You are here: Research & Publications

Research & Publications


KCGC | In Practice

Lessons from the Uber Hack: The Role of In-house Cybersecurity Counsel

Recent revelations about Uber's failure to disclose a 2016 data breach affecting 57 million drivers and users highlight a number of important governance considerations.

Reality Check - Managing Cybersecurity Risk in the Supply Chain

This installment of KCGC | In Practice discusses insights and recommendations regarding supply chain risk management based on a recent practitioner-scholar seminar.

President Trump's Cybersecurity Executive Order: Cybersecurity Governance Impact and Implications

This installment of KCGC | In Practice highlights the key takeaways and potential implications of the recently issued cybersecurity Executive Order and offers some recommendations for private-sector organizational leaders.

Governance and Insurance - Two Keys to Solving Cyber Risk

This installment of KCGC | In Practice offers actionable recommendations for making responsible and effective choices about when and how to invest in cyber insurance.

Real-World Strategies for Obtaining Senior Leadership Airtime and Buy-In on Cybersecurity

How can CIOs, CISOs and other personnel responsible for managing cybersecurity attract the attention and interest of the Board and get cybersecurity on senior leadership's radar? American University recently hosted a discussion on this issue.


KCGC Fellows Research

Preparing for a Connected World

Written by Gwanhoo Lee and Rebekah Lewis

In chapter 5, the authors suggest promoting a universal framework, such as the US National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity, to achieve increased international standards for cybersecurity. Embracing core components of this framework will allow for more effective and efficient communication and improved research efforts. In addition, the authors point out the importance of relying on market-driven innovation to identify best practices in IoT cybersecurity, allowing governments to focus their efforts on requiring or incentivizing adoption of best practices that are otherwise likely to be resisted.

Cybersecurity Knowledge Networks

Written by Mark A. Clark, J. Alberto Espinosa, and Mariia Butina

Cybersecurity success may depend on the alignment of information system governance goals with cyber knowledge networks - how relevant knowledge is distributed across persons, roles, and units within and across organizations. This paper describes a research program investigating the content of cyber-related knowledge and its distribution, employing concepts and tools from social network theory to analyze knowledge sharing, configural fit, and system success.

Sharing Insider Threat Indicators: Examining the Potential Use of SWIFT's Messaging Platform to Combat Cyber Fraud

Written by Elizabeth Petrie, Director of Cyber Threat Risk Management at Citibank, and Casey Evans, KCGC Faculty Fellow

This paper focuses on identifying the patterns of behavior typically indicative of efforts by criminals to use insiders to cash out on fraudulent activity. The research explores the potential for organizations to use an existing telecommunication platform, such as SWIFT, to communicate cyber fraud threat information by establishing indicators of cashout behavior, which could warn of cyber fraud activity. An example of what this might look like using an MT998 message is included in the paper.

An Intelligence-led Approach to Addressing Cyber Fraud: Proactive Fraud Auditing

Written by Elizabeth Petrie, Director of Strategic Intelligence at Citibank, and Casey Evans, KCGC Faculty Fellow

Traditional network defense approaches have been one dimensional, relying on technology as the gate keeper, however the adversary today is not only advanced and persistent but highly adaptable, constantly learning how to overcome defensive measures. In this paper, Casey Evans and Beth Petrie introduce an intelligence led approach to prepare for and defend against such attacks instead of constantly reacting to them.


KCGC White Papers

Ransomware: Tax Compliance Issues for a New Reality

Written by Donald T. Williamson and A. Blair Staley

This article discusses the basics of ransomware and explores tax planning and reporting issues associated with making ransom payments. The article also addresses the issue of whether ransomware payments constitute nondeductible illegal payments, deductible theft losses, or ordinary and necessary business expenses. It also discusses the tax consequences of such payments being made through a third party and offers suggestions to policy makers regarding the proper tax treatment of such payments.

What to do Before and After a Cybersecurity Breach?

Written by Gurpreet Dhillon, Ph.D

Cybersecurity breaches affect organizations in different ways. Reputational loss and decreased market value have often been cited as significant concerns. Loss of confidential data and compromising competitiveness of a firm can also cause havoc. There is no doubt that preventive mechanisms need to be put in place. However, when an IT security breach does occur, what should be the response strategy?

Cybersecurity Regulation and Private Litigation Involving Corporations and Their Directors and Officers: A Legal Perspective

Written by Perry E. Wallace and Richard J. Schroth, Ph.D

This paper encourages the largest number of corporate boards and individuals in governance roles to step up and devise and implement proper, effective corporate cybersecurity governance strategies.

Cybersecurity Act of 2015 Review: What it Means for Cybersecurity Governance and Enterprise Risk Management

Written by Joseph Panetta and R. Andrew Schroth

This paper specifically focuses on Title I - Cybersecurity Information Sharing and provides an executive overview as it relates to cybersecurity governance and enterprise risk management.

Five Reasons Your Cybersecurity Governance Strategy May Be Flawed And How To Fix It

Written by Peter Iannone and Ayman Omar

This paper examines five key challenges of cybersecurity governance and how to more effectively address them.

How Can Boards Avoid Cybersecurity Pain? A Legal Perspective

Written by Perry E. Wallace, Richard J. Schroth and William Delone

This report presents legal concepts, principles and issues with the intent of identifying best practices to maintain a solid cybersecurity governance strategy.

Contact Us

Kogod Cybersecurity Governance Center (KCGC)
4400 Massachusetts Avenue NW
Washington, DC 20016

Email KCGC