M. Eric Johnson, CDS Director; Sean Smith, Dartmouth CS professor; Tony Portera T'07; Sara Sinclair, Dartmouth CS PhD; Stephanie Trudeau D'09; Xia Zhao, CDS Research Fellow (not shown below).
With a research team from computer science and business, we are investigating how information risk can be articulated and monetized with the goal of developing lifecycle management approaches to information provisioning. We are developing models of both the organizational and system application structure to allow us to simulate the effectiveness of potential technical and access policy changes. For example, a model of an organization that allows the simulation of employee hiring, termination, promotion, and supervisory relationship changes enables us to predict how auto-provisioning users with a certain role at a certain lifecycle event would affect the overall system.
This project will benefit data-oriented enterprises by both analyzing many current best-practices for provisioning and developing new approaches that reduce information risk.
Financial Institutions Field Study
The financial services industry is arguably the leading private sector in managing complex information security in a professional services setting. Large global enterprises with thousands of employees, contractors, and partners scattered around the world, they require information systems that are flexible, yet secure.
[ in PDF format (157K) ]
Access Governace with Esclation
Information access in healthcare and financial services settings require different levels of flexiblity and control. Using game-theoretic models and simulation we are developing new information governance models based on incentives and controls. Research Findings in WEIS 2008.
This research is supported in part by:
|Return to the Center's Information Security Project|
|Current Projects, Institute for Security Technology Studies|
|"ISTS Embeds Students in Financial Institutions" - ISTS Quarterly|
|"Embedding Information Security into the Organization," M. Eric Johnson and Eric Goetz, Security & Privacy Magazine, IEEE|
|"Security Summit," Network World|
|"Security and Privacy: Business Dilemma or Opportunity?" - a Tuck alumni panel hosted by the Center for Digital Strategies|