Skip to main content

Home

 

Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Talks

 Samantha Ravich

 

 

Samantha Ravich
Deputy Chair of the President's Intelligence Advisory Board
Cyber-Enabled Economic Warfare: Why America‚Äôs Private Sector is now on
the Front Lines of an Emerging Battlefield
Thursday, September 27, 2018
4:30pm-6:00pm
Haldeman 41 (Kreindler Conference
Room)

Past Talks

William Regli, Ph.D

William Regli, Ph.D.
Director of the Institute for Systems Research at the Clark School of Engineering, 
Professor of Computer Science at the 
University of Maryland at College Park
A New Type of Thinking
Friday, June 22, 2018
Life Sciences Center 105
11:00 AM

Tata Consulting Logo

Dr. Gautam Shroff
Vice President, Chief Scientist, and Head of Research at Tata Consultancy Services 
Enterprise AI for Business 4.0: from Automation to Amplification
Thursday, June 07, 2018
Haldeman 041 Kreindler Conference Room
3:30 PM

John Dickerson UMD

John P Dickerson
Assistant Professor, Department of Computer Science, University of Maryland
Using Optimization to Balance Fairness and Efficiency in Kidney Exchange
Monday,  May 21st
Kemeny Hall 008
3:30 PM

Senator Jeanne Shaheen

Jeanne Shaheen
U.S. Senator from New Hampshire
Russian Interference in American Politics and Cyber Threats to Our Democracy
Tuesday, February 20, 2018
Alumni Hall (Hopkins Center)
11:00 AM

Lisa Monaco

Lisa Monaco
Former Homeland Security Advisor to President Obama
In Conversation: Lisa Monaco, Fmr Homeland Security Advisor to President Obama
Tuesday, February 13, 2018
Filene Auditorium (Moore Building)
5:00 PM
Sponsored by The Dickey Center for International Understanding

John Stewart EPRI

John Stewart
Sr. Technical Leader, Cyber Security, EPRI
Securing Grid Control Systems
Friday, January 12, 2018
Sudikoff L045 Trust Lab
12:00 Noon

M. Todd Henderson

M. Todd Henderson
Professor of Law, University of Chicago
Hacking Trust: How the Social Technology of Cooperation Will Revolutionize Government
Thursday, January 11, 2018
5:00pm-6:30pm 
Room 003, Rockefeller Center
Sponsored by: Rockefeller Center

Dr. Liz Bowman

Dr. Elizabeth Bowman
U.S. Army Research Laboratory
Artificial Intelligence, Machine Learning and Information: Army Social Computing Research
Tuesday, December 5th
Haldeman 041 Kreindler Conference Room
4:00 PM

Dr. Fabio Pierazzi

Dr. Fabio Pierazzi
Royal Holloway University of London
Network Security Analytics for Detection of Advanced Cyberattacks
Tuesday, November 28th
Sudikoff Trust Lab (L045)
12:30 PM

V.S. Subrahmanian

V.S. Subrahmanian
Dartmouth Distinguished Professor in Cybersecurity, Technology, and Society
Bots, Socks, and Vandals
Tuesday, November 14th
Carson L01
5:00 PM 

Rand Beers

Rand Beers ('64)
Big Data, the Internet, and Social Media:  The Road to the November 2016 Election
Wednesday, November 8th
Haldeman 41 (Kreindler Conference Hall)
4:30 PM 

Fright Night Imge

Wanna See Something REALLY Scary?
ISTS Looks at the Dark Web on Halloween Night
Tuesday, October 31st
S
udikoff  045 Trust Lab (dungeon)
7:30 PM - RSVP
Space is Limited 

Sal Stolfo

Salvatore J. Stolfo 
Columbia University
A Brief History of Symbiote Defense
Tuesday, October 31st
Rockefeller 003
5:00 PM

ISTS Information Pamphlet


2012BrochureCover

 

Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
info.ists@dartmouth.edu

Information Risk in Data-Oriented Enterprises (IRIDOE)

Project Summary

Many modern industries share and operate on information. As with the rest of society, these industries are moving their operations into electronic settings. In some fields (such as the financial sector), operating on data electronically offers a vital competitive edge; in other fields (such as in health care), operating on data electronically can be a very desirable cost-cutting measure. In both cases, firms are faced with the challenge of channeling the right information to employees, while ensuring that these information systems don't provide data entitlements that inappropriately enable misuse or violate customer privacy. At the same time, these industries are facing increased pressure from American and international governments to comply with new regulations regarding shared data-regulations that are well intentioned, but that perhaps do not fulfill the purpose their writers intended.

This situation creates a volatile mix of problems. Businesses seek to embed their information processes into technological systems, yet many problems cannot be solved using current technologies. Some enterprises (including many in the financial sector) are forced to build custom applications to meet their business goals. Enterprises also need to make rational business and technical decisions that balance information security risk with the cost of risk countermeasures, yet evaluating this risk and estimating that cost is in itself a hard problem.

This situation also offers exciting opportunities for research and education. Dartmouth has expertise that is highly relevant in this space: the PKI/Trust Lab in the Computer Science Department does cutting-edge research in the development of technology that effectively embodies real-world trust patterns, and the Center for Digital Strategies at Tuck is a thought leader in business-technology interaction.

This interdisciplinary project will thus examine both the underlying organizational and business causes, as well as the business costs, of risky information security practices in enterprises. Building on insights gained in Phase 0 (currently in progress under the name IRIPS and funded outside of this proposal), Phase 1 of this project will focus on employee entitlement in financial sector, including role development and lifecycle management.

We will expand the field study collaboration we started in Phase 0, and deliver a document outlining the key security challenges facing developers and managers in enabling appropriate information access. Based on those results we will develop models for entitlement provisioning and role lifecycle management. Additionally, we will develop a simulation to examine the flow of employees and their information needs in a simplified organization, and test our provisioning model on simulated enterprises. In Phase 2 of this project we will complete our work in the financial sector and begin a pilot investigation in the health care industry, with the objective of comparing the problems, issues, techniques and strategies we examined in the first phase and evaluate their possible effectiveness in healthcare.

Overall, understanding the information flows required by enterprises, and the usability and cost issues that constrain effective information security solutions for those flows, will enable researchers to better craft and evaluate information security technology for all business sectors. Researchers in security, PKI, and authorization lament the gap between lab technology and real-world humans; by working in collaboration with financial and healthcare organizations, we hope to reduce that gap and improve the state of information security technology in enterprise environments. This project will benefit data-centric industries, government regulators, technology innovators, and the general public by exploring current practices, current problems, and developing new theories for better mapping security into a data-oriented organization.

Last Updated: 3/14/13