On research, the strategic vision of Kogod Cybersecurity Governance Center is to focus on two aspects of cybersecurity and privacy: behavioral research and data analytics. We argue that past efforts on cybersecurity and privacy research are heavily skewed towards system security issues, leaving as research gaps the two aspects we plan to study. Behavioral research aims to understand how the complex interplays between automated systems and human users, especially human behavior patterns and economic drivers, affect cybersecurity and privacy. Data analytics, on the other hand, considers both the security and privacy threats posed by data analytics techniques and the security and privacy challenges threatening the utility and robustness of data analytics.

The Evolution of Consumer Privacy Research: the Past, Present, and Future

Haejung Yun, Gwanhoo Lee, and Dan J Kim

KCGC fellow Dr. Gwanhoo Lee and his co-authors have conducted a chronological review of academic research on consumers’ privacy concerns and demonstrated how our understanding on information privacy has evolved over the last couple of decades. This paper is recently published by Information & Management.

Read the paper

Cybersecurity Investments in the Supply Chain

Jay Simon and Ayman Omar

Cybersecurity poses a difficult challenge to supply chains, as a firm may be affected by an attack on another firm in the supply chain. For example, a retailer’s consumer data might be compromised via an attack on a supplier. In general, individual nodes in a supply chain bear the entire cost of their own cybersecurity investments, but some of the benefits of the investments may be enjoyed by the other nodes as well. KCGC fellows Dr. Jay Simon and Ayman Omar analyze the differences between coordinated and uncoordinated cybersecurity investments, as well as the differences resulting from a strategic and a non-strategic attacker. They find that lack of coordination leads to underinvestment with a non-strategic attacker, but that this is somewhat counterbalanced by an attacker being strategic. Lack of coordination may lead to either underinvestment or over-investment with a strategic attacker, depending on how large the indirect damages from attacks are relative to the direct damages; over-investment is more likely if indirect damages are relatively minor.

Read the paper

New DARPA Research Grant

Drs. Nan Zhang and Heng Xu, faculty members of KCGC, were recently awarded a DARPA research grant to study the robustness of research claims in social and behavioral science research.

Read more about the project.

2019 SANS Security Awareness Report Released

The KCGC team provided data-analytics support for the 2019 SANS Security Awareness Report. Special thanks go to Hannah Andrews and Adefunke Sonaike, research assistants at KCGC who made the data analysis happen.

Read more about the news.

The Stafford Beer Medal for 2018

Dr. Heng Xu, Kogod Cybersecurity Governance Center Director, was recently awarded The Operational Research Society’s Stafford Beer Medal for 2018 for her paper "Examining the intended and unintended consequences of organisational privacy safeguards". The Stafford Beer Medal was established in memory of Stafford Beer, a British theorist and professor who was a world leader in operational research and management cybernetics.

Read the Paper

National Science Foundation Project: Privacy regrets in smartphone usage

Dr. Heng Xu and Dr. Nan Zhang of Kogod Cybersecurity Governance Center gratefully acknowledge the National Science Foundation for the foundation's generous support of their research project "SaTC: CORE: Medium: Situation-Aware Identification and Rectification of Regrettable Privacy Decisions", which is rooted in integrating substantive bodies of multidisciplinary knowledge to address the acute challenges of mobile privacy.

Read More

How your friends affect your privacy on Twitter

Yaqoub Alsarkal, Nan Zhang, and Heng Xu

This paper addresses a novel yet important question of whether privacy self-management, a popular solution to privacy protection in social media and other websites, are indeed effective in practice. Specifically, it presents an observational study on the effect of the most prominent privacy setting on Twitter, the protected mode. The results show that, even after setting an account to protected, most real-world account owners still have substantial private information continuously disclosed, mostly through tweets posted by the owner’s connections. This paper won a best paper nomination at HICSS 52.

Read the Paper

Privacy disparity? Addressing privacy concerns in health disparity research

Nan Zhang and Heng Xu

Most research on identifying and understanding health disparities focused on measurement strategies and analytics design over administrative and survey data. What has received less attention, however, is the complex interplay between privacy concerns and the needs of health disparity research. Recently accepted for publication on the Medical Care Journal. This paper illustrates the fundamental challenges facing the reconciliation of privacy needs and health disparity research.

Read the Paper

Sharing Insider Threat Indicators: Examining the Potential Use of SWIFT's Messaging Platform to Combat Cyber Fraud

Elizabeth Petrie and Casey Evans

Written by Elizabeth Petrie, Director of Cyber Threat Risk Management at Citibank, and Casey Evans, KCGC Faculty Fellow, this paper focuses on identifying the patterns of behavior typically indicative of efforts by criminals to use insiders to cash out on fraudulent activity. The research explores the potential for organizations to use an existing telecommunication platform, such as SWIFT, to communicate cyber fraud threat information by establishing indicators of cashout behavior, which could warn of cyber fraud activity. An example of what this might look like using an MT998 message is included in the paper.

Read PDF