Smith School Holds Seventh Annual Cybersecurity Forum
questions peppered the presentations at the 7th Annual Forum on Financial
Information Systems and Cybersecurity at the University of Maryland’s Robert H.
Smith School of Business on January 19, 2011.
The forum gave academic researchers from around the world, industry
professionals and government officials the chance to share their perspectives on
the economic, technological and policy issues related to cybersecurity.
Attendees came from Spain, France, Canada, and Japan, as well as across the
United States. Throughout the day, expert presentations explored cybersecurity
issues that affect both public policy and the day-to-day decision-making in
Sasha Romanosky, doctoral student at Carnegie Mellon University, examined the
relationships between data breaches and lawsuits and found that industry matters
when breaches happen. Businesses and banks are much more likely to be sued than
hospitals or government agencies, he found, and individuals were more likely to
sue if the breach seemed to be caused by company carelessness rather than fraud.
Studying data breach disclosure laws, and their resulting lawsuits, has
become important in recent years because the threat of lawsuits are often cited
a key driver for firms to improve their security practices. But most companies
fear damage to their brand reputation even more than they fear lawsuits, said
presenters Brian Geffert and Mike Gelles, both consultants with Deloitte.
Geffert and Gelles discussed how to identify threats from insiders within the
organization and recommended that both technology and HR solutions be applied to
prevent such threats. Many companies guard against insider threats related to
fraud or sabotage, but most companies need to be more aware of the dangers
presented by those with legitimate access.
SAP doesn’t give your boss the report in the format he wants,” said Geffert. “So
you copy the sensitive data into Excel to create a report, and all the money the
company spent on data security goes out the window. I’m not concerned about
hackers—I’m concerned about the access you give your employees.” Wikileaks
provided a recent high-profile example of the dangers presented by legitimate
access, as a Marine was able to download sensitive Department of State documents
to the Wikileaks site. (A later presenter, Rebecca Mercuri, a cyber forensics
expert who is CEO of Notable Software, Inc., pointed out that the incident was
made possible by the post-9/11 push to get federal agencies to share information
amongst themselves, which made the information vulnerable to many more potential
Samuel Visner, vice president and lead executive for cybersecurity for CSC,
discussed gaps in U.S. cybersecurity policies and the need for a “global
cybersecurity environment,” with a policy architecture that supports the
national interest in cyberspace and is part of a broader global effort. He
described the current policy framework as “reactive” and said the federal
government’s Comprehensive National Cybersecurity Initiative doesn’t go far
enough, focusing mainly on financial networks and cybercrime.
The forum, which was started by Larry Gordon, Ernst & Young Alumni Professor
of Managerial Accounting, Martin Loeb, professor of accounting and information
assurance and Deloitte & Touche LLP Faculty Fellow, and William Lucyshyn,
director of research and senior research scholar at the University of Maryland
School of Public Policy, encourages the kind of rich interchange of ideas that
can only occur when people from many academic backgrounds and industries gather.
The Smith School’s cybersecurity research is part of a wider university focus on
cybersecurity issues, highlighted by the recent launch of the Maryland
Cybersecurity Center. The center brings together experts from engineering and
computer science with colleagues from across campus in fields such as economics,
social sciences and public policy to help establish broad-based cybersecurity
“The university is really on the move on cybersecurity because it is such an
important issue, and we’re delighted to be part of that effort,” said Vice Dean
Hugh Courtney. He went on to say of the forum: “This is the right time, the
right place and the right people to address these issues.”