Academic Publications: Information Security
Information Security Risk and Privacy in Healthcare: Current State of Research
M. Eric Johnson, Ajit Appari
International Journal of Internet and Enterprise Management, 6(4), pp. 279-314, 2010
Information security and privacy in the healthcare sector is an issue of growing importance. The adoption of digital patient records, increased regulation, provider consolidation and the increasing need for information exchange between patients, providers and payers, all point towards the need for better information security. We critically survey the literature on information security and privacy in healthcare, published in information systems journals as well as many other related disciplines including health informatics, public health, law, medicine, the trade press and industry reports. In this paper, we provide a holistic view of the recent research and suggest new areas of interest to the information systems community.
Paper in PDF Format (1.2K)
Topics: Healthcare IT & Ops, Information Security, Privacy
Protecting Critical Information Infrastructure: Developing Cybersecurity Policy
Hans Brechbühl, Robert Bruce, Scott Dynes, M. Eric Johnson
Information Technology for Development, Volume 16 No 1, Commonwealth, Spring 2010
This article discusses the elements of successful information security practices and policies at developing countries, based on field studies of information security practices and policies at US firms as well as on literature research. These elements include shared behaviors, persuasive relationships, and trust: we see these as resulting from increased dialog and necessity, not necessarily from any formal governing structure. This article presents a network model of the interactions required for effective cybersecurity and provide guidance to ICT Ministers in developing countries about the multidimensional aspects of cybersecurity policy concerns. More ›
Topics: Data, Information Security
Cyber Security: Are Economic Incentives Adequate?
Scott Dynes, Eric Goetz, Michael Freeman
Critical Infrastructure Protection, Springer, editors Eric Goetz and Sujeet Shenoi, 2008
Protecting national critical infrastructure assets from cyber incidents is an important challenge. This article examines the threats faced by for-profit critical infrastructure entities, the incentives and drivers that influence investment in cyber security measures, and how policy initiatives might influence cyber preparedness in critical infrastructure entities.
Overview in PDF Format (1319K)
The Evolution of the Peer-to-Peer File Sharing Industry and the Security Risks for Users
M. Eric Johnson, Dan McGuire,
Proceedings of the 41st Hawaii International Conference on System Sciences, 2008
This paper examines the peer-to-peer file sharing phenomena, including an overview of the industry, its business models, and evolution. The authors describe the information security risks users’ face including personal identification disclosure and leakage of proprietary business information.
Overview in PDF Format (353K)
Topics: Data, Information Security, Information Technology, Risk
Embedding Information Security into the Organization
M. Eric Johnson, Eric Goetz
Security & Privacy Magazine, IEEE, Vol. 5, Issue 3, May-June 2007
Risk and business have always been inseparable, but new information security risks pose unknown challenges. How should firms organize and manage to improve enterprise security? In this article, the authors address how chief information security officers (CISOs) are working to build secure organizations.
in PDF Format (517K)
Topics: Information Security, Organization
Economic Costs of Firm-Level Information Infrastructure Failures
M. Eric Johnson, Eric Goetz
Security & Privacy Magazine, IEEE, Vol. 5, Issue 3, May-June 2007
Risk and business have always been inseparable, but new information security risks pose unknown challenges. How should firms organize and manage to improve enterprise security? In this article, the authors address how chief information security officers (CISOs) are working to build secure organizations.
in PDF Format (517K)
Topics: Information Security, Risk
Costs to the U.S. Economy of Information Infrastructure Failures
Scott Dynes
M. Eric Johnson, Eva Andrijcic
Proceedings of the Fifth WEIS, 2006
The increasing reliance of the U.S. economy on the information infrastructure has raised questions regarding the security and robustness of the critical information infrastructure at all levels of the economy, ranging from individuals in small firms facing very practical concerns to national figures facing equally pressing policy issues. Until recently, these individuals have had to rely mainly on speculation for guidance as empirical studies of the economic risks faced by individual firms and larger economic entities were unavailable. This lack of data concerning these issues was the original impetus for the studies presented in this paper.
Article in PDF Format (92K)
Topics: Data, Information Security
Managing Information Risk and the Economics of Security
M. Eric Johnson
Springer, December 2005
Information has become a source of growing risk as more firms maintain information online. Managing Information Risk and the Economics of Security presents the latest research on economics driving both the risks and the solutions. Covering the implications of policy within firms and across countries, this volume provides managers and policy makers with new thinking on how to manage risk. Designed for managers, policy makers, and researchers focusing on economics of information security as well as advanced-level students in computer science, business management and economics. More ›
Overview in PDF Format (1,319K)
Topics: Economy, Globalization, Information Security, Risk
Information Security in the Extended Enterprise
Scott Dynes
M. Eric Johnson, Hans Brechbühl
Field Study, 2005
What are the main drivers of private-section investment in information security? How exposed are firms to cyber risks arising from their reliance on the information infrastructure? Initial results are presented from a field study of a manufacturing company and four of its suppliers of different sizes. We find that many managers believe: that information security is less a competitive advantage than a qualifier for doing business; that firms’ internal networks are not at additional risk as a result of using the information infrastructure to integrate their supply chains; and that their supply chains are robust to internet outages of up to a week in duration. We discuss their security perceptions and actions in the context of a cost model.
Paper in PDF Format (253K)
Topics: Information Security, Manufacturing, Risk
A Field Study of Extended Enterprise Security
Scott Dynes
M. Eric Johnson, M. Eric Johnson
Proceedings of the Third CABIT, 2005
As organizations increasingly rely on the internet for their internal and external business processes, each firm’s security decisions have an impact on the overall security of the information infrastructure for the thousands of suppliers, collaborators, and channel partners that they interact with as part of that firm’s extended enterprise (a collection of firms that design, produce, and market a product or service
In PDF Format (20K)
Topics: Extended Enterprise, Information Security, Operations, Process