Mr Malcolm Pattinson

• Information Security
• IT Governance & COBIT
• Information Security Management
• Information Risk Management

Member of Adelaide Chapter of ISACA

Member of Academic Liaison Committee of International ISACA

Member International Federation for Information Processing Systems (IFIPS), Technical Committee 11, Working Group 11.1 (Information Security Management)

Bachelor of Applied Science (Data Processing) (South Australian Institute of Technology)

Master of Commerce (Research)(Thesis topic: "Evalauating Information Systems Security: An Application of Goal Attainment Scaling) (Flinders University)

PhD (in progress) (Thesis topic: "Behavioural Issues in Information Security"), (University of Adelaide)

Certified Information Systems Auditor (CISA)

Certified Information Security Manager (CISM)

Certified in The Governance of Enterprise IT (CGEIT)

• Information Systems Security Assessment & Evaluation
• Goal Attainment Scaling (GAS)
• IS/IT Standards & Certification Schemes
• ISO/IEC 27001, COBIT.
• Information Risk Management
• Human Behavior & Information Security
• Psycho-social aspects of Information Security
• IT Governance
• Information Security Governance

"How Well Are Information Risks Being Communicated To Your Computer End-Users?", Proceedings of the International Symposium on Human Aspects Of Information Security & Assurance (HAISA 2007), Plymouth, UK, July 2007, pp. 25-36.

"How Well Are Information Risks Being Communicated To Your Computer End-Users?", Information Management & Computer Security, Vol 15, No. 5, 2007, ISSN 0968-5227, pp. 362-371.

"End-user Risk-taking Behaviour: an application of the IMB model", Proceedings of 6th Annual Information Security Conference, Las Vegas, April, 2007.

"Mitigate Information Risks by Improving User Behaviour", Conference Proceedings of ISACA's 34th International Conference, Adelaide, South Australia, July, 2006

"Information Risk Management: Some Social-psychological Issues", Proceedings of 5th Annual Information Security Conference, Las Vegas, April, 2006.

"Risk Communication, Risk Perception and Information Security", Security Management, Integrity and Internal Control in Information Systems, Proceedings of IFIP TC-11 WG11.1 & WG11.5 Joint Working Conference, Fairfax, Virginia, USA, December, 2005, pp. 175-184, .

"A Method of Assessing Information System Security Controls",Chapter in Information Security and Ethics: Social and Organizational Issues edited by Dr Marian Quigley, Idea Group Publishing, Hershey PA, USA, 2005, pp. 214-237.

"Risk Homeostasis as a Factor of Information Security", Proceedings of 2nd Australian Security Management Conference, Fremantle, WA, November, 2004, pp. 64-72.

"COBIT: AN Ideal Tool for Teaching Information Security Management", Information Systems Control Journal, ISACA, Rolling Meadows, Illinois, USA, Vol 6, 2004, pp. 33-36.

"Compliance with an Information Security Management Standard: A New Approach", 9th Americas Conference on Information Systems (AMCIS), August 4-5, 2003.

"A Methodology for Assessing IS Security Controls", Informaton Resources Management Association (IRMA) International Conference, Philadelphia, USA, May 18-21, 2003.

"The Self-Assessment of Management Controls". Oceania CACS 2000, Information Systems Audit & Control Association, Adelaide, May, 2000.

"ERP Systems - the Silver Bullet of the New Millenium?". Managing Beyond 2000, Australian Society of CPA's, March, 2000, Adelaide.

"Using Goal Attainment Scaling to Evaluate the Security of Information", Australasian Evaluation Society, 1997 International Conference, Adelaide, October 1997

"A Soft Systems Model for Planning IS Security", The Eighth Australasian Conference on Information Systems, Adelaide, September, 1997.

"Use of Baselines and Goal Attainment Scaling as a Method of Evaluating IS Security", First Asia Pacific Decision Sciences Institute Conference, Hong Kong, June 1996.

"Use of Baselines and Goal Attainment Scaling as a Method of Evaluating IS Security", IFIP TC11 Small System Security Conference, Greece, May 1996.