Sense of Security written by C. Warren Axelrod

C. Warren Axelrod

C. Warren Axelrod is the Chief Privacy Officer and Business Information Security Officer for a financial services company, where he interfaces with the firm’s business units to identify and assess privacy and security risks and mitigate them, to have employees become familiar with security policies, standards, and procedures, and to ensure that they are followed.

Warren was honored with the prestigious Information Security Executive (ISE) Luminary Leadership Award 2007. He also received a Computerworld Premier 100 IT Leaders Award in 2003 and his department’s implementation of an intrusion detection system was given a Best in Class award.

He represented financial services information security interests at the Y2K command center in Washington, DC during the century date rollover. He is a founder of the FS/ISAC (Financial Services Information Sharing and Analysis Center) and served two terms on its Board of Managers. He testified at a Congressional Hearing in 2001 on cyber security.

Warren has published two books on computer management and numerous articles on a variety of information technology and information security topics, including computer and network security, contingency planning, and computer-related risks. His third book, “Outsourcing Information Security,” was published by Artech House in September 2004.

He holds a PhD in managerial economics from the Johnson Graduate School of Management at Cornell University and honors bachelors and masters degrees in electrical engineering, economics and statistics from the University of Glasgow, Scotland. He is certified as a CISSP and CISM.

The Demise of the Internal Datacenter and Consequential Risks

– Recently, I happened upon a short article about the demise of internal data centers in favor of cloud services. The article, by John Delaney, appeared on page 28 of the May 2020 edition of the Communications of the ACM, and has the title “The Shuttering of Corporate Datacenters.” The article…

Cybersecurity Lessons from the Pandemic: Metrics and Decision-Making

– We have discussed previously, such as in my May 18, 2020 BlogInfoSec column, some of the more challenging characteristics of data, such as those relating to value and uncertainty, which are generally not given adequate consideration. This is because these types of data may be much more costly and…

Cybersecurity Lessons from the Pandemic: Data – Part 2

– Having discussed issues relating to the collection and reporting of COVID-19 data in Part 1, we now turn to cyberspace, even though the jury is still out regarding much of the pandemic data. Equivalent situations to those described with respect to the pandemic regarding deficiencies in the…

Cybersecurity Lessons from the Pandemic: Data – Part 1

– The collection and reporting of data relating to the coronavirus pandemic and related medical research and practices are in a shambles. For example, a June 7, 2020 article by Jason Slotkin cites several reasons for undercounting cases.[i] One is that testing was impeded by public officials and…

Outsourcing, Supply Chains and (National) Security

– For all intents and purposes, the terms “outsourcing” and “supply chain” are used interchangeably and refer to when you are dependent on a third party for providing products and services. However, there are many examples of internal sourcing (or “insourcing”), where supply chains…