 |
 |
 |
 |
|
 |
|
|
|||
|
Information Security
With more and more firms using digital technologies for data aggregation, manipulation, and communication, information security has become a core concern for both functional and regulatory reasons. The Center for Digital Strategies, by conducting field studies, academic studies, and summits on information security, aims to raise the awareness of potential risks, offer strategies that will minimize both the threats and the consequences, and use the results of its studies to inform information security policy efforts. |
|||
 |
|||
 |
|
 |
|
 Eric Johnson testified before Congress about information leaks over file-sharing networks.Video: Eric Johnson on inadvertent disclosures over the internet.
WEIS 2008, Workshop on the Economics of Information Security
Security through Information Risk Management
The Security Standard Embedding Information Security into the Organization, Security & Privacy Magazine, IEEE Inadvertent Disclosure, presented at WEIS 2007
|
|
|
 |
|||||
|
Information Security Field StudySupported in part by the Department of Homeland Security, through I3P
How are the information security risks identified? How do firms make investments in information security? Are firms exposed to risks as a result of using electronic means to integrate with their extended enterprise? The center has commenced a field study to examine these issues through a series of interviews at large companies and a few of their critical suppliers. [ more ]
Information Leakage in the Extended Enterprise Supported in part by the Department of Homeland Security, through I3P
Inadvertent disclosure of sensitive business information represents one the largest classes of recent security failures. In this project, we are examining the business risks of different types of disclosures including inadvertent web posting, social networks, blogs, and peer-to-peer file sharing networks. [ more ]
Information Risk in Data-Oriented EnterprisesSupported in part by NIST and the Department of Homeland Security
This project examined how information risk can be articulated and monetized with the goal of developing lifecycle management approaches to information provisioning. The team analyzed many current best-practices for provisioning and developed new approaches that reduce information risk. [ more ]
World Bank ProjectSupported by the World Bank
The center has helped create a resource for countries that wish to begin or enhance the level of information security at all levels: national, organizational, and individual. The resource developed information on security as arising from actions taken by many actors at all levels, detailing the technical, organizational and policy challenges and offering processes to meet these challenges. [ more ]
Embedding Information Security Risk ManagementA Workshop on Developing a Secure Organization
Effective risk management is quickly becoming a source of competitive advantage. While the role of the head of information security, often the chief information security officer (CISO), is becoming more strategic, moving the needle on information security requires participation by everyone in the corporation. In this workshop, CISOs gathered to debate the challenges of organizing for security. The objective was to go beyond understanding best practice and identify the top imperatives to enable security transformation. [ more ]
|
|
 |
"Building the Security-to-Business Bridge" - ISTS Quarterly |
|
|
|
Eric Johnson on security challenges Fortune 500 companies face, e.g., protecting customer data and intellectual property - video |
|
|
|
Institute for Security and Technology Studies (ISTS) |
|
|
|
Institute for Information Infrastructure Protection (I3P) |
|
|
|
Security and Privacy panel |
|
|
|
"Department of Homeland Security funds center study" - press release |
|
|
|
"Fortune 500 executives report they need better tools to measure the benefits of cyber security" - press release |
|
|
|
Information Security and Privacy roundtable, with overview article |
|
|
|
Research Fellow Scott Dynes on "What Drives Information Security Investment?" Institute for Security Technology Studies |
|
|
|
"Security Summit" - Network World |
|
|
|
"IT Security in the Extended Enterprise" - Financial Times, 2005 |
|
|
|
"IT Security in the Extended Enterprise" - Financial Times, 2004 |
 |