Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Sense of Security written by C. Warren Axelrod

C. Warren Axelrod

C. Warren Axelrod is the Chief Privacy Officer and Business Information Security Officer for a financial services company, where he interfaces with the firm’s business units to identify and assess privacy and security risks and mitigate them, to have employees become familiar with security policies, standards, and procedures, and to ensure that they are followed.

Warren was honored with the prestigious Information Security Executive (ISE) Luminary Leadership Award 2007. He also received a Computerworld Premier 100 IT Leaders Award in 2003 and his department’s implementation of an intrusion detection system was given a Best in Class award.

He represented financial services information security interests at the Y2K command center in Washington, DC during the century date rollover. He is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. He testified at a Congressional Hearing in 2001 on cyber security.

Warren has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” was published by Artech House in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM.

China Chamber Hack

January 23, 2012 – 6:00 am – Siobhan Gorman is back in strong form on the front page of the December 21, 2011 Wall Street Journal with her article “China Hackers Hit U.S. Chamber,” which suggests at first glance that  hackers made from porcelain were successfully thrown into some U.S. person’s bedroom. However, the…
Posted in Cybercrime, Information Security News, software engineering | Tagged , , , , , , , , | Comments (0)

Printer Too Ready

January 9, 2012 – 6:00 am – In a December 8, 2011 post to CNET News, Elinor Mills writes, in a piece with the title “HP sued over security flaw in printers,” about how a Columbia University research team was able to compromise the embedded software in HP LaserJet printers. First off, the photograph of a printer, which…
Posted in Cybercrime, software engineering | Tagged , , , , , | Comments (0)

The Personalization of Risk

December 19, 2011 – 6:00 am – I realized when I received several comments regarding my September 12, 2011 column “Risk Mismanagement – Scoring vs. Monte Carlo vs. Scoring” from Doug Hubbard and others, that I hadn’t been clear enough in my description of what I had termed “subjective risk.” It also seems that…
Posted in General, Risk Analysis | Tagged , , , , , , , | Comments (0)

Security in the Dark

December 6, 2011 – 6:00 am – I attended a roundtable recently at which someone mentioned that, in their experience, those familiar contractual requirements requesting third-party service providers to tell their customers about security breaches within a short time frame (within three  hours, say) are often not conveyed to…
Posted in Compliance and Laws, CSO/CISO Perspectives, Human Elements | Tagged , , , , | Comments (0)

The Security of Fools

November 21, 2011 – 6:00 am – No, I’m NOT saying that security professionals are fools … far from it. But many of the folks whom they serve may well be overconfident in their judgments about security. Overconfidence in the face of undisputable evidence to the contrary is described in Daniel Kahneman’s article “The…
Posted in CSO/CISO Perspectives, General, Risk Analysis | Tagged , , , , , | Comments (0)