Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Sense of Security written by C. Warren Axelrod

C. Warren Axelrod

C. Warren Axelrod is the Chief Privacy Officer and Business Information Security Officer for a financial services company, where he interfaces with the firm’s business units to identify and assess privacy and security risks and mitigate them, to have employees become familiar with security policies, standards, and procedures, and to ensure that they are followed.

Warren was honored with the prestigious Information Security Executive (ISE) Luminary Leadership Award 2007. He also received a Computerworld Premier 100 IT Leaders Award in 2003 and his department’s implementation of an intrusion detection system was given a Best in Class award.

He represented financial services information security interests at the Y2K command center in Washington, DC during the century date rollover. He is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. He testified at a Congressional Hearing in 2001 on cyber security.

Warren has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” was published by Artech House in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM.

Cyberspace Policy Review … Motivating the Private Sector

June 29, 2009 – 6:00 am – You probably know the expression: “Those who ignore history are bound to repeat it.” This is apparently a misquotation of philosopher George Santayana’s opinion that “Those who cannot remember the past are condemned to repeat it.” Santayana published this around 1905-1906. However, the…
Posted in Compliance and Laws, General, InfoSec Economics | Comments (0)

The Power of the Second Derivative

June 23, 2009 – 6:00 am – We may recall from our calculus courses that the first derivative is the rate of change and the second derivative is the rate of rate of change, so, for example, if we consider distance traveled, then the first derivative is speed and the second derivative is acceleration or deceleration (if…
Posted in CSO/CISO Perspectives, Contingency Planning, Cybercrime, InfoSec Economics | Comments (0)

Here We Go Again … Demoted Security

June 15, 2009 – 6:00 am – It’s happened again. The security folks present an agenda and it is immediately demoted to a low priority. There’s always some excuse … another higher priority has come on the scene, there is concern that putting resources on security could hamper economic progress, military…
Posted in Cybercrime, General, Information Security News | Tagged , , , , , , , , , | Comments (0)

BSIMM – Top Ten Surprises

May 26, 2009 – 6:00 am – In a prior column, I described the results of a survey conducted by Gary McGraw, Sammy Migues and Brian Chess published in the BSIMM (Build Security In Maturity Model) report available at http://bsi-mm.com/   Most of the results are intuitively obvious … after the fact, that is. But some…
Posted in Auditing, General, Security Metrics | Tagged , , , , , , , , | Comments (0)

BSIMM – A Giant Step for Application Security

May 18, 2009 – 6:00 am – There’s a new acronym in town – BSIMM. It’s not BSIMM the rapper out of Louisville, Kentucky. But it is BSI-MM, which is how it is depicted in the website from which you can download the 50-page report, namely http://bsi-mm.com/ The BSIMM in question stands for “Building…
Posted in General, Technical | Tagged , , , , , , | Comments (0)