Home Tuck Dartmouth Search Site Map Contact Us
Information Risk in Data-Oriented Enterprises

This interdisciplinary research project is supported in part by NIST and the Department of Homeland Security through the Institute of Security Technology Studies.

Eric Johnson, Robin Sundaram, and John Gallant
Video: Eric Johnson and John Gallant interview Robin Sundaram, CISO, ChoicePoint on information risk.

Information risk paper presented at FinanceCom 2007
PDF (148KB)

Tuck Today article

Press Release
PDF (16KB)

Many industries that share and operate on information are moving their operations into electronic settings. In some fields, this move offers a vital competitive edge; in others, this can be a desirable cost-cutting measure. The challenge these firms face is building information systems that deliver the right information to employees, while ensuring they don't provide data entitlements that inappropriately enable misuse or violate customer privacy.

Project team:
M. Eric Johnson, CDS Director; Sean Smith, Dartmouth CS professor; Tony Portera T'07; Sara Sinclair, Dartmouth CS PhD; Stephanie Trudeau D'09

Information Risk in Data-Oriented Enterprises

With a research team from computer science and business, we are investigating how information risk can be articulated and monetized with the goal of developing lifecycle management approaches to information provisioning. We are developing models of both the organizational and system application structure to allow us to simulate the effectiveness of potential technical and access policy changes. For example, a model of an organization that allows the simulation of employee hiring, termination, promotion, and supervisory relationship changes enables us to predict how auto-provisioning users with a certain role at a certain lifecycle event would affect the overall system.

This project will benefit data-oriented enterprises by both analyzing many current best-practices for provisioning and developing new approaches that reduce information risk.

Financial Institutions Field Study
The financial services industry is arguably the leading private sector in managing complex information security in a professional services setting. Large global enterprises with thousands of employees, contractors, and partners scattered around the world, they require information systems that are flexible, yet secure.
[  in PDF format (157K) ]

This research is supported in part by:
ISTS

Return to the Center's Information Security Project
Current Projects, Institute for Security Technology Studies
"ISTS Embeds Students in Financial Institutions" - ISTS Quarterly
"Embedding Information Security into the Organization," M. Eric Johnson and Eric Goetz, Security & Privacy Magazine, IEEE
MBA Research Fellow Scott Dynes on "What Drives Information Security Investment?" Institute for Security Technology Studies
"Security Summit," Network World
"Information Security and Privacy: At Odds with Speed and Collaboration?" - a Thought Leadership Summit on Digital Strategies
"Security and Privacy: Business Dilemma or Opportunity?" - a Tuck alumni panel hosted by the Center for Digital Strategies