EAGER: Quantifying Information Security Risks in Complex Systems at the Interface of Users, Policies, and Technologies

EAGER：在用户、策略和技术界面量化复杂系统中的信息安全风险

• 批准号: 0959167
• 负责人: Susanne Wetzel
• 金额: $ 14.4万
• 依托单位: Stevens Institute of Technology
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-15 至 2012-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0959167&HistoricalAwards=false
• 关键词: EAGER; Quantifying; Information; Security; Risks

This proposal represents an opportunity to seed a highly innovative interdisciplinary research project that has the potential for significant practical and theoretical impact for the management of information security ? an area which is receiving more and more public attention. During the past decade, research in information security has expanded from a purely technical focus to a more general technology-economic focus. Despite its expansion, a multidisciplinary approach to understand and theoretically explain the interaction of security and economy within complex systems of partners is still missing. The principle objective of this proposed research is to develop an innovative interdisciplinary information security framework in collaboration with a healthcare system to optimize and substantially advance both its system information security and system productivity. For example, consider a hospital that exchanges data records of patients with governmental data bases that ? on the other hand ? are accessed by insurance companies. Furthermore, hospitals directly exchange information with these insurance companies. This may allow an insurance company to combine and deduce information from different data sources that could pose a security threat which is not addressed by traditional security considerations. From a security economics perspective, the impact of information exchange between partners on their productivity has to be considered to understand the conditions under which partners will obey or violate information security policies. The proposed project provides the potential for high impact in substantially advancing research in information security as well as in management science. Although the project will address systems information security within the health care industry, its outcomes are expected to be applicable in other industries, e.g., defense. The cross-disciplinary nature of the proposed project is also expected to identify opportunities for interdisciplinary education.

这一建议代表了一个机会，种子一个高度创新的跨学科研究项目，具有重大的实际和理论影响的信息安全管理的潜力？这是一个越来越受到公众关注的领域。在过去的十年中，信息安全的研究已经从纯粹的技术重点扩展到更广泛的技术经济重点。尽管它的扩展，一个多学科的方法来理解和理论上解释的安全和经济的相互作用的复杂系统的合作伙伴仍然缺乏。 这项研究的主要目标是开发一个创新的跨学科的信息安全框架，与医疗保健系统合作，以优化和大幅提高其系统信息安全和系统生产力。例如，考虑一家医院与政府数据库交换患者的数据记录，另一方面呢都是保险公司的此外，医院直接与这些保险公司交换信息。这可以允许保险公司联合收割机并从不同的数据源推断出可能构成传统安全考虑所不能解决的安全威胁的信息。从安全经济学的角度来看，合作伙伴之间的信息交换对他们的生产力的影响，必须考虑了解合作伙伴将遵守或违反信息安全政策的条件。拟议的项目提供了极大地推进信息安全以及管理科学研究的高影响力的潜力。虽然该项目将解决医疗保健行业内的系统信息安全问题，但其成果预计将适用于其他行业，例如，防御拟议项目的跨学科性质预计也将确定跨学科教育的机会。