The University of Maryland’s Robert H. School of Business and School of Public Policy co-hosted the ninth annual Forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective, on Jan. 16, 2013.
About 65 academics, economists and IT engineers networked, exchanged ideas and reinforced a foundation for keeping pace with constantly evolving cyber threats.
The daylong forum covered current research into identifying threats and innovating safeguards. The international collection of experts discussed public policy and private sector avenues and pitfalls toward better protecting national security, corporate and personal financial data, and other sensitive information sources.
“While methods and policy actions are debatable, there’s a clear consensus that constant vigilance is essential,” said forum co-organizer Lawrence Gordon, the Smith School’s Ernst and Young Alumni Professor of Managerial Accounting. “The same IT tools and platforms accelerating progress are fueling means and opportunity for criminals. But the timely, lively discussion in this year’s event signals a savvy and urgency to maximize protection.”
Corporations and their lobbyists “have been pushing back against U.S. lawmaker attempts to shift from issuing voluntary guidelines to legislating compliance measures,” said one of the presenters, John Bagby, a lawyer and Penn State University professor of information sciences and technology.
|Co-directors of the Forum on Financial Information Systems and Cybersecurity: A Public Policy, from left, Martin Loeb, William Lucyshyn and Lawrence Gordon|
The recent, massive and prolonged cyber-attacks against a group of major Western banks – allegedly perpetrated by the Iranian government – underscores the U.S. government’s urgency. However, “businesses are balancing the direct immediate costs of investing in IT security systems against benefits that are remote and uncertain. Plus, increasingly integrated IT security portfolios are legally costly to navigate,” Bagby said.
Answers to such conflict are looming, said Gordon, who with Smith Professor of Accounting and Information Assurance Martin Loeb, a Deloitte and Touche LLP Faculty Fellow, developed the industry-renowned Gordon-Loeb Model for investing in cost-effective cybersecurity systems. The pair, with William Lucyshyn, director of research and senior research scholar at the Center of Public Policy and Private Enterprise in UMD's School of Public Policy, recently received a $666,000 Homeland Security research grant for bolstering the nation’s critical information infrastructure.
As a trio, they collaborated in organizing the slate of forum topics that included:
- Information risk in global insurance firms
- Your users are ready for ‘bring your own device,’ But are you?
- Data mining and experiential economics
- Cybersecurity: a submariner’s (military) perspective
- Technological innovation and cybersecurity: The new paradigm for financial institutions
- Data sharing for cybersecurity research
- Blurring the lines: A paradigm shift in cybersecurity authority and responsibility
- The challenge within: Organizational policies and the dilemmas of inside risk
The “inside risk” presentation, by Maryland State Retirement Agency Chief Information Systems Officer Ira Greenstein, was designated as the Ira Shapiro Lecture commemorating Shapiro, a Smith accounting alumnus and an executive for Coopers & Lybrand, now part of PricewaterhouseCoopers.
Greg Muraski, Office of Marketing Communications