Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Sense of Security written by C. Warren Axelrod

C. Warren Axelrod

C. Warren Axelrod is the Chief Privacy Officer and Business Information Security Officer for a financial services company, where he interfaces with the firm’s business units to identify and assess privacy and security risks and mitigate them, to have employees become familiar with security policies, standards, and procedures, and to ensure that they are followed.

Warren was honored with the prestigious Information Security Executive (ISE) Luminary Leadership Award 2007. He also received a Computerworld Premier 100 IT Leaders Award in 2003 and his department’s implementation of an intrusion detection system was given a Best in Class award.

He represented financial services information security interests at the Y2K command center in Washington, DC during the century date rollover. He is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. He testified at a Congressional Hearing in 2001 on cyber security.

Warren has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” was published by Artech House in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM.

Artificial Ignorance

– On the Op-Ed page of The New York Times of October 3, 2014, David Brooks wrote a column titled “Our Machine Masters,” which discusses how “artificial intelligence” (AI) might be used for good or evil. His thoughts about AI were prompted by the Pandora feeding him suggestions as to what…

Yet Another Case of Third-Party Breach Discovery

– On the front page of the Business Day section of The New York Times of November 1, 2014, is an article by Matthew Goldstein and Nicole Perlroth with the title “Luck Helped in Discovery of Breach at JPMorgan.” It never ceases to amaze me how few publicized data breaches are actually discovered…

Cybersecurity—Eliminating Vulnerabilities and Weaknesses at the Source: A Comparison with Malaria … and Ebola

– It has always bothered me that infosec professionals spend so much of their time chasing around after threats and vulnerabilities, many of which could have been avoided if only suitable requirements, design and hygiene had been observed at the outset. While this might seem like a simple concept,…

Heartbled and Shellshocked … What Can We Do?

– Well, it happened again. A serious security bug was found in a piece of open-source code called Bash, which is integrated into such ubiquitous software packages as Linux, Mac OS and Apache, and potentially Android. This time the bug, which is called Shellshock, has supposedly been lurking…

Beating Around the Proverbial Cybersecurity Bush

– If I’ve said it once, I’ve said it a thousand times … until we put real teeth into cybersecurity enforcement and insist upon serious personal legal consequences for those at the top, we won’t see improvement. We’ve beaten around the bush for far too long. How many more breaches,…