About the Author
Charles Cresson Wood is a bridge-person who brings together practical perspectives from business, technology, communications, psychology, sociology, education, ethics, human factors, law, and other fields, to synthesize and articulate practical solutions. More specifically, he is an independent high-tech management consultant and attorney who focuses on the governance, risk management, and awareness-raising aspects of cutting-edge technology (such as AI). He has been working in the information systems risk management area since 1978. His most famous book is entitled Information Security Policies Made Easy, and it has gone through 14 editions, and been purchased by over 70% of the Fortune 500 companies. Charles has published over 390 articles and six other books dealing with information systems risk management, most recently Corporate Directors’ & Officers’ Legal Duties for Information Security and Privacy: A Turn-Key Compliance Audit Process (see http://www.dutiesaudit.com). Charles has performed consulting in this same area with over 125 different organizations, in 20 different countries, so he brings a seasoned multi-national perspective to AI risk management. He is not an AI insider, but instead brings an independent researcher’s perspective to AI -- a perspective he learned while employed by Stanford Research Institute (now SRI International). In this book, Charles has identified the techniques and methods that have been proven to work in other information technology risk management areas, and then applied those proven ideas to the unique risks associated with AI.
Charles holds a Juris Doctorate from St. Francis School of Law, and he is a licensed attorney in both California and Washington. He has a Master of Business Administration degree (major in financial information systems) from the Wharton School at the University of Pennsylvania. He also holds a Master of Science in Engineering degree (major in computer science) from the Moore School of Engineering at the University of Pennsylvania -- birthplace of the ENIAC, the world’s first general purpose electronic computer. He additionally holds a Bachelor of Science degree in Economics (major in accounting) from the Wharton School at the University of Pennsylvania. He is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP/US), and he is Certified in the Governance of Enterprise Information Technology (CGEIT). Charles has additionally received the “Lifetime Achievement Award,” from the Computer Security Institute, for his “sincere dedication to the computer security profession.” For additional information about his background, skills, and perspective, go to https://www.dutiesaudit.com.
_____________________________
Some early reviews of Internal Policies for Artificial Intelligence Risk Management:
"I was delighted to review the recently completed book by Charles Cresson Wood on Policies for AI Risk Management. This is a godsend for anyone attempting to get a handle on where to start in establishing an AI risk management framework." - Teresa Schoch, Esq., AI and Privacy Consultant, MS, JD, CRM, CIPP/US/E/M, ERMM, CIP, IGP
"What becomes eminently clear when reading through the many policies in this valuable book is that there are countless areas where AI policies are needed. Enforcing that in a one page policy is nearly impossible... The ease with which AI can be deployed beguiles how easy it is to break compliance with various laws and regulations. The book ensures you can stay on the right side of the law. For those who want to use AI with all the benefits but eliminate the embarrassment and mitigate the risks, Internal Policies for Artificial Intelligence Risk Management is an invaluable resource to do that." - Ben Rothke, Senior Information Security Manager, Tapad
"I'm very impressed by the [AI policies] book. I don't know how you have the time and brainpower to pull together something like that. Very impressive!" - Kevin Beaver, Penetration Tester Technical Consultant, Principle Logic
"Impressive book! You certainly are on the leading edge with respect to AI." - Larry Dietz, Esq., General Counsel, TAL Global Corporation
_____________________________
Some reviews of one of Charles’ prior books, entitled Information Security Policies Made Easy:
“A complete kit of proven best practices that any organization can use and customize to make policies that meet their exact needs. Don't write policies without it.” --Jay Heiser, Columnist, Information Security Magazine
“This is the gold standard policy reference for any serious security practitioner to have in their arsenal of tools, a must have! The instructions and examples for establishing security policies and implementation processes add real value to this edition.” --John B. Kramer, CISSP, CISA, Information Security Manager
“Information Security Policies Made Easy (ISPME) is one of the most important information security books available for those who are serious about creating a comprehensive set of information systems security policies. Given the dynamic nature of technology, very few technology books can stand the test of time and remain relevant for a few years, let alone a decade after their original printing.” --Ben Rothke, CISSP, CISM, Director - Security Technology Implementation
“Charles Cresson Wood, CISSP, CISA, CISM, is a distinguished contributor to our field; in addition to extensive consulting in a wide range of industries, publication of hundreds of professional articles and five books, and service as a professional editor, he has also contributed expert commentary to the public news media.” --Michael Kabay, PhD, CISSP-ISSMP
_____________________________
Some reviews of another of Charles’ prior books, entitled Corporate Directors’ & Officers’ Legal Duties for Information Security and Privacy:
“Considering that Charles wrote the great resource Information Security Policies Made Easy, it should come as no surprise that he has created yet another masterpiece with this book [Corporate Directors’ & Officers’ Legal Duties] … If you’re responsible, in any way, for information security and privacy compliance, especially if you serve as a corporate director or officer, get this book!” – Kevin Beaver, CISSP, Information Security Consultant, Principle Logic, and Author of “Hacking for Dummies,” plus 11 other information security books
“For those who need to show that their firm takes information security and privacy seriously, and demonstrate that to stakeholders, in Corporate Directors' & Officers' Legal Duties for Information Security and Privacy, Charles Cresson Wood has written another invaluable reference.” – Ben Rothke, CDPSE, CRISC, SMSP, CGEIT, CISA, CISM, CISSP, Senior Information Security Manager, Tapad, and author of the books entitled “Network Security: The Complete Reference,” and "Computer Security: 20 Things Every Employee Should Know"
“Corporate Directors' & Officers' Legal Duties for Information Security and Privacy is a treasure trove of valuable information to help an organization understand who is responsible for cybersecurity. Specifically, so much of the area of cyber protections and controls is focused on technical individuals and technical competency. This is not a bad thing, but technical individuals are not responsible for the information security program of an organization. Directors & Officers must understand their responsibilities when it comes to cybersecurity [and cyberprivacy], and these volumes amazingly, map, the legal requirements to the leadership responsible for carrying out information security and privacy in an organization.” – Shane D. Stailey, PhD, DCS-IA, MSM-ISS, MS CIS, Senior Industrial Control Systems Cybersecurity Professional, Training Opportunities and Strategy Lead, Infrastructure Assurance & Analysis Division, National & Homeland Security, Idaho National Laboratory
“A valuable resource!” – Deb Radcliff, Cybersecurity Analyst, Speaker, and Investigative Journalist, and author of the book "Breaking Backbones: Information is Power"
_____________________________
A highly regarded annual survey about perceived security risks, the SANS Security Awareness Report, in 2024 noted a new risk that popped-up. That new risk is AI, and for the first year in the decades that these surveys have been conducted, it was widely considered a serious risk. The report said that “organizations are struggling to figure out how to use it and the risks, policies and controls that must be in place to manage those risks.” The new book described on this website provides the specifics of how organizations can achieve these risk-management-related objectives. – SANS 2024 Security Awareness Report