 |
 |
 |
 |
|
 |
|
|
|||
|
Information Security
With more and more firms using digital technologies for data aggregation, manipulation, and communication, information security has become a core concern for both functional and regulatory reasons. The Center for Digital Strategies, by conducting field studies, academic studies, and summits on information security, aims to raise the awareness of potential risks, offer strategies that will minimize both the threats and the consequences, and use the results of its studies to inform information security policy efforts. |
|||
 |
|||
 |
|
 |
|
 Eric Johnson testified before Congress about information leaks over file-sharing networks.Video: Eric Johnson on inadvertent disclosures over the internet.
WEIS 2008, Workshop on the Economics of Information Security
Security through Information Risk Management
The Security Standard Embedding Information Security into the Organization, Security & Privacy Magazine, IEEE Inadvertent Disclosure, presented at WEIS 2007
|
|
|
 |
|||||
|
Adoption of Risk MeasuresSupported in part by the Department of Homeland Security, through I3P
In this project, we are examining market adoption of risk evaluation mechanisms. Through corporate interactions and analysis of historical adoption of similar risk measures in the financial sector, we are developing economic models of the risk measurement marketplace. [ more ]
Information Leakage in the Extended Enterprise Supported in part by the Department of Homeland Security, through I3P
Inadvertent disclosure of sensitive business information represents one the largest classes of recent security failures. In this project, we are examining the business risks of different types of disclosures including inadvertent web posting, social networks, blogs, and peer-to-peer file sharing networks. [ more ]
Information Risk in Data-Oriented EnterprisesSupported in part by NIST and the Department of Homeland Security
This project examined how information risk can be articulated and monetized with the goal of developing lifecycle management approaches to information provisioning. The team analyzed many current best-practices for provisioning and developed new approaches that reduce information risk. [ more ]
Information Security Field StudySupported in part by the Department of Homeland Security, through I3P
How are the information security risks identified? How do firms make investments in information security? Are firms exposed to risks as a result of using electronic means to integrate with their extended enterprise? The center has commenced a field study to examine these issues through a series of interviews at large companies and a few of their critical suppliers. [ more ]
World Bank ProjectSupported by the World Bank
The center has helped create a resource for countries that wish to begin or enhance the level of information security at all levels: national, organizational, and individual. The resource developed information on security as arising from actions taken by many actors at all levels, detailing the technical, organizational and policy challenges and offering processes to meet these challenges. [ more ]
CISO Workshop Series
A Series of Exectutive Workshops for Heads of Security
The CISO Workshop Series brings top security executives together for an annual look at the most pressing issues. [ more ]
|
|
 |
"Building the Security-to-Business Bridge" - ISTS Quarterly |
|
|
|
Eric Johnson on security challenges Fortune 500 companies face, e.g., protecting customer data and intellectual property - video |
|
|
|
Institute for Security and Technology Studies (ISTS) |
|
|
|
Institute for Information Infrastructure Protection (I3P) |
|
|
|
Security and Privacy panel |
|
|
|
"Department of Homeland Security funds center study" - press release |
|
|
|
"Fortune 500 executives report they need better tools to measure the benefits of cyber security" - press release |
|
|
|
Information Security and Privacy roundtable, with overview article |
|
|
|
Research Fellow Scott Dynes on "What Drives Information Security Investment?" Institute for Security Technology Studies |
|
|
|
"Security Summit" - Network World |
|
|
|
"IT Security in the Extended Enterprise" - Financial Times, 2005 |
|
|
|
"IT Security in the Extended Enterprise" - Financial Times, 2004 |
 |