Home Tuck Dartmouth Search Site Map Contact Us

Managing Information Risk and the Economics of Security
M. Eric Johnson

The lifeblood of the global economy, information has become a source of growing risk as more firms maintain information online. With risks now fueled by sophisticated, organized, malicious groups, information security requires not only technology, but a clear understanding of potential risks, decision-making behaviors, and metrics for evaluating business and policy options. Managing Information Risk and the Economics of Security, an edited volume contributed by well-established researchers in the field worldwide, presents the latest research on economics driving both the risks and the solutions. Covering the implications of policy within firms and across countries, this volume provides managers and policy makers with new thinking on how to manage risk. Managing Information Risk and the Economics of Security is designed for managers, policy makers, and researchers focusing on economics of information security, as well as for advanced-level students in computer science, business management and economics.
[ in PDF format (1,319K) ]

Protecting Critical Information Infrastructure: Developing Cybersecurity Policy

Hans Brechbuhl, Robert Bruce, Scott Dynes
and M. Eric Johnson

Information Technology for Development, Volume 16 No 1, Commonwealth, Spring 2010. This article discusses the elements of successful information security practices and policies at developing countries, based on field studies of information security practices and policies at US firms as well as on literature research. These elements include shared behaviors, persuasive relationships, and trust: we see these as resulting from increased dialog and necessity, not necessarily from any formal governing structure. This article presents a network model of the interactions required for effective cybersecurity and provide guidance to ICT Ministers in developing countries about the multidimensional aspects of cybersecurity policy concerns. [more]

Information Risk of Inadvertent Disclosure: An Analysis of File-Sharing Risk in the Financial Supply Chain
M. Eric Johnson
Journal of Management Information Systems, Fall 2008.
Firms face many different types of information security risk. Inadvertent disclosure of sensitive business information represents one of the largest classes of recent security breaches. We examine a specific instance of this problem—inadvertent disclosures through peer-to-peer file-sharing networks. We characterize the extent of the security risk for a group of large financial institutions using a direct analysis of leaked documents. We also characterize the threat of loss by examining search patterns in peer-to-peer networks. Our analysis demonstrates both a substantial threat and vulnerability for large financial firms.
[ in PDF format (1,319K) ]

Cyber Security: Are Economic Incentives Adequate?
Scott Dynes, Eric Goetz, and Michael Freeman
Critical Infrastructure Protection, Springer, editors Eric Goetz and Sujeet Shenoi
Protecting national critical infrastructure assets from cyber incidents is an important challenge. This article examines the threats faced by for-profit critical infrastructure entities, the incentives and drivers that influence investment in cyber security measures, and how policy initiatives might influence cyber preparedness in critical infrastructure entities.
[ in PDF format (1,319K) ]

The Evolution of the Peer-to-Peer File Sharing Industry and the Security Risks for Users
M. Eric Johnson, Dan McGuire, Nicholas Willey
Proceedings of the 41st Hawaii International Conference on System Sciences - 2008
This paper examines the peer-to-peer file sharing phenomena, including an overview of the industry, its business models, and evolution. The authors describe the information security risks users’ face including personal identification disclosure and leakage of proprietary business information.
[ in PDF format (353K) ]

Ubiquitous Communication: Tracking Technologies within the Supply Chain
M. Eric Johnson
Logistics Engineering Handbook, CRC Press, editor G. D. Taylor
The article examines tracking technologies in the context of a case study of an integration project at a major retailer, focusing on the business case for investment. The case looks at how technologies like Radio Frequency Identification (RFID) and Global Positioning System (GPS) can be used to improve supply chain performance and aid in reducing supply chain shrinkage.
[ in PDF format (323K) ]

Economic Costs of Firm-Level Information Infrastructure Failures
Scott Dynes and M. Eric Johnson
International Journal of Logistics Management, Vol. 18, No. 3, 2007
There is little research on e-business's potential in dealing with dynamic, unpredictable and sometimes sporadic customer demands. This paper presents a method for estimating the macro-economic cost of a firm-level information system disruption within a supply chain.
[ in PDF format (3,900K) ]

Embedding Information Security into the Organization
M. Eric Johnson and Eric Goetz
Security & Privacy Magazine, IEEE, Vol. 5, Issue 3, May-June 2007
Risk and business have always been inseparable, but new information security risks pose unknown challenges. How should firms organize and manage to improve enterprise security? In this article, the authors address how chief information security officers (CISOs) are working to build secure organizations.
[ in PDF format (517K) ]

Dual Sourcing Strategies
M. Eric Johnson
Supply Chain Excellence in Emerging Economies, Springer-Verlag, editors Hau L. Lee and Chung-Yee Lee
This article examines a case study of Mattel and its decision process to add production capacity to a network of both outsourced and Mattel-operated facilities. Set during the Asian financial crisis, the case illustrates: 1) How toy makers manage demand and supply uncertainty; 2) Mattel’s outsourcing strategy in Asia; 3) How Mattel integrates its marketing and supply chain strategy.
[ in PDF format (174K) ]

Building a Distribution System in Eastern Europe
M. Eric Johnson
Supply Chain Excellence in Emerging Economies, Springer-Verlag, editors Hau L. Lee and Chung-Yee Lee
In an environment of changing customer expectations and evolving distribution infrastructure, firms can develop new business models that generate rapid growth. This article examines the organic growth of an office supply firm, Papirius, in Eastern Europe, including major decisions about its growth and the defendability of its markets, and the outcome of those decisions.
[ in PDF format (298K) ]

Looking for a specific article? Visit the Academic Publications List for a table of all of the center's academic publications.

The center focuses its research on the impact of information technology that enables firms to integrate and collaborate with their customers and supply chain partners.

Visit the Academic Publications List for a table of all of the center's academic publications.

The center develops case studies that illustrate the impact of digital technologies.

Visit our Case Study Series Library for a complete listing.

Learn about the center's Technology, Innovation, and Learning seminars.

WEIS 2008WEIS 2008, the Workshop on the Economics of Information Security, will be held at the Tuck School, June 25-27.

POMS 2007The center's Supply Chain Wiki from the POMS 2007 conference on Emerging Markets.

BUILDING SUPPLY CHAIN EXCELLENCE IN EMERGING ECONOMIES, edited by Hau L. Lee and Chung-Yee Lee Building Supply Chain Excellence
This text includes two papers by Eric Johnson.

SWARM CREATIVITY by Peter Gloor Swarm Creativity
by affiliated researcher Peter Gloor, by Oxford University Press.

INTERFACES, May-June 2006 Interfaces, May-June 2006
Center director Eric Johnson edited this special supply chain management issue.