Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
Executive Women's Forum - Information Security, Risk Management and Privacy

Sense of Security written by C. Warren Axelrod

C. Warren Axelrod

C. Warren Axelrod is the Chief Privacy Officer and Business Information Security Officer for a financial services company, where he interfaces with the firm’s business units to identify and assess privacy and security risks and mitigate them, to have employees become familiar with security policies, standards, and procedures, and to ensure that they are followed.

Warren was honored with the prestigious Information Security Executive (ISE) Luminary Leadership Award 2007. He also received a Computerworld Premier 100 IT Leaders Award in 2003 and his department’s implementation of an intrusion detection system was given a Best in Class award.

He represented financial services information security interests at the Y2K command center in Washington, DC during the century date rollover. He is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. He testified at a Congressional Hearing in 2001 on cyber security.

Warren has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” was published by Artech House in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM.

IT and Infosec Insourcing: Could You Do It If You Wanted To?

July 3, 2008 – 6:00 am – There was an article by Timothy Aeppel on the front page of the June 13, 2008 issue of The Wall Street Journal with the title “Stung by Soaring Transport Cost, Factories Bring Jobs Home Again” (subscription required). The article is about manufacturers bringing back some of their…
Posted in CSO/CISO Perspectives | Tagged , , , , | Comments (0)

Security Mindset: Nature or Nurture?

June 24, 2008 – 6:00 am – I have been following with interest the discussions started by Ken Belva on this site in response to Bruce Schneier’s initial post on his own blog about the “security mindset” or, to put it another way, “security folks with beautiful minds.” First, I want to say how…
Posted in CSO/CISO Perspectives, Security in Popular Culture | Tagged , | Comments (0)

The OCC and Application Security: Vindication at Last

June 17, 2008 – 6:00 am – On May 8, 2008, the OCC (Office of the Comptroller of the Currency, part of the U.S. Department of the Treasury) issued Bulletin 2008-16, which you can find here. As the OCC states, there have been prior mentions of application security by the FFIEC (of which OCC is a member), NIST and others.…
Posted in CSO/CISO Perspectives | Tagged , , , , , , , | Comments (0)

Protecting the Critical Infrastructure: Beware of Crimeware

June 4, 2008 – 6:00 am – I first became involved with U.S. critical infrastructure protection in the late 1990s when I joined others in the Banking and Finance Sector to form the FS-ISAC (Financial Services Information Sharing and Analysis Center). This is how it happened. In the 1998 timeframe, John Lauria, a colleague…
Posted in Cybercrime | Tagged , , , , , , , , , | Comments (0)

Bad Behavior - Thoughts on the Malicious Insider

May 30, 2008 – 6:00 am – Following every high-profile insider security breach, there is usually a slew of vendors who will triumphantly point out that, had they installed their product, the victim company would have avoided the whole painful problem. The adverse publicity, the implementation of new Draconian controls,…
Posted in CSO/CISO Perspectives, Cybercrime, Human Elements | Tagged , , , , | Comments (4)