Skip to main content



Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Events

 ISTS logo

Securing the e-Campus 2017 - Exact time and dates TBD

Recent Talks

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan




Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George


Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

RIOTS logo 

Professor Sean Smith, Director of the ISTS and Bill Nisen, Associate Director, spoke at the

School House residential cluster on the Internet of Risky Things  - February 21, 2017, 5:30 PM

Craig Smith




You Don't Own Your Car
Craig Smith
Tuesday May 10, 2016 
Carson L02 @4:15

David Safford


Hardware Based Security for GE's Industrial Control Systems
David Safford
GE Global Research
Tuesday May 17, 2016
Carson L02 @4:15



"It's Fine," They Said. "Just Ship It," They Said.
Dan Tentler
The Phobos Group
Tuesday April 12, 2016 
Carson L02 @4:15

Harold Thimbleby




The Best Way to Improve Healthcare is to Improve Computers
Harold Thimbleby
Swansea University
April 23, 2015

Craig Shue




Managing User-Level Compromises in Enterprise Network
Craig Shue
Worcester Polytechnic Institute
March 31, 2015



Oct news 2015


ISTS Information Pamphlet



Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA

Information Risk in Data-Oriented Enterprises (IRIDOE)

Project Summary

Many modern industries share and operate on information. As with the rest of society, these industries are moving their operations into electronic settings. In some fields (such as the financial sector), operating on data electronically offers a vital competitive edge; in other fields (such as in health care), operating on data electronically can be a very desirable cost-cutting measure. In both cases, firms are faced with the challenge of channeling the right information to employees, while ensuring that these information systems don't provide data entitlements that inappropriately enable misuse or violate customer privacy. At the same time, these industries are facing increased pressure from American and international governments to comply with new regulations regarding shared data-regulations that are well intentioned, but that perhaps do not fulfill the purpose their writers intended.

This situation creates a volatile mix of problems. Businesses seek to embed their information processes into technological systems, yet many problems cannot be solved using current technologies. Some enterprises (including many in the financial sector) are forced to build custom applications to meet their business goals. Enterprises also need to make rational business and technical decisions that balance information security risk with the cost of risk countermeasures, yet evaluating this risk and estimating that cost is in itself a hard problem.

This situation also offers exciting opportunities for research and education. Dartmouth has expertise that is highly relevant in this space: the PKI/Trust Lab in the Computer Science Department does cutting-edge research in the development of technology that effectively embodies real-world trust patterns, and the Center for Digital Strategies at Tuck is a thought leader in business-technology interaction.

This interdisciplinary project will thus examine both the underlying organizational and business causes, as well as the business costs, of risky information security practices in enterprises. Building on insights gained in Phase 0 (currently in progress under the name IRIPS and funded outside of this proposal), Phase 1 of this project will focus on employee entitlement in financial sector, including role development and lifecycle management.

We will expand the field study collaboration we started in Phase 0, and deliver a document outlining the key security challenges facing developers and managers in enabling appropriate information access. Based on those results we will develop models for entitlement provisioning and role lifecycle management. Additionally, we will develop a simulation to examine the flow of employees and their information needs in a simplified organization, and test our provisioning model on simulated enterprises. In Phase 2 of this project we will complete our work in the financial sector and begin a pilot investigation in the health care industry, with the objective of comparing the problems, issues, techniques and strategies we examined in the first phase and evaluate their possible effectiveness in healthcare.

Overall, understanding the information flows required by enterprises, and the usability and cost issues that constrain effective information security solutions for those flows, will enable researchers to better craft and evaluate information security technology for all business sectors. Researchers in security, PKI, and authorization lament the gap between lab technology and real-world humans; by working in collaboration with financial and healthcare organizations, we hope to reduce that gap and improve the state of information security technology in enterprise environments. This project will benefit data-centric industries, government regulators, technology innovators, and the general public by exploring current practices, current problems, and developing new theories for better mapping security into a data-oriented organization.

Last Updated: 3/14/13