Information Risk Management
Closely related to our work in information security is risk management – what are the costs associated with increased security measures and how much risk are we willing to tolerate and at what cost? Led by Ramayya Krishnan our research has been supported by IBM and the National Science Foundation which recently gave $5 million to establish a campus-wide center for “security through interaction modeling” (STIM) research.
Does diversification play a role in software?
Using diversification to limit risks is a widely accepted strategy in many fields. But does it make sense for software too?
In software adoption, firms often find it more 
valuable to adopt the software that enjoys the largest market share. By choosing software compatible with other firms, positive network effects result, which bring greater benefits of compatibility and interoperability both inside and outside of the organization. But there is also a pretty dramatic downside: the very homogeneity that makes computing life easier, also makes all users more vulnerable to attacks.
As part of a National Science Foundation grant to explore “security through interaction modeling” (STIM), Carnegie Mellon researchers Ramayya Krishnan, Pei-Yu Chen and Gaurev Kataria are looking at establishing a software diversification-based strategy to achieve greater information security. With the objective of estimating the optimal level of diversity for both an individual firm as well as for society, the team has developed a novel framework that incorporates the benefits and costs of diversity in the software domain.
|
IMPACT: This research addresses such important questions as: would the software portfolio of a firm look considerably different if it took into account both the costs of interoperability as well as security losses on account of homogeneity? What is the optimal amount of diversity to introduce into the software portfolio? |
How can one design business processes that are reliable and produce quality outcomes?
The passage of the Sarbanes Oxley Act has resulted in firms paying considerable attention to their financial reporting systems. Following the Enron Scandal, Congress has made CEOs and CFOs liable