Krag Brotby Biography

Presenter Krag Brotby has more than twenty years in the computer security field with a focus on governance and architecture. He is lead author of the official ISACA CISM Review manuals and related presentation materials. Brotby has served on the ISACA security practice development committee and has been appointed to the Test Enhancement Committee which defines the practice area for the coming years. As a contributor of CISM examination questions, Krag has an intimate understanding of the type and level of security governance knowledge required to be successful at the examination.

An early contributor to SABSA methodology and developer of the Business Process Assurance model (BPA) and the Rapid Security Assessment Model (RSAM), Krag has extensive experience with security governance issues and practices. He is author of Information Security Governance: Guidance for Boards of Directors and Executive Management published by the IT Governance Institute (2006). Brotby is a frequent presenter at numerous conferences globally and conducts training seminars for information security governance and information security management and metrics throughout Asia, Australia, the Middle East, and the US, including training for the US Department of Defence.

He has authored numerous white papers and articles on risk management, PKI, and training and is a foundation patent holder in the early days of digital rights management.

Clients have included Microsoft, Unisys, AT&T, Alyeska, Countrywide Financial, Informix, VISA, Verisign, Digital Signature Trust, Australia Post, ZANTAZ, Bank Al Bilad, JP Morgan Chase, Singapore Government, Certicom, and Paycom among others.

He is currently focused on an information security metrics project for ISACA as the researcher and author in addition to completing reference books on security metrics and security governance for Auerbach and Wiley and Sons. Mr Brotby is based in California, USA.