Business Rationale Project Publications

Listed Below are the publications reported to the I3P as part of the Business Rationale for Cyber Security Project (2007-2009). If a publication is not listed here and you think it should be please send it to the I3P Administrative Office.

Journal Articles:

• Scott Dynes, M. Eric Johnson, Eva Andrijcic, Barry Horowitz. Economic costs of firm-level information infrastructure failures: Estimates from field studies in manufacturing supply chains. The International Journal of Logistics Management, vol. 18, no. 3 (2007) pp. 420-442.
• Alfredo Garcia & Barry Horowitz. The Potential for Underinvestment in Internet Security Implications for Regulatory Policy. Journal of Regulatory Economics, Vol. 31:1 (2007) pp. 37-55.
• Matthew Henry and Yacov Haimes. A Comprehensive Network Security Risk Model for Process Control Networks. Published in Risk Analysis, October 2008.
• Shari Lawrence Pfleeger & Rachel Rue. Cybersecurity Economic Issues: Clearing the Path to Good Practice. IEEE Software, vol. 25, no. 1 (2008) pp. 35-42.

Presentations:

• Ashgapur, Liu, Camp. A experimental evaluation of mental models in security. presented at the WEIS Workshop on the Economics of Cyber Security. June 7-8, 2007.
• Jean Camp. Computer Security and Human Trust Behaviors. presented at the 2007 Decision and Risk Analysis Conference: Convergence between Finance and Industry. May 22-23, 2007.
• Jean Camp. Net Trust: An anti-fraud user-centered toolbar. presented at the Symantec Research Seminar. May 4, 2007.
• Jean Camp. Privacy and Security. presented at the HP Research Symposium. August 1, 2007.
• Scott Dynes. Cyber Security: Practical Measures to Secure Your Systems. presented via video-conference to the Cyber Security Workshop in Kolkata, India.
• Barry Horowitz and Jonathan Crawford. Group Decision-Making for Cyber-Security. presented at the GFirst National Conference. June 25-29, 2007.
• Barry Horrowitz. Project status update. presented at the I3P Consortium meeting. June 5-6, 2007.
• Eric Johnson and Scott Dynes. Inadvertent Disclosure: Information leaks in the extended enterprise. presented at the WEIS Workshop on the Economics of Cyber Security. June 7-8, 2007.
• Eric Johnson. The Psychology of Risk. presented at The Security Standard 2007. August 10-12, 2007.
• Eric Johnson. Congressional Testimony on Inadvertant File Sharing. testimony given to the Congressional Committee on Oversight and Government Reform. July 24, 2007.
• Eric Johnson. Information Risk in the Extended Enterprise. presented at the FSSCC Meeting on Inadvertent Disclosure. September 7, 2007.
• Alex Tsow. Net Trust: A Status Report. presented at the WEIS Workshop on the Economics of Cyber Security. June 7-8, 2007.
• Camilo Viecco. Improving Honey Net Analysis. presented at the 2007 Information Assurance Workshop. 2007.

Books:

• L. Jean Camp & Kay Connelly. Privacy in Ubicomp. Digital Privacy: Theory, Technologies and Practices. eds. Alessandro Acquisti, Sabrina De Capitani di Vimercati, Stefanos Gritzalis and Costas Lambrinoudakis; Taylor &Frances. New York, NY (2007)

Other:

• Scott Dynes. Business Resilience: A More Compelling Argument for Information Security. CERT Podcast Series, Oct 16, 2007.
• Eric Johnson & Scott Dynes. Inadvertent Data Disclosure on Peer-to-Peer Networks. CERT Podcast Series, Jan 22, 2008.
• Samuelson Law, Technology & Public Policy Clinic. Security Breach Notification Laws: Views from Chief Security Officers. Testimony given at a hearing of the California Senate Judiciary Committee on Jan. 15, 2008.