Sense of Security written by C. Warren Axelrod

C. Warren Axelrod is the Chief Privacy Officer and Business Information Security Officer for a financial services company, where he interfaces with the firm’s business units to identify and assess privacy and security risks and mitigate them, to have employees become familiar with security policies, standards, and procedures, and to ensure that they are followed.

Warren was honored with the prestigious Information Security Executive (ISE) Luminary Leadership Award 2007. He also received a Computerworld Premier 100 IT Leaders Award in 2003 and his department’s implementation of an intrusion detection system was given a Best in Class award.

He represented financial services information security interests at the Y2K command center in Washington, DC during the century date rollover. He is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. He testified at a Congressional Hearing in 2001 on cyber security.

Warren has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” was published by Artech House in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM.

Ransomware and the C-I-A Triad

– In earlier, more innocent (?) times, cyberattacks seemed to be fairly straightforward. You have the data exfiltration attacks, where copies of sensitive personal information and intellectual property are stolen, often without the victims’ knowledge since the original data are left intact.…

Not So Fastly

– The system failure at Fastly on June 8, 2021 portends what may well be the greatest threat to the Internet and all that it supports. In an Associated Press article by Marcio Jose Sanchez on June 9, 2021, with the title “Tuesday’s Internet Outage Was Caused By One Customer Changing A Setting,…

Krebs on Ransomware

– The Krebses—Chris and Brian—are not related, but they have both come out with positions on ransomware. Chris was the former head of DHS’s CISA (Cybersecurity & Infrastructure Security Agency), and Brian is a journalist and much-admired author (by me and many others) of the outstanding…

Cyberattacks: Contests or War?

– I think that one of the major unresolved issues in cyberspace is differentiating between competitive activities and cyberwarfare. In a March 17, 2021 post on Security Boulevard, with the title “Winning the Cybersecurity Contest,” available at  Winning the Cybersecurity Contest –…

Don’t Count on Cybersecurity Data

– It is a common theme of mine, but one which bears repeating. We collect and disseminate all manner of data, but not so much of data which count. In an article by mathematician Hannah Fry in the March 29, 2021 edition of The New Yorker, she reviews two new books on data and statistics. The…