Skip to main content
Expand AU Menu

KCGC | Cyber Security Research and Publications

cyber security research and publications

The KCGC produces original cyber security research and publications to develop new knowledge on critical issues related to cyber security governance.

KCGC | In Practice

KCGC White Papers


Written by Gurpreet Dhillon, Ph.D

Cybersecurity breaches affect organizations in different ways. Reputational loss and decreased market value have often been cited as significant concerns. Loss of confidential data and compromising competitiveness of a firm can also cause havoc. There is no doubt that preventive mechanisms need to be put in place. However, when an IT security breach does occur, what should be the response strategy?

Download as PDF


Written by Perry E. Wallace and Richard J. Schroth, Ph.D

This paper encourages the largest number of corporate boards and individuals in governance roles to step up and devise and implement proper, effective corporate cybersecurity governance strategies.

Download as PDF

CYBERSECURITY ACT OF 2015 REVIEW: What it Means for Cybersecurity Governance and Enterprise Risk Management

Written by Joseph Panetta and R. Andrew Schroth

This paper specifically focuses on Title I - Cybersecurity Information Sharing and provides an executive overview as it relates to cybersecurity governance and enterprise risk management.

Download as PDF

Five Reasons Your Cybersecurity Governance Strategy May Be Flawed And How To Fix It

Written by Peter Iannone and Ayman Omar

This paper examines five key challenges of cybersecurity governance and how to more effectively address them.

Download as PDF

How Can Boards Avoid Cybersecurity Pain? A Legal Perspective

Written by Perry E. Wallace, Richard J. Schroth and William Delone

This paper examines five key challenges of cybersecurity governance and how to more effectively address them.

Download as PDF




Top Questions Board Members Should Ask Senior Management About Cybersecurity Governance

Cybersecurity Governance: The Next Generation Leadership Opportunity for IT Managers


Cybersecurity Knowledge Networks Research Program

Professors J. Alberto Espinosa and Mark Clark, American University

Professors Espinosa and Clark lead the Cybersecurity Knowledge Networks research program, which assesses the configuration, fit, and effectiveness of knowledge within and across cybersecurity organizations. This research measures critical knowledge held by key stakeholders involved in cyber issues - technical staff, managers, investors, and others to identify gaps, opportunities, and knowledge hubs which can be leveraged for increased collaboration effectiveness, coordination, and performance. This is important because, for example, the degree to which knowledge is shared between executive and technical staff about risk implications of tactical decisions may have substantial impact in business value and risk exposure. To accomplish this, their approach measures specific knowledge content relationships among group members across various dimensions (e.g., content knowledge similarity, team member familiarity, task awareness), then uses network analysis to detect overlap, centrality, clusters, outliers, and potential boundary-spanners. These patterns can then be depicted visually and quantitatively to better understand how knowledge is organized and shared, leading to more effective collective cybersecurity practices.


Managing Cybersecurity in Global Supply Chains: Securing the Weakest Link

Professor Ayman Omar, American University and Peter Iannone, Alsbridge

Lately several major corporations as well as governmental institutions have seen unprecedented cyberattacks from various sources ranging from amateurs, organized crime members, and even nation backed sources. As companies start developing a wide range of plans to protect their data, one of the things that managers still have to address is the cyber security of their entire supply chain. 

Global supply chains are becoming more complex and the need for information sharing across different members is critical for the success of the entire chain. This requires that key supply chain partners protect their data against attacks that may be directed directly at their companies or at the weakest link in their supply chain which could be a global supplier or distributor. The goal of this research is to understand how managers are dealing with cyber security threats in global supply chains and the strategies that are being used to protect vital data, knowledge, and know how.


Resilience to Cyberattacks

Professors Parthiban David and Augustine Duru, American University

Resilience is the ability to withstand shocks. Firms differ in the extent to which they are resilient to cyberattacks. Differences in resilience arise from a variety of safeguards such as Information Technology Investments, Risk Management, and Governance. There are benefits to resilience (as resilient firms are better equipped to cope with cyber shocks), but there are also costs (investments made in resilience come at a cost). What are the factors that make some firms more resilient than others? Do firms with higher resilience have higher financial performance and/or lower financial risk? Does resilience impact the likelihood of encountering a cyberattack? Does resilience mitigate the adverse consequences of a cyberattack?


Antecedents to and Consequences of Cybersecurity Vulnerabilities: A Study of Korean Companies' Data of Information Security Management Systems Certification

Professors Gwanhoo Lee, American University, Seunghyun Kim, Yonsei University, and Dan Kim, University of North Texas

As the society becomes hyper-connected, the risk of cyberattacks significantly increases. In response, the Korean government has introduced the ISMS (Information Security Management System) certification in order to facilitate companies to develop and operate continuous and comprehensive information security management systems above and beyond ad-hoc and limited security management systems. This study conducts an in-depth analysis of security vulnerabilities and defects that Korean companies commonly have based on the ISMS certification assessment data. In addition, it aims to help companies effectively develop their information security management systems by analyzing how organizational factors such as firm size and firm asset size affect information security defects.



Mapping Law in Uncharted Territory

Israel Martinez and Dr. Richard Schroth discuss the role of general counsel in cybersecurity. 

Read the article.


Decoding New Cyber Regs For Midsize Businesses

Israel Martinez and Dr. Richard Schroth take a look at the areas where new laws will impact small and midsize U.S. businesses.

Read the article.


A New Year for Cybersecurity: What to Expect in 2016

Israel Martinez and Dr. Richard Schroth discuss the 10 cyber trends worth watching in 2016.

Read the article.