Center for Digital Strategies

Home ›
Research ›
Executive Publications

Executive Publications: Information Security

A Whole New World for Cybersecurity

Hans Brechbühl, M. Eric Johnson
US News & World Report

South Korea experienced a cyber-nightmare that may not be unusual in the coming years. An attack on the scale of "DarkSeoul," whose origins are as yet unknown, is almost certain to be replicated in the U.S. and Europe in the next decade. Threats from cyberattacks have increased dramatically over the past ten years. In response, spending on information security has exploded, and was estimated to reach $60 billion globally last year, according to Gartner. A decade ago, many security staff were technicians in closet-sized offices responsible for maintaining a company's firewall and giving the occasional lecture to employees on avoiding dubious websites or putting suspect thumb-drives in their laptops. Today chief information security officers have staffs and are briefing the board of directors—and they're playing a lead role in managing risk across the world's biggest companies. Explore the full article. More ›

Topics: Information Security

Hospitals Should Not Adopt New Healthcare IT Program Too Quickly

M. Eric Johnson
US News

The Centers for Medicare and Medicaid recently announced that Electronic Health Record incentive payments skipped past $6 billion, with over 122,000 providers already taking part in the action. The incentive frenzy has really just begun, as this represents less than half of the 260,000 providers who have already registered to join the $27 billion funding party. More ›

Topics: Healthcare IT & Ops, Information Security

Cybersecurity: Risks, Mitigation and Collaboration

Hans Brechbühl
CISO Information Security Workshop Publication

We convened a day-long workshop for Chief Information Security Officers (CISOs) at Kartause Ittingen in Warth, Switzerland. The topic of the day was cybersecurity. CISOs from industry and government joined with academics from the US and Europe to discuss the threats arising from the external electronic connectivity of the enterprise: What is their nature? What can be done to prevent them? If not prevented, what are best practices in remediation? And long-term, how can companies, governments, law enforcement agencies, and other participants work across company boundaries and across country borders to provide the best security possible for critical data? Participants in the session included private-sector CISOs from ABB, Adidas, Cisco, Daimler, Goldman Sachs, Hilti, Holcim, ING, Nestlé, Nokia, Novartis, Schindler, Swarovski, Swiss Reinsurance Company, and Thomson Reuters. They were joined from the public sector by representatives of the European Commission and the Swiss Confederation.

Overview (317K)

Topics: CISO, Information Security

Hospitals Must Safeguard Patient Data

M. Eric Johnson
US News

Like the challenge of controlling U.S. healthcare costs, safeguarding patient information has proved elusive. Currently, the basic functionality of many electronic health record systems is lacking and poor usability leads to work-arounds. Read about the recent workshop at Tuck focused on safeguarding patient data, funded by the National Science Foundation. More ›

Topics: Healthcare IT & Ops, Information Security

A Better Way to Battle Malware

Tim Laseter

M. Eric Johnson
strategy + business

Emulating the methods used to transform production quality could clean up the Internet and might even pay for itself. More ›

Article (347KB)

Topics: Information Security, Internet / Connectivity, Strategy

The Human Element

M. Eric Johnson
Tuck Today

Forget technology. It's people that are keeping information security professionals up at night, says professor Eric Johnson. We are connected. The number of devices accessing the Internet today easily exceeds the world's population and will likely reach 50 billion by the end of the decade. This connectivity has transformed how we do business and the way we live, but it also has a dark side. With trillions of emails, instant messages, and social media posts floating around in cyberspace, information is now harder than ever to protect. More ›

Topics: Culture, Information Security

Human Behavior and Security Culture - America

M. Eric Johnson, Jeff Moag
CISO Information Security Workshop Publication

A workshop for information security executives convened to examine information security risks and challenges posed by human behavior. The workshop included security leaders from Automatic Data Processing, Inc., Bechtel, Cigna, Cisco, Colgate-Palmolive, Eastman Chemical Company, eBay, General Dynamics, Goldman Sachs, L.L. Bean, the MITRE Corporation, Providence Health & Services, Praxair, Staples, Starwood Hotels & Resorts Worldwide, Stream Global Services, Time Inc., and the U.S. Department of Homeland Security, as well as academics from the Tuck School of Business at Dartmouth.

