Visible to the public EAGER: Quantifying Information Security Risks in Complex Systems at the Interface of Users, Policies, and TechnologiesConflict Detection Enabled

Project Details


Performance Period

Sep 15, 2009 - Aug 31, 2012


Stevens Institute of Technology

Award Number

Outcomes Report URL

This proposal represents an opportunity to seed a highly innovative interdisciplinary research project that has the potential for significant practical and theoretical impact for the management of information security ? an area which is receiving more and more public attention. During the past decade, research in information security has expanded from a purely technical focus to a more general technology-economic focus. Despite its expansion, a multidisciplinary approach to understand and theoretically explain the interaction of security and economy within complex systems of partners is still missing. The principle objective of this proposed research is to develop an innovative interdisciplinary information security framework in collaboration with a healthcare system to optimize and substantially advance both its system information security and system productivity. For example, consider a hospital that exchanges data records of patients with governmental data bases that ? on the other hand ? are accessed by insurance companies. Furthermore, hospitals directly exchange information with these insurance companies. This may allow an insurance company to combine and deduce information from different data sources that could pose a security threat which is not addressed by traditional security considerations. From a security economics perspective, the impact of information exchange between partners on their productivity has to be considered to understand the conditions under which partners will obey or violate information security policies. The proposed project provides the potential for high impact in substantially advancing research in information security as well as in management science. Although the project will address systems information security within the health care industry, its outcomes are expected to be applicable in other industries, e.g., defense. The cross-disciplinary nature of the proposed project is also expected to identify opportunities for interdisciplinary education.