PSI LogoParadigm Shift


Personal Bio

Robert P. Abbott
Associate, Paradigm Shift International
Abbott Computer Partners, Oakland, CA

Security relevant experience

  • Over 30 years as an IT security professional.

  • Recipient of the New York Chapter of ISSA 2002 Fitzgerald awarded for lifelong and continuing contributions to the field if IT Security.
  • Participant in more than 300 IT Security reviews and analyses for the insurance industry, banking, state & federal governments, and various foreign governments and companies.
  • Principal Investigator, The RISOS Project (Research In Secured Operating Systems) [1971-1976]. Its Mission:  1) develop software and methodologies for analyzing and testing the security features of computer operating systems.  2) maintain a posture of readiness to test the security strengths of designated Department of Defense computer systems.  This was the first funded research project addressing computer security (DOD-ARPA).
  • Consultant for the movie "SNEAKERS" starring Robert Redford, Dan Ackroyd, Sidney Poitier.  The movie addressed Computer Hackers, encryption, and unauthorized access to computer systems.  Mr. Abbott was contacted because of his RISOS experience.  Bob Abbott's contribution was of such significance that the character played by James Earl Jones was given the name "Bernard Abbott".
  • Author of the Privacy and Data Confidentiality Policy for the Professional Service Review Organizations (PSROs) Program, and for the End Stage Renal Disease Program (while serving as the Senior Data Processing Consultant for the Bureau of Quality Assurance, Health Care Finance Administration) [1974].
  • Author of “Security Analysis and Enhancements for Computer Operating Systems”, published by National Bureau of Standards (now known as NIST).  Withdrawn from publication after being deemed, by peers, as a dangerous document in that it detailed how software could be misused to make unauthorized access.
  • Most recently, a member of a 4-person design team to develop a “Discovery Engine” answering the questions:  1) What is on my network today?  2) How is that different from yesterday?  3) Is each discovered device (i.e., each IP addressable network element) manageable?  4) Is each discovered device operating according to corporate IT Security policies?  Among other features, this product is also identifies “rogue” devices on a network.

Consulting practice focused on IT security:

Security policies and procedures assessment

  • Creation and/or Auditing of the Corporate Security Policy Security systems are designed to enforce a security policy. An Information Security Policy is a set of documents that clearly states the requirements for expected and accepted employee behavior, technical security systems, and the physical controls that are to be maintained to protect the company’s information resources. In order to form a comprehensive information security strategy it is critical to first understand the information assets that are to be protected, their realistic value, and the probable risks to these assets. Consequently, a mix of quantitative and qualitative techniques must be used to locate critical assets throughout the organization, and determine susceptibility to known as well as predicted information risks.

Asset identification and valuation

Risk analysis

  • Vulnerability assessments
  • Threat Analysis
  • Safeguards and compensating controls

Disaster recovery

Physical security and systems protection

Software security controls

Network security controls

  • Network and Security Architectural Design Designing Intranets, Extranets, and Internet access strategies for a non-stop business environment is a significant endeavor. Making these networks secure is a more daunting task. 
  • Backbone and Campus Network Design
  • Secure Remote Access and VPN Solutions

Firewalls, Internet, Intranet and Web security

Anti-virus protection

Content protection using encryption, digital signatures and authentication

Penetration testing

Education: BS, Mathematics.  University of California, Berk­eley

Certification: CISA - Certified Information Systems Auditor.

Speaking:  Invited speaking at numerous meetings of over 20 different professional societies, and numerous professional conferences. Topics have included IT Security and IT Auditing.

Monthly Features: What's New? | Guest Speaker | Real-Time Chronicles
Other Features: Home | Library | Links | Services | Corp Info | Press
Major Concepts: Realsearch ||| Enterprise Model ||| Maturity Model
                        Knowledge & Agility ||| Agile System Principles
Book: Response Ability - The Language, Structure and Culture of the Agile Enterprise
Book: Value Propositioning - Perception and Misperception in Decision Making

Send mail to  with questions or comments about this web site.
Paradigm Shift International, 2051 Lama Mtn., Box 289, Questa, NM 87556, 505-586-1536, -2430(fax)
© 1997-2006 Paradigm Shift International - Attributed Copies Permitted
Last modified: February 26, 2006