C. Warren Axelrod, Ph.D.

C. Warren Axelrod, Ph.D., is a senior consultant with Delta Risk, a consultancy specializing in cyber defense, resiliency, and risk management. Previously, Axelrod was the chief privacy officer and business information security officer for US Trust. He was a co-founder of the FS-ISAC (Financial Services Information Sharing and Analysis Center). He represented the financial services sector at the national command center over the Y2K weekend and testified before Congress about cyber security in 2001. He has participated in a number of initiatives at sector and national levels. Dr. Axelrod was honored with the prestigious ISE (Information Security Executive) Luminary Leadership Award in 2007 and, in 2003, he received the Computerworld Premier 100 IT Leaders Award and Best in Class Award. His article “Accounting for Value and Uncertainty in Security Metrics” won ISACA’s Michael P. Cangemi Best Book/Best Article Award in 2009. Dr. Axelrod has published five books on various IT risk, outsourcing, cyber security, privacy and safety topics. His most recent book is Engineering Safe and Secure Software Systems, released in 2012 by Artech House. He has published three prior articles in CrossTalk magazine. He holds a Ph.D. (managerial economics) from Cornell University and MA (economics and statistics) and B.Sc. (electrical engineering) honors degrees from the University of Glasgow. He is certified as a CISSP and CISM. Phone 917-670-1720 E-mail: waxelrod@delta-risk.net

List of CrossTalk articles:

Using Contracts to Reduce Cybersecurity Risks (Jul/Aug 2017)

Abstract. Would we achieve higher standards for software and data security if contractors and subcontractors accepted stringent cybersecurity requirements in software development agreements, vendors signed off on similar requirements in software license agreements, and service providers included cybersecurity components in their offerings? One might expect that contractual provisions would improve ...

Cybersecurity and Modern Tactical Systems (Nov/Dec 2015)

Abstract. Many legacy embedded systems, such as aircraft flight-control systems and weapon fire-control systems, continue in use decades after their introduction. At the same time, we are seeing modern-day tablets and laptops being used to make up for functionality and ease-of-use limitations of legacy systems. As long as modern information ...

Software Security Assurance: SOUP to NUTS (Sep/Oct 2015)

Abstract. The ability to assess risks of and from specific software supply chains depends in large part on the amount, accuracy and availability of essential information. Only when such information is at hand can we hope to assure ourselves of the quality and security of installed software. In this paper ...

Malware, (Weakware), and the Security of Software Supply Chains (Mar/Apr 2014)

Abstract. Increasing effort is being made to build security into software—but with mixed results. The need for security apparently exceeds the ability and will of software engineers to design secure software architectures, implement secure coding methods, perform functional security testing, and carefully manage the installation of software products on various ...