Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Sense of Security written by C. Warren Axelrod

C. Warren Axelrod

C. Warren Axelrod is the Chief Privacy Officer and Business Information Security Officer for a financial services company, where he interfaces with the firm’s business units to identify and assess privacy and security risks and mitigate them, to have employees become familiar with security policies, standards, and procedures, and to ensure that they are followed.

Warren was honored with the prestigious Information Security Executive (ISE) Luminary Leadership Award 2007. He also received a Computerworld Premier 100 IT Leaders Award in 2003 and his department’s implementation of an intrusion detection system was given a Best in Class award.

He represented financial services information security interests at the Y2K command center in Washington, DC during the century date rollover. He is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. He testified at a Congressional Hearing in 2001 on cyber security.

Warren has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” was published by Artech House in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM.

Is Risk Avoidance the Key?

– My answer to this question is a resounding “yes.” But I don’t think that is the general view of cybersecurity professionals. After all, if business, government and other organizations pursued such a course, what would remain for cybersecurity folks to do? If you avoid the risk, then you…

Security Metrics, Recency Bias and Availability Heuristics

– I “recently” came across an article by Tom Chatfield with the title “The Trouble with Big Data? It’s Called The ‘Recency Bias,’” which is available at http://www.bbc.com/future/story/20160605-the-trouble-with-big-data-its-called-the-recency-bias The article was published on June 5,…

Algorithms and Risk Profiling

– I had begun this column a couple of months ago, but was diverted to other topics. What brought me back to the subject was a column by Sheelah Kolhatkar with the title “Higher Mathematics – Algorithm Blues” in “The Talk of the Town” section of The New Yorker of October 10, 2016. The…

Team Communications—Same Tune, Different Song

– There’s an interesting article in the September 2016 issue of the Communications of the ACM by Kate Matsudaira with the title “Bad Software Architecture Is a People Problem: When people don’t work well together they make bad decisions.” The article essentially describes many issues with…

Ron Ross and a “New” Approach to Cybersecurity

– No sooner had I finished my latest “Are We Secure?” piece than I read an August 23, 2016 article on Fedscoop by Shaun Waterman with the title “New Approach Needed to IT, Says NIST’s Top Cyber Scientist,” which you can find at…