Academic disciplines tend to evolve. After some 45 years of university teaching, William DeLone has obviously witnessed a lot of changes in his field of information systems management. Since we're now seeing seismic shifts in how we protect knowledge and information, DeLone has delved into cybersecurity. And American University is moving along with him, devoting resources to this vital field through the new Kogod Cybersecurity Governance Center.
This is not just the latest iteration of a subject, but a critical matter of private and public sector security. "If you're going to pursue—as we say in the AU Strategic Plan—the great issues and ideas of our day, clearly this is one of the great issues," says DeLone, a co-executive director of the Kogod Cybersecurity Governance Center and a Kogod School of Business professor.
His research is relevant for several AU 2030 areas, including big data, global economic and financial governance, and Internet governance.
Few Resources, Early Discoveries
After DeLone received his master's degree in industrial administration from Carnegie Mellon University in 1970, he took a faculty position at the University of the Virgin Islands. He soon realized that local officials didn't even own computers. His expertise was now in demand, and he taught one of the first programming courses in the territory.
At the time, information systems research focused on heavyweight companies like GE, and he wondered how the subject applied to the small businesses prevalent in the Virgin Islands. "I became aware of the challenges that were being faced by small businesses with limited resources," he recalls. "I wanted to understand why some small businesses could use computing effectively, and others were dismal failures." He then earned his Ph.D. at University of California, Los Angeles, and his thesis revolved around this same issue.
Going Deeper at AU
After UCLA, he spent four more years in the Virgin Islands before taking a faculty position at AU. And he began to look more deeply at what, exactly, defines success. It's a question companies still ask, as they implement new technologies but are unsure whether they're getting their money's worth. "I realized that we didn't have any good answers," he says. In the 1980s, computers were becoming ubiquitous, so more and more businesses were searching for solutions.
In 1992, he co-published "Information Systems Success: The Quest for the Dependent Variable." Over a 15-year period, it was the most cited article in his field. "We were able to create a framework, which basically had six categories of success with metrics on each category. And apparently we hit a need that almost all information systems researchers had," he explains.
With the proliferation of high-speed Internet services, there's a presumption that small businesses can do a lot more with limited funds. As in, "Look, you can start your own company with one laptop!" While this undoubtedly occurs, DeLone says it's not all smooth sailing for small- and mid-sized companies. "We've leveled the playing field a lot," he says. "Where the challenge might be is the ability to keep up with the fast pace of technology, and absorb it and make use of it. And I think that's still where small businesses will have the disadvantage."
Cybersecurity threats present a whole new array of concerns. Traditionally, the emphasis has been on harnessing technology for a system that turns a profit. Nowadays, companies actually have to play defense, and large corporations and governments are particularly vulnerable. Cyberwarfare could replace the disgruntled lone cyber-gunman. "The game has changed dramatically. Three years ago, we worried about individual hackers trying to make a name for themselves," he says. "Now we're looking at highly-sophisticated, well-funded entities, supported by foreign governments, terrorists, or criminal syndicates."
In dealing with those threats, it's not just about technology, but how humans respond. "In most of the highly-publicized breaches, it seems like there's a management team that doesn't know what to do. They look like they're just completely caught off guard. They can't describe the extent of the problem, and what they're doing about it," he observes.
DeLone says breaches are inevitable, so management has to ponder the proper response and recovery mechanisms. One Kogod Cybersecurity Governance Center goal will be to help governments and businesses assess what knowledge needs to be protected. In the digital age, he says, quite a lot of company and government information would be deemed "valuable."
A Life, and Campus, Transformed
DeLone was born on Long Island, but moved to the Philadelphia area in the third grade. He grew up in Narberth and got his undergraduate mathematics degree from Villanova University.
These days, his main sideline interest is traveling. As he cemented his strong academic reputation, he's been able to explore different parts of the world. He has been an honorary professor of information systems at the National University of Ireland, Galway, and this summer he was a visiting faculty member at Ca' Foscari University in Venice, Italy.
Having taught at AU since 1986, he's been impressed with the school's transformation. And he's watched student and faculty quality continue to improve. "I love the ride because, to me, it's been a straight line forward."