Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Compliance Matters written by Sam Dekay

Sam Dekay

At The Bank of New York Mellon Corporation, Dr. DeKay is responsible for the development of policies and standards related to information security. Prior to BNYM, he served as manager of information security for Empire Blue Cross/Blue Shield; before this he worked at ABN Bank, also as manager of information security. His areas of expertise include security risk assessment, policy development, information security and law, and business/corporate communications. He is certified as an Information Security Manager (CISM). Dr. DeKay has received PhD degrees from Fordham University and Columbia University.

An Open Letter to Warren Axelrod: Yes, InfoSec, You’re a Heck of a Job

June 1, 2009 – 6:00 am – Warren, I was delighted-although also somewhat surprised-to read your column of April 27, “Infosec, You’re Doing a Heck of a Job!”  The article depicted (I think accurately) the existence of a considerable chasm between claims espoused by the information security research…
Posted in General, Human Elements | Tagged , , , , , , , | Comments (0)

Is FUD Always With Us?

December 29, 2008 – 6:00 am – In March, 2008, Alan Shimel-who blogs at http://www.stillsecureafteralltheseyears.com/ – wrote a fascinating entry with the provocative title:  “Sitting on Your Hands is Not an Option-FUD, Compliance, What will it Take to Sell Security?”  Unfortunately, the text is no longer…
Posted in Compliance and Laws, General | Tagged , , , , , , , , | Comments (0)

New Massachusetts Regulation Has Significant Implications for Information Security Professionals

December 4, 2008 – 6:00 am – This year, the Commonwealth of Massachusetts enacted a regulation that prescribes information security policies and practices quite unlike those required in any previous state or federal mandate.  This regulation, 201.CMR 17.00 (Read the full text here), states that “all persons that own,…
Posted in General | Tagged , , , , , , , , , | Comments (0)

What is Russell Handorf’s Secret?

November 13, 2008 – 6:00 am – Russell Handorf seems to have a secret that has been withheld from the ten other contributors to bloginfosec.  Russell himself may know this secret, although it’s quite possible that he does not.  However, should he know-or should someone else reading this column learn his secret-please…
Posted in Privacy | Tagged , , , , , , , | Comments (1)

The New Identity Theft Red Flags Rule: Does it Raise “Red Flags” for Information Security?

October 21, 2008 – 10:20 pm – On May 10, 2006, President Bush signed an Executive Order creating the nation’s “first ever” Identity Theft Task Force.  The purpose of this ad hoc committee, chaired jointly by the Attorney General and by the Chair of the Federal Trade Commission (FTC), was “to help law…
Posted in Compliance and Laws | Tagged , , , , , , , , | Comments (0)