A Holistic Approach to Cybersecurity Risk Management

No country, company, or private individual can fully utilize the benefits of information technology while protecting all of their own data, communications, or computer networks from every potential cyber threat, regardless of how much time and money they invest in protective systems. Each entity must set priorities, balance tradeoffs, and make choices about cyber protection, knowing that their choices will affect others and that others’ choices will affect them, too. Minimizing the most serious forms of cyber attack, espionage, and crime without hindering beneficial uses of information technology requires skillful multi-stakeholder governance. This project includes a set of research, education, and outreach activities to facilitate that process. 

Full project description
Mar 31, 2018 | Nancy Gallagher, Theresa Hitchens

As use of the Internet has become critical to global economic development and international security, there is near-unanimous agreement on the need for more international cooperation to increase stability and security in cyberspace. Several multilateral initiatives over the last five...

Feb 28, 2018 | Nancy Gallagher, Charles Harry

Publicity surrounding the threat of cyber-attacks continues to grow, yet immature classification methods for these events prevent technical staff, organizational leaders, and policy makers from engaging in meaningful and nuanced conversations about the risk to their organizations or critical infrastructure....

Oct 20, 2017 | Nilsu Goren, Theresa Hitchens

Cybersecurity transcends national boundaries in many ways: The internet’s technical infrastructure is global in scope; threat actors based in one country can disguise their identities by taking control of computers in other countries; global businesses sell software, hardware, and security...

Aug 10, 2017 | Charles Harry

The Mirai botnet attack on the DYN network in October 2016 highlighted to many policymakers the potential problems associated with IoT devices. The compromise and concerted use of thousands of webcams and DVRs to disrupt key Internet services focused attention...