Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Compliance Matters written by Sam Dekay

Sam Dekay

At The Bank of New York Mellon Corporation, Dr. DeKay is responsible for the development of policies and standards related to information security. Prior to BNYM, he served as manager of information security for Empire Blue Cross/Blue Shield; before this he worked at ABN Bank, also as manager of information security. His areas of expertise include security risk assessment, policy development, information security and law, and business/corporate communications. He is certified as an Information Security Manager (CISM). Dr. DeKay has received PhD degrees from Fordham University and Columbia University.

An Open Letter to Warren Axelrod: Yes, InfoSec, You’re a Heck of a Job

– Warren, I was delighted-although also somewhat surprised-to read your column of April 27, “Infosec, You’re Doing a Heck of a Job!”  The article depicted (I think accurately) the existence of a considerable chasm between claims espoused by the information security research…

Is FUD Always With Us?

– In March, 2008, Alan Shimel-who blogs at http://www.stillsecureafteralltheseyears.com/ – wrote a fascinating entry with the provocative title:  “Sitting on Your Hands is Not an Option-FUD, Compliance, What will it Take to Sell Security?”  Unfortunately, the text is no longer…

New Massachusetts Regulation Has Significant Implications for Information Security Professionals

– This year, the Commonwealth of Massachusetts enacted a regulation that prescribes information security policies and practices quite unlike those required in any previous state or federal mandate.  This regulation, 201.CMR 17.00 (Read the full text here), states that “all persons that own,…

What is Russell Handorf’s Secret?

– Russell Handorf seems to have a secret that has been withheld from the ten other contributors to bloginfosec.  Russell himself may know this secret, although it’s quite possible that he does not.  However, should he know-or should someone else reading this column learn his secret-please…

The New Identity Theft Red Flags Rule: Does it Raise “Red Flags” for Information Security?

– On May 10, 2006, President Bush signed an Executive Order creating the nation’s “first ever” Identity Theft Task Force.  The purpose of this ad hoc committee, chaired jointly by the Attorney General and by the Chair of the Federal Trade Commission (FTC), was “to help law…