Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Sense of Security written by C. Warren Axelrod

C. Warren Axelrod

C. Warren Axelrod is the Chief Privacy Officer and Business Information Security Officer for a financial services company, where he interfaces with the firm’s business units to identify and assess privacy and security risks and mitigate them, to have employees become familiar with security policies, standards, and procedures, and to ensure that they are followed.

Warren was honored with the prestigious Information Security Executive (ISE) Luminary Leadership Award 2007. He also received a Computerworld Premier 100 IT Leaders Award in 2003 and his department’s implementation of an intrusion detection system was given a Best in Class award.

He represented financial services information security interests at the Y2K command center in Washington, DC during the century date rollover. He is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. He testified at a Congressional Hearing in 2001 on cyber security.

Warren has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” was published by Artech House in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM.

Cyber – The 13th Event?

July 26, 2010 – 6:00 am – The featured topic on the cover of the June 2010 issue of Scientific American has the title “12 Events That Will Change Everything – And Not in the Way You Think.” The events, and the likelihood of them happening (according to the authors of the pieces on each event), are as follows, with…
Posted in Contingency Planning | Tagged , , , , | Comments (0)

The Quest for Secure and Resilient Software

July 19, 2010 – 6:00 am – Secure and Resilient Software Development (CRC Press, 2010) by Mark Merkow and Laksh Raghavan is a really good book. It addresses a key security area that is generally given short shrift, even though purportedly more than 70 percent of breaches result from attacks on the application layer. The…
Posted in CSO/CISO Perspectives, Security Metrics, Technical | Tagged , , , , , , , , , , | Comments (0)

Are Risk Models or Data to Blame? Yes!

July 12, 2010 – 6:00 am – On the front page of the June 24, 2010 issue of The Wall Street Journal there is an article by Neil King Jr. and Keith Johnson with the title “BP Relied on Faulty U.S. Data.” When you turn the page (note that I’m reading the actual physical newspaper, not an electronic version, so I…
Posted in Contingency Planning, Risk Analysis | Tagged , , , , , , | Comments (0)

Black Swans … or Oil Victims?

June 29, 2010 – 9:15 am – There is an article in The New York Times Magazine of June 6, 2010 by David Leonhardt with the title “Underestimating Risk: What the oil spill and the financial crisis have in common.” It is in a section called “The Way We Live Now,” and next to the section heading there is a drawing of…
Posted in Contingency Planning, Risk Analysis | Tagged , , , , , , , , , , , | Comments (1)

Response to Gary Hinson

June 29, 2010 – 6:00 am – First, you should know that I very much agree with and respect Gary Hinson’s approach to infosec. I have frequently quoted his definitive paper “Seven myths about information security metrics,” which first appeared in the July 2006 issue of The ISSA Journal, and which you can on the website…
Posted in Contingency Planning, General, InfoSec Economics | Tagged , , , , | Comments (0)