Kenneth Magee Plagiarism

Sat Nov 5 18:42:45 CDT 2011

J Kenneth (Ken) Magee is listed as a featured instructor on InfoSec Institute's page and as a contributor to their resources. According to the page, his bio reads:

J Kenneth (Ken) Magee is president and owner of Data Security Consultation and Training, LLC, which specializes in data security auditing and information security training. He has over 30 years of IT experience in both private industry and the public sector with the last 18 devoted to IT security and Risk Management. Ken holds degrees from Robert Morris University and Fairleigh Dickinson University. He holds 20 certifications including: CISSP, CISA, CISM, ISO 27001 PA, GIAC-GWAPT/GSEC/GSNA, CIA-CGAP, Security+, and CDP. He is a Senior Instructor with the InfoSec Institute. Ken is also involved with the USCyberChallenge program.

The Plagiarism

The following three tables detail articles from the InfoSec Institute's web page, credited to Kenneth Magee. This represents a cursory examination of three articles and does not represent an exhaustive investigation of all 10 articles available. In many cases, the material presented by Magee is summarized from other material or done with small edits. This shows willful infringement of copyright and inexcusable plagiarism.

IT Auditing and Controls - Database Technology and Controls

http://resources.infosecinstitute.com/itac-database/

July 2nd, 2011



Relevant Text Original Source / Comments
First paragraph / definition of DBMS ISACA Knowledge-Center Glossary
10 terms/bullets following "But first, in order to understand DBMS..." ISACA Knowledge-Center Glossary
Three definitions following "When we speak about Database Management Systems..." Hierarchial from ISACA Knowledge-Center Glossary, Network and Relational from CISA Review Manual 2009
"Relational tables have the following characteristics:" text and six bullets CISA Review Manual 2009
Six bullets following "Some of the advantages of the relational model..." CISA Review Manual 2009
11 bullets following "When auditing the controls of a database..." CISA Review Manual 2009
Three paragraphs starting with "It goes without saying that Access Control..." CISA Review Manual 2010
"With respect to data integrity..." and four definitions of ACID principal CISA Review Manual 2010


IT Auditing and Controls - Infrastructure General Controls

http://resources.infosecinstitute.com/it-auditing-and-controls-infrastructure-general-controls/

June 30th, 2011



Relevant Text Original Source / Comments
Four bullets following "Information Security's role is to..." CISA Review Manual 2010 p235 with small edits
"From an IT Service Management perspective..." paragraph CISA Review Manual 2010
Four bullets and "Infrastructure operations are processes..." text CISA Review Manual 2010
Eight bullets and "So as an IT auditor some of the things..." text CISA Review Manual 2010


IT Auditing and Controls - A look at Application Controls

http://resources.infosecinstitute.com/itac-application-controls/

June 14th, 2011



Relevant Text Original Source / Comments
First paragraph Audit and Assurance: Principles and Practices in Singapore by Dr. Ernest Kan, Deloitte & Touche
"Application controls are controls over..." CISA Review Manual 2010
"These controls help ensure..." CISA Review Manual 2009
Four bullets after "When we talk about input controls..." CISA Review Manual 2010
Starting at "Authorization of input is just that...", first sentence almost verbatim, second/third/fifth/sixth sentence built off a bullet list CISA Review Manual 2009
Three bullets following "In processing controls we look at:" CISA Review Manual 2009
List following "ISACA lists several Data Validation Edits and Controls" CISA Review Manual 2009
List following "There are five different 'Online Auditing Techniques' for online applications" CISA Review Manual 2009