Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Sense of Security written by C. Warren Axelrod

C. Warren Axelrod

C. Warren Axelrod is the Chief Privacy Officer and Business Information Security Officer for a financial services company, where he interfaces with the firm’s business units to identify and assess privacy and security risks and mitigate them, to have employees become familiar with security policies, standards, and procedures, and to ensure that they are followed.

Warren was honored with the prestigious Information Security Executive (ISE) Luminary Leadership Award 2007. He also received a Computerworld Premier 100 IT Leaders Award in 2003 and his department’s implementation of an intrusion detection system was given a Best in Class award.

He represented financial services information security interests at the Y2K command center in Washington, DC during the century date rollover. He is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. He testified at a Congressional Hearing in 2001 on cyber security.

Warren has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” was published by Artech House in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM.

The Security of Fools

November 21, 2011 – 6:00 am – No, I’m NOT saying that security professionals are fools … far from it. But many of the folks whom they serve may well be overconfident in their judgments about security. Overconfidence in the face of undisputable evidence to the contrary is described in Daniel Kahneman’s article “The…
Posted in CSO/CISO Perspectives, General, Risk Analysis | Tagged , , , , , | Comments (0)

SEC-urity’s Catch 22

November 7, 2011 – 6:00 am – On October 13, 2011, the Division of Corporation Finance (DCF) of the Securities and Exchange Commission (SEC) issued CF Disclosure Guidance: Topic No. 2 – Cybersecurity, available at http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm . It provides the DCF’s “views…
Posted in Compliance and Laws, Cybercrime, Risk Analysis | Tagged , , , , , , , , | Comments (0)

Normative Cyber Security

October 24, 2011 – 6:00 am – Joel Brenner’s new book, America the Vulnerable – Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare (The Penguin Press, 2011), is another book of the genre of Richard Clarke’s several volumes of non-fiction, such as his most recent book, published with Robert Knake,…
Posted in Cybercrime, General, Information Security News | Tagged , , , , , , | Comments (2)

Will Cloud Security Drive You Insane?

October 17, 2011 – 6:00 am – First, the transparency … I have known Jim Reavis, co-founder of the Cloud Security Alliance (CSA), for a dozen years or so. He is a true visionary. He met with me before creating the CSA and asked me what I thought. I told him to go for it. He did and has had remarkable success [...] …
Posted in CSO/CISO Perspectives, General, InfoSec Economics | Tagged , , , , , , , , | Comments (0)

So-so SASO … So What?

September 26, 2011 – 6:00 am – A couple of days ago, I happened across Oracle CISO Mary Ann Davidson’s August 24, 2011 blog, “Those Who Can’t Do, Audit” at http://blogs.oracle.com/maryanndavidson/entry/those_who_can_t_do and began writing a column about Davidson’s blog. Then I was pointed to Veracode’s Chris…
Posted in CSO/CISO Perspectives, Risk Analysis, software engineering | Tagged , , , , , , , , , , , , , , | Comments (0)