Home Tuck Dartmouth Search Site Map Contact Us
Information Security

With more and more firms using digital technologies for data aggregation, manipulation, and communication, information security has become a core concern for both functional and regulatory reasons. The Center for Digital Strategies, by conducting field studies, academic studies, and summits on information security, aims to raise the awareness of potential risks, offer strategies that will minimize both the threats and the consequences, and use the results of its studies to inform information security policy efforts.

Eric Johnson testified before Congress about information leaks over file-sharing networks.Eric Johnson testified before Congress about information leaks over file-sharing networks.

Video: Eric Johnson on inadvertent disclosures over the internet.

WEIS 2008, Workshop on the Economics of Information Security
June 25-27, 2008, Hanover, NH

Security through Information Risk Management
October 5, 2007, Hanover, NH

The Security Standard
September 10-11, 2007, Chicago, IL

Embedding Information Security into the Organization, Security & Privacy Magazine, IEEE

Inadvertent Disclosure, presented at WEIS 2007

Information Security Field StudyAdoption of Risk Measures
Supported in part by the Department of Homeland Security, through I3P
In this project, we are examining market adoption of risk evaluation mechanisms. Through corporate interactions and analysis of historical adoption of similar risk measures in the financial sector, we are developing economic models of the risk measurement marketplace. [ more ]

Information Leakage in the Extened Enterprise Information Leakage in the Extended Enterprise
Supported in part by the Department of Homeland Security, through I3P
Inadvertent disclosure of sensitive business information represents one the largest classes of recent security failures. In this project, we are examining the business risks of different types of disclosures including inadvertent web posting, social networks, blogs, and peer-to-peer file sharing networks. [ more ]

Information Risk in Data-Oriented Enterprises Information Risk in Data-Oriented Enterprises
Supported in part by NIST and the Department of Homeland Security
This project examined how information risk can be articulated and monetized with the goal of developing lifecycle management approaches to information provisioning. The team analyzed many current best-practices for provisioning and developed new approaches that reduce information risk. [ more ]

Information Security Field StudyInformation Security Field Study
Supported in part by the Department of Homeland Security, through I3P
How are the information security risks identified? How do firms make investments in information security? Are firms exposed to risks as a result of using electronic means to integrate with their extended enterprise? The center has commenced a field study to examine these issues through a series of interviews at large companies and a few of their critical suppliers. [ more ]

World BankWorld Bank Project
Supported by the World Bank
The center has helped create a resource for countries that wish to begin or enhance the level of information security at all levels: national, organizational, and individual. The resource developed information on security as arising from actions taken by many actors at all levels, detailing the technical, organizational and policy challenges and offering processes to meet these challenges. [ more ]

Embedding Information Security Risk Management CISO Workshop Series
A Series of Exectutive Workshops for Heads of Security
The CISO Workshop Series brings top security executives together for an annual look at the most pressing issues. [ more ]

"Building the Security-to-Business Bridge" - ISTS Quarterly
Eric Johnson on security challenges Fortune 500 companies face, e.g., protecting customer data and intellectual property - video
Institute for Security and Technology Studies (ISTS)
Institute for Information Infrastructure Protection (I3P)
Security and Privacy panel
"Department of Homeland Security funds center study" - press release
"Fortune 500 executives report they need better tools to measure the benefits of cyber security" - press release
Information Security and Privacy roundtable, with overview article
Research Fellow Scott Dynes on "What Drives Information Security Investment?" Institute for Security Technology Studies
"Security Summit" - Network World
"IT Security in the Extended Enterprise" - Financial Times, 2005
"IT Security in the Extended Enterprise" - Financial Times, 2004