News at Smith

NEWS RELEASE: October 14, 2009 Gordon Prize in Managing Cybersecurity Resources Awarded

About the University of Maryland's Robert H. Smith School of Business

The Robert H. Smith School of Business is an internationally recognized leader in management education and research. One of 12 colleges and schools at the University of Maryland, College Park, the Smith School offers undergraduate, full-time and part-time MBA, executive MBA, online MBA, specialty master's, PhD and executive education programs, as well as outreach services to the corporate community. The school offers its degree, custom and certification programs in learning locations in North America and Asia.

Oct 14, 2009
Entrepreneurial Spirit



Rainer Böhme, of the Institute of Systems Architecture at Technische Universität Dresden in Germany


Tyler Moore, of the Center for Research on Computation and Society at 
Harvard University 

College Park, Md. – October 14, 2009 — The University of Maryland’s Robert H. Smith School of Business today announced the recipients of the first Gordon Prize in Managing Cybersecurity Resources, an essay contest that had competitors offering innovative solutions for how to allocate resources to protect personal and sensitive data on computers and online. Rainer Böhme, of the Institute of Systems Architecture at Technische Universität Dresden in Germany, and Tyler Moore, of the Center for Research on Computation and Society at Harvard University, won for their essay titled “The Iterated Weakest Link.” The competition and prize is named for pioneering cybersecurity expert Lawrence A. Gordon, the Smith School’s Ernst & Young Alumni Professor of Managerial Accounting and Information Assurance.

“The entries we received represented excellent insight on the how individuals, organizations and government can effectively manage cybersecurity resources,” said Gordon. “It’s so important to continually reassess the most effective investments to guard against cyber threats and vulnerabilities because the interconnectedness of technology means that any attack could cripple an organization. The winning essay analyzes an innovative wait-and-see approach on when and how to invest in information security.”

In their winning essay, Böhme and Moore say that by waiting for hackers to strike the weakest link in an information system, the company ends up investing in the most needed area, and hence achieves a higher overall return on their information security investments. The team hatched the idea behind their winning essay on a bus ride from Dartmouth to Boston in the summer of 2008.

Böhme received a PhD in computer science from Technische Universität Dresden and is currently a post-doctoral researcher at the International Computer Science Institute, Berkeley. His research interests include economics of privacy and information security, steganography and steganalysis, multimedia forensics, and privacy-enhancing technologies.

Moore received a PhD in computer science from the University of Cambridge, St John's College and is currently a postdoctoral research fellow at the Center for Research on Computation and Society (CRCS) at Harvard University. His research at CRCS focuses on the economics of information security, the study of electronic crime and the development of policy for strengthening security. Additional research interests include decentralized network security, critical infrastructure protection, and digital forensics.

The Gordon Prize is offered yearly and the competition is open to students, faculty, and information security professionals in both the public and private sector. Essays are evaluated on their ability to provide and describe a clear, innovative solution to the problem associated with managing cybersecurity resources.

Gordon is committed to raising awareness of the issue of cybersecurity and its importance to business and government leaders. In 2003 he and two other colleagues at the University of Maryland instituted the Smith School’s annual Cybersecurity Forum, now in its sixth year, to bring together the rich interchange of ideas that can only occur when people from many academic backgrounds and industries gather. He sees the Gordon Prize as another way of encouraging practitioners and theoreticians alike to approach the problem of cybersecurity in a multi-disciplinary way.