Contact Us
Kogod Cybersecurity Governance Center
4400 Massachusetts Avenue NW
Washington, DC 20016
KSB - Kogod School of Business on a map
4400 Massachusetts Avenue NW Washington, DC 20016 United StatesOn research, the strategic vision of Kogod Cybersecurity Governance Center is to focus on two aspects of cybersecurity and privacy: behavioral research and data analytics. We argue that past efforts on cybersecurity and privacy research are heavily skewed towards system security issues, leaving as research gaps the two aspects we plan to study. Behavioral research aims to understand how the complex interplays between automated systems and human users, especially human behavior patterns and economic drivers, affect cybersecurity and privacy. Data analytics, on the other hand, considers both the security and privacy threats posed by data analytics techniques and the security and privacy challenges threatening the utility and robustness of data analytics.
Haejung Yun, Gwanhoo Lee, and Dan J Kim
KCGC fellow Dr. Gwanhoo Lee and his co-authors have conducted a chronological review of academic research on consumers’ privacy concerns and demonstrated how our understanding on information privacy has evolved over the last couple of decades. This paper is recently published by Information & Management.
Jay Simon and Ayman Omar
Cybersecurity poses a difficult challenge to supply chains, as a firm may be affected by an attack on another firm in the supply chain. For example, a retailer’s consumer data might be compromised via an attack on a supplier. In general, individual nodes in a supply chain bear the entire cost of their own cybersecurity investments, but some of the benefits of the investments may be enjoyed by the other nodes as well. KCGC fellows Dr. Jay Simon and Ayman Omar analyze the differences between coordinated and uncoordinated cybersecurity investments, as well as the differences resulting from a strategic and a non-strategic attacker. They find that lack of coordination leads to underinvestment with a non-strategic attacker, but that this is somewhat counterbalanced by an attacker being strategic. Lack of coordination may lead to either underinvestment or over-investment with a strategic attacker, depending on how large the indirect damages from attacks are relative to the direct damages; over-investment is more likely if indirect damages are relatively minor.
Drs. Nan Zhang and Heng Xu, faculty members of KCGC, were recently awarded a DARPA research grant to study the robustness of research claims in social and behavioral science research.
The KCGC team provided data-analytics support for the 2019 SANS Security Awareness Report. Special thanks go to Hannah Andrews and Adefunke Sonaike, research assistants at KCGC who made the data analysis happen.
Dr. Heng Xu, Kogod Cybersecurity Governance Center Director, was recently awarded The Operational Research Society’s Stafford Beer Medal for 2018 for her paper "Examining the intended and unintended consequences of organisational privacy safeguards". The Stafford Beer Medal was established in memory of Stafford Beer, a British theorist and professor who was a world leader in operational research and management cybernetics.
Dr. Heng Xu and Dr. Nan Zhang of Kogod Cybersecurity Governance Center gratefully acknowledge the National Science Foundation for the foundation's generous support of their research project "SaTC: CORE: Medium: Situation-Aware Identification and Rectification of Regrettable Privacy Decisions", which is rooted in integrating substantive bodies of multidisciplinary knowledge to address the acute challenges of mobile privacy.
Yaqoub Alsarkal, Nan Zhang, and Heng Xu
This paper addresses a novel yet important question of whether privacy self-management, a popular solution to privacy protection in social media and other websites, are indeed effective in practice. Specifically, it presents an observational study on the effect of the most prominent privacy setting on Twitter, the protected mode. The results show that, even after setting an account to protected, most real-world account owners still have substantial private information continuously disclosed, mostly through tweets posted by the owner’s connections. This paper won a best paper nomination at HICSS 52.
Nan Zhang and Heng Xu
Most research on identifying and understanding health disparities focused on measurement strategies and analytics design over administrative and survey data. What has received less attention, however, is the complex interplay between privacy concerns and the needs of health disparity research. Recently accepted for publication on the Medical Care Journal. This paper illustrates the fundamental challenges facing the reconciliation of privacy needs and health disparity research.
Elizabeth Petrie and Casey Evans
Written by Elizabeth Petrie, Director of Cyber Threat Risk Management at Citibank, and Casey Evans, KCGC Faculty Fellow, this paper focuses on identifying the patterns of behavior typically indicative of efforts by criminals to use insiders to cash out on fraudulent activity. The research explores the potential for organizations to use an existing telecommunication platform, such as SWIFT, to communicate cyber fraud threat information by establishing indicators of cashout behavior, which could warn of cyber fraud activity. An example of what this might look like using an MT998 message is included in the paper.
Kogod Cybersecurity Governance Center
4400 Massachusetts Avenue NW
Washington, DC 20016