Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

The Risk Rack written by Frank Cassano

Frank Cassano

Frank Cassano is an information risk management consultant with over 20 years experience in the field. His experience includes both internal corporate experience as he has held a number of senior Information Technology management positions within organizations, as well as external experience as he has been an external consultant and trusted advisor with dozens of clients. Mr. Cassano was CISO at People’s Bank. Prior that he was CISO at Prudential Securities, and Audit Director at Prudential Insurance (PSI), Senior Auditor at Coopers & Lybrand. A graduate of Pace University, with a BBA degree in Management Information Systems, Cassano also is a Certified Information Systems Security Professional (CISSP) and has served on the board of the New York Metro ISSA.

How to Make Security a Presence in Your Organization

April 23, 2008 – 6:00 am – Welcome once again to the risk rack. In this risk rack I will be discussing a way to bring some presence to your security awareness month. To the uninitiated, National Security Awareness Month occurs in October and is supported by the U.S. Department of Homeland Security. A security program is…
Posted in CSO/CISO Perspectives, Human Elements | Tagged , , , , , | Comments (1)

CIO: The Next Career Step After Being The CISO? Why Not?

April 11, 2008 – 6:00 am – Welcome once again to “The risk rack”, today’s column deals with Chief Information Security Officer (CISO) career paths and if a CISOs career path includes or should include the role of Chief Information Officer Role (CIO). I believe it should and I believe that CISOs have…
Posted in CSO/CISO Perspectives | Tagged , , | Comments (0)

Reviewing a SAS 70 report (and getting it right)

March 21, 2008 – 6:00 am – Welcome to the second “The Risk Rack” column. What I would like to talk to you today about are SAS 70 assessments. Not the actual performance of the assessment but, the proper way to review a SAS 70 assessment to ensure your service provider has the appropriate controls in place to protect…
Posted in Compliance and Laws, Risk Analysis | Tagged , , , | Comments (0)

The core truth of risk

March 11, 2008 – 6:00 am – Welcome to the inaugural “The Risk Rack” column. Being the first column I thought it would a good idea to use it to start simply and slowly. First I wanted to note that this column is intended for information technology risk management professionals, information technology auditors,…
Posted in CSO/CISO Perspectives, Information Security News, Risk Analysis | Tagged , | Comments (1)

Biography of Frank Cassano

March 4, 1999 – 3:50 pm – Frank Cassano is an information risk management consultant with over 20 years experience in the field. His experience includes both internal corporate experience as he has held a number of senior Information Technology management positions within organizations, as well as external experience as…
Posted in General | Comments (0)