Human Behavior and Security Culture (279K)

Topics: Culture, Data, Information Security

Human Behavior and Security Culture - Europe

Jeff Moag

Hans Brechbühl, Tim Paradis
CISO Information Security Workshop Publication

A workshop for European information security executives convened June 20–21, 2011 to examine information security risks and challenges posed by human behavior. The workshop included security leaders from ABB, adidas, Cisco Systems, Clariant, Deloitte, Hilti, Holcim, the NATO Communication and Information Systems Services Agency, Nestlé, Nokia, Siemens, Swiss Re, Tetra Pak, Thomson Reuters, the Swiss Federal Office of Information Technology, Systems and Telecommunication, TÜV Rheinland, and UBS, as well as academics from the Tuck School of Business at Dartmouth and the University of St. Gallen.

Overview (298K)

Topics: Culture, Data, Information Security

Assessing Risk in Turbulent Times

M. Eric Johnson, Moag, Jeff
Workshop for Information Security Executives

This workshop for information security executives was hosted by the Institute for Information Infrastructure Protection (I3P) and the Tuck School of Business’s Center for Digital Strategies, both at Dartmouth College.

Overview in PDF Format (359K)

Topics: Controls / Metrics, Information Security, Information Technology, Organization, Strategy

Security through Information Risk Management

A Workshop for Information Security Executives, 2007

Protecting against economically-driven threats requires building security into the culture so that everyone can recognize the risks. This article looks at the role of CISOs and directors of information security in building a secure organization.

Overview in PDF Format (308K)

Topics: Information Security, Risk

Using and Stewarding Customer Data

Roundtable on Digital Strategies Publication

How has the view of the use of customer data changed in the last few years? This written overview looks at strategies for meeting and exceeding customer expectations with data use.

Overview in PDF Format (215K)

Topics: Customer, Data, Governance, Information Security, Privacy

Security Beyond the Ports

Charles H. White, Jr. (T'68)
The Journal of Commerce

This article discusses the controversial P&O-DP World deal and considers how America’s global supply chains do not begin and end at the ports, and how neither should our security focus.

Article in PDF Format (24K)

Topics: Information Security, Supply Chain

Embedding Information Security Risk Management into the Extended Enterprise

Executive Workshop Publication

This Workshop on Developing a Secure Organization convened to discuss how companies are embedding information security risk management into the extended enterprise. In today’s outsourcedenterprises, effective risk management is quickly becoming a source of competitive advantage. The technology community has made much progress in the past five years improving the technical aspectsof security. Yet moving the needle on information security is a team activity, requiring participation by everyone in the corporation. The hardest remaining issues involve people and organizations. Inthis workshop, CISOs2 from Fortune 500 firms gathered to debate the challenges of organizing for security.

Overview in PDF Format (194K)

Topics: Extended Enterprise, Information Security, Information Technology, Risk

Economically Complex Cyberattacks

Scott Borg
IEEE Security and Privacy

Most people working in cybersecurity recognize that the interconnections and complexities of our economy can have a huge effect on the destructiveness of cyberattacks. They refer casually to “network effects,” “spillover effects,” or “knock-on effects.” Yet there is little understanding of how such effects actually work, what conditions are necessary to create them, or how to quantify their consequences.

Article in PDF Format (67K)

Topics: Data, Information Security

A Broader Context for Information Security

M. Eric Johnson
Financial Times

This article looks at the goal of effective risk management for information technology, which is not the elimination of security failures, but rather reducing their cost while empowering the business to take appropriate risks.

Article in PDF Format (73K)

Topics: Information Security, Information Technology, Risk

Security and Privacy: At Odds with Speed and Collaboration?