tools and techniques available, this paper explores five specific options: card sorting, free-listing, perspective-based inspection, personas, and content value analysis. These five techniques span the breadth of the information architecture project and provide insight into the constantly evolving and developing information architecture field.




Information Policy Topics


The Sex Offender Registry: Public Safety or Public Shaming?

Author:  Christopher Furton
Date: May 5th, 2015
Abstract: 
    Sex offenses have been the subject of public debate with a dramatic increase in public policy governing what is considered a sex offense and how to treat those who offend. Under current law, the usage of an information repository known as the Sex Offender Registry is the solution providing support to law enforcement in solving sex crimes, preventing future crimes from occurring, and increasing public safety. However, research has indicated that the laws may be based on several false assumptions about the nature of sexual offenses and offenders.
    This paper looks at the sex offender registry policies -- particularly the public availability of offender information. Reasoning and rational presented by both conflicting sides of this policy, along with supporting laws and court decisions, indicates conflicting views often rooted in fear and misinformation. The major question being: Is the sex offender registry a tool for public safety or for public shaming?




About the Author

Author Christopher Furton


Author: Christopher Furton

Website: Http://christopher.furton.net

Certified professional with over 12 years of Information Technology experience and 8 years of hands-on leadership.  An expert in cyber security with both managerial and technical skills proven throughout a career with increasing responsibility and performance expectations.  Known ability to translate complex information for universal understanding.  Detail-driven, results-focused leader with superior analytical, multitasking, and communication skills. Well-versed in industry best practices including Project Management and IT Service Management.  Currently holding active CISSP, CEH, ITIL Foundations, Security+, and Network+ certifications.

 

Visit the auhor’s blog:

IT Management Perspectives - https://christopherfurton.wordpress.com/


Ċ
Christopher Furton,
May 5, 2015, 2:30 PM
Ċ
Christopher Furton,
May 5, 2015, 2:31 PM
Ċ
Christopher Furton,
May 5, 2015, 2:29 PM
Ċ
Christopher Furton,
May 5, 2015, 2:27 PM
Ċ
Christopher Furton,
May 5, 2015, 2:29 PM
Ċ
Christopher Furton,
May 5, 2015, 2:30 PM
Ċ
Christopher Furton,
May 5, 2015, 2:28 PM