Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Sense of Security written by C. Warren Axelrod

C. Warren Axelrod

C. Warren Axelrod is the Chief Privacy Officer and Business Information Security Officer for a financial services company, where he interfaces with the firm’s business units to identify and assess privacy and security risks and mitigate them, to have employees become familiar with security policies, standards, and procedures, and to ensure that they are followed.

Warren was honored with the prestigious Information Security Executive (ISE) Luminary Leadership Award 2007. He also received a Computerworld Premier 100 IT Leaders Award in 2003 and his department’s implementation of an intrusion detection system was given a Best in Class award.

He represented financial services information security interests at the Y2K command center in Washington, DC during the century date rollover. He is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. He testified at a Congressional Hearing in 2001 on cyber security.

Warren has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” was published by Artech House in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM.

Risk and Human Frailty

May 9, 2013 – 6:00 am – My September 12, 2011 BlogInfoSec column “Risk Management – Scoring vs. Monte Carlo vs. Scoring” was about the subjectivity of risk assessments, where the term “subjectivity” was defined as one’s personal view of particular risks. I received some considerable push-back from the likes…
Posted in CSO/CISO Perspectives, Human Elements, Risk Analysis | Tagged , , , , , , , , , | Comments (0)

Hacking Avionics Systems

April 22, 2013 – 6:00 am – A researcher has come up with exploits, as described in Zeljka Zorz’s April 10, 2013 blog post “Hacking airplanes with an Android phone,” which enable someone using a smart phone with particular apps to take over the flight management systems of aircraft … see…
Posted in CSO/CISO Perspectives, General, software engineering | Tagged , , , , , | Comments (0)

Are Perceptions About Cloud Security and Availability Overblown … and Wrong?

April 16, 2013 – 6:00 am – It appears that the greatest hindrance for organizations to move their applications and data into the cloud is concern about security and availability. While it is arguable whether or not security and privacy risks and system failure rates and durations are greater overall for cloud-based…
Posted in CSO/CISO Perspectives, Privacy, Risk Analysis | Tagged , , , , , , , , , , , | Comments (0)

Executive Order on Cybersecurity … PDD 63 Déjà Vu

April 9, 2013 – 6:00 am – President Obama’s “Executive Order – Improving Critical Infrastructure Cybersecurity” … available at http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity was a long time coming and, as my colleague Jason Healey pointed…
Posted in CSO/CISO Perspectives, Cybercrime | Tagged , , , , , , | Comments (0)

Convenience vs. Data Breaches … Avoidance is an Answer

March 26, 2013 – 6:00 am – In “If You’re Collecting Our Data, You Ought to Protect It” in the Business Section of The New York Times of February 17, 2013, Natasha Singer describes how a data breach involving the personal nonpublic information of some 40,000 current and former NASA employees was preceded by an…
Posted in CSO/CISO Perspectives, Privacy, Risk Analysis | Tagged , , , , , , | Comments (0)