Research on Security and Risk

Emerging security and risk: While most research focuses on maximizing the potential positive impact of technologies, my security and risk research focuses on understanding, minimizing and balancing negative effects.

Some current and recent projects are:

    Paths to Compromise:
    (with Saby Mitra) This project combines a detailed qualitative study of the information security compromise process with large-scale empirical analysis of intrusion detection system logs. A report on this research appeared in Information Systems Research, vol. 20, no. 1, pp. 121–139, 2009. (runner-up for ISR Best Published Paper in 2009). Download
    Market Mechanisms and Vulnerability Disclosure Policy:
    (with Saby Mitra and Jon Ramsey) Recent, vulnerability markets have been introduced to reward security researchers for discovery of vulnerabilities. We examine the effect of these markets on the diffusion of exploits. An early version of this report is available from the ICIS 2008 proceedings Download. A complete version is forthcoming at MIS Quarterly. Download
    Metagraph based tools:
    (with Saby Mitra) With ever-increasing interconnectedness of heterogeneous systems across organizations, it is difficult to assess the resultant security risks. We extend existing tools by introducing node attributed metagraphs and develop operators which take advantage of these attributes to provide security management metrics. A conference version of this paper is available from SSRN
    Banking industry attacks:
    (with Saby Mitra) We combine bank specific information from the FDIC with two-years of alert data (400 million alerts) from intrusion detection systems to understand antecedents of security risk. [Contact me for a working paper.]
    Healthcare litigation risk:
    (with Eric Overby) Implementations of computerized practitioner order entry systems within hospitals are desirable because they may reduce error. However, they also may increase risk to healthcare as they can provide a “smoking gun” if errors occur. We combine system adoption information and medical malpractice claim records to create a detailed panel which examines the positive and negative impacts of order entry system adoption. [Contact me for a working paper.]
    Open Source software and Vulnerability Exploitation:
    Open Source software is often thought to be more secure because of the large number of potential code reviewers and testers. However, this same openness may work again open source software when vulnerabilities are announced and potential attackers can view the code. I examine the effect of open source versus closed source on the diffusion of exploits from vulnerabilities. [Contact me for a working paper.]


At This Education Nonprofit, A Is for Analytics At This Education Nonprofit, A Is for Analytics

Christopher House is a Chicago-based education nonprofit that prepares children and families from low-income households for success in life, in school and the workplace. Over the last 10 years, says CEO Lori Baas, the organization has focused on high-quality infant school, pre-school, early childhood education, elementary school, afterschool, and parent school programs, college and career readiness, and a commitment to using data at every step in every program along that continuum of education. In 2013, Christopher House opened an elementary school to expand the continuum of learning. Christopher House has an agency-wide database system to track student outcomes — data that’s used to assess programs and make program improvements.

See the full article.
The New Data Republic: Not Quite a Democracy The New Data Republic: Not Quite a Democracy

There are clear signs that the movement to democratize data is making real progress. Barriers such as infrastructure, culture, tools, and governance that once kept data access limited are quickly eroding. But access to data isn’t enough: Data democratization also requires knowing how to work with data and understand data analysis tools and techniques. Without these capabilities, the data democracy is only an illusion — and most people are still unable to participate fully.

See the full article.
Commentary: ‘No Pain, No Gain’ in the Transition to Data-Driven Health Care Commentary: ‘No Pain, No Gain’ in the Transition to Data-Driven Health Care

My commentary on the "When Health Care Gets a Healthy Dose of Data" case study.

See the full article.
On the Care and Feeding of Your Analytics Talent On the Care and Feeding of Your Analytics Talent

A panel of experts discusses the challenges of finding, engaging and organizing data scientists for best results. They talk about how to support your data scientists and keep them engaged in the right kinds of tasks and how to integrate new talent into your existing data and analytics team. They also talk about the skills and traits to look for when recruiting and selecting your data/analytics team, and how to assess existing internal talent for data roles.

See the full article.
Participant Questions from the Recent Data & Analytics Webinar Participant Questions from the Recent Data & Analytics Webinar

On May 7, 2015, we held a free, live webinar to share the findings and insights from the latest MIT Sloan Management Review Data and Analytics Big Idea Initiative research report, “The Talent Dividend.” The report presents our findings on the role of analytics talent in creating competitive advantage. At the end of the webinar, many participants asked questions. Unfortunately, we didn’t have time to answer them all during the webinar itself. So instead, we’ll answer some of the questions this month, and some next month.

See the full article.
Coca-Cola’s Unique Challenge: Turning 250 Datasets Into One Coca-Cola’s Unique Challenge: Turning 250 Datasets Into One

At The Coca-Cola Company, one of the big challenges is how to understand customers who are a long pipeline away in the inherently intermediated world of hundreds of Coke bottlers. That means moving toward newer technologies to do more forward-looking analytics versus backward-looking analytics, says the company’s Remco Brouwer and Mathew Chacko.

See the full article.
The Analytics Talent Dividend The Analytics Talent Dividend

In May 2015, co-authors Sam Ransbotham, David Kiron and Pamela Kirk Prentice presented the findings from the recent global sustainability study, “The Talent Dividend.” The study found that the integration of analytics talent into the organization is key to analytics success. The webinar speakers discuss the components of a human resources plan for analytics talent, and give guidance on how to implement that plan in your organization.

See the full article.
The Talent Dividend The Talent Dividend

The 2015 Data & Analytics Report by MIT Sloan Management Review and SAS finds that talent management is critical to realizing analytics benefits. This fifth annual survey of business executives, managers and analytics professionals from organizations located around the world captured insights from 2,719 respondents. It finds that organizations achieving the greatest benefits from analytics are also much more likely to have a plan for building their talent bench.

See the full article.
Once You Align the Analytical Stars, What’s Next? Once You Align the Analytical Stars, What’s Next?

You’ve figured out how to get the data, and how to make sure it’s good quality. You’ve hired the right people to put your data through the analytics wringer. Now you’ve got the results in your hands &mdash and you may not be sure what to do next. Consuming analytics effectively — and getting business value out of your analytics — is a challenge for many companies, and executives must get creative to increase their comfort level.

See the full article.
Minding the Analytics Gap Minding the Analytics Gap

While analytical skills are improving among managers, the increasing sophistication of analyses is outpacing the development of those skills. The resulting gap creates a need for managers to become comfortable applying analytical results they do not fully understand. A 2014 survey by MIT Sloan Management Review, in partnership with SAS Institute Inc., highlights the ways that companies can address this problem by focusing on both the production and consumption sides of analytics.

See the full article.




Internet of Things Webinar for MIT Sloan Management Review


Workshop for ISR special issue on Ubiquitous IT and Digital Vulnerabilities


Research presentation on corporate innovation contests at the SIM APC meeting


Business analytics executive education for Bank of America at Georgia Tech


Research presentation at the University of Minnesota


Industry-Academia Talk on Digital Transformation at the University of Minnesota



Analytics presentation for Mass Big Data Advisory Committee


Reserch presentation on innovation contests at MIT Initiative on the Digital Economy


Business analytics executive education for Bank of America at Georgia Tech


Mobile marketing presentation at UConn Global Marketing Colloquium


Business analytics executive education for General Electric at Georgia Tech


Security research presentation for Temple University


Panelist for the Digital Analytics Association


Security research presentation for Northwestern University


Security analytics presentation at the HIMSS Privacy & Security Forum


Business analytics executive education for Sylvania


Education - This is a contributing Drupal Theme
Design by WeebPal.