Mr. Murray is a leading expert in the area of information protection. He is a consultant and management trainer in information security. Mr. Murray has more than forty years of experience in information technology and more than thirty years experience in information protection. During his twenty-five years with IBM, he held a number of management positions in application development, marketing support, and production development. As manager of Data Security Support programs for a marketing division, Mr. Murray was responsible for market support for the Resource Access Control Facility for IBM's VM and MVS operating systems. As program manager of data security for the Communications Product Group, he was responsible for authoring the product security strategy. Mr. Murray was one of the early participants in the definition of security requirements for IBM's System Application Architecture including the common user and common cryptographic architectures. In one IBM assignment, he managed the development of the security subsystem for IBM's Advanced Administrative System. After almost two decades of operation, this list-based access control system is still a model for many more modern systems. Mr. Murray is a widely published writer. He authored the IBM publication Information System Security Controls and Procedures. This work is now in its fourth printing and might be the most widely cited publication in the field. In addition, Mr. Murray wrote the IBM Security Assessment Questionaire. The "Orange Card" is the most widely used security self-assessment in the world. Other documents that he has contributed to include the Computer Security Reference Book, in which he composed a chapter on DOS. Mr. Murray has also regularly contributed to the Handbook of Information Security Management (Auerbach). In addition to the chapters on enterprise, system, and client-server security architectures (1998 Edition), his chapter on Cryptographic Key Management will appear in the 1999 Edition and he has been selected to write the chapter on Public Key Infrastructure for the year 2000 Edition.
