21.10.09 11:04 Age: 32 days
Profs. Lechler and Wetzel win NSF award for Quantifying Information Security Risks in Complex Systems
By: Sharen Glennon
The project is an interdisciplinary effort between Computer Science and the Howe School of Technology Management. The PIs are Dr. Thomas Lechler, Associate Professor & Director of AE Programs - Howe School and Susanne Wetzel, Associate Professor & Director of Stevens’ Center for the Advancement of Secure Systems and Information Assurance - Schaefer School of Engineering & Science
Congratulations Profs. Lechler and Wetzel!
This proposal represents an opportunity to seed a highly innovative interdisciplinary research project that has the potential for significant practical and theoretical impact for the management of information security ? an area which is receiving more and more public attention. During the past decade, research in information security has expanded from a purely technical focus to a more general technology-economic focus. Despite its expansion, a multidisciplinary approach to understand and theoretically explain the interaction of security and economy within complex systems of partners is still missing. The principle objective of this proposed research is to develop an innovative interdisciplinary information security framework in collaboration with a healthcare system to optimize and substantially advance both its system information security and system productivity. For example, consider a hospital that exchanges data records of patients with governmental data bases that ? on the other hand ? are accessed by insurance companies. Furthermore, hospitals directly exchange information with these insurance companies. This may allow an insurance company to combine and deduce information from different data sources that could pose a security threat which is not addressed by traditional security considerations. From a security economics perspective, the impact of information exchange between partners on their productivity has to be considered to understand the conditions under which partners will obey or violate information security policies. The proposed project provides the potential for high impact in substantially advancing research in information security as well as in management science. Although the project will address systems information security within the health care industry, its outcomes are expected to be applicable in other industries, e.g., defense. The cross-disciplinary nature of the proposed project is also expected to identify opportunities for interdisciplinary education.
