Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: CSO/CISO Perspectives

IT and Infosec Insourcing: Could You Do It If You Wanted To?

July 3, 2008 – 6:00 am – There was an article by Timothy Aeppel on the front page of the June 13, 2008 issue of The Wall Street Journal with the title “Stung by Soaring Transport Cost, Factories Bring Jobs Home Again” (subscription required). The article is about manufacturers bringing back some of their…
By C. Warren Axelrod | Tagged , , , , | Comments (0)

In Praise of the Information Security Checklist

June 26, 2008 – 6:00 am – This is much anger and venom spit when the subject of the information security checklist is brought up. At one point in my career I looked at the checklist in disdain figuring that only people who do not understand the true depths of a subject relied on checklists as a crutch in place of…
By Kenneth F. Belva | Tagged , , , , | Comments (0)

Security Mindset: Nature or Nurture?

June 24, 2008 – 6:00 am – I have been following with interest the discussions started by Ken Belva on this site in response to Bruce Schneier’s initial post on his own blog about the “security mindset” or, to put it another way, “security folks with beautiful minds.” First, I want to say how…
By C. Warren Axelrod | Also posted in Security in Popular Culture | Tagged , | Comments (0)

Being a Government Security CISO: Life in the Fishbowl

June 18, 2008 – 6:00 am – Information Security is Information Security, Right? It shouldn’t matter if the organization needing protection is a government agency operating in the public sector or a private enterprise, should it ? Well, technically, no. Essential security practices should be delivered for whichever…
By Todd Fitzgerald | Also posted in General | Tagged , , , , , | Comments (0)

The OCC and Application Security: Vindication at Last

June 17, 2008 – 6:00 am – On May 8, 2008, the OCC (Office of the Comptroller of the Currency, part of the U.S. Department of the Treasury) issued Bulletin 2008-16, which you can find here. As the OCC states, there have been prior mentions of application security by the FFIEC (of which OCC is a member), NIST and others.…
By C. Warren Axelrod | Tagged , , , , , , , | Comments (0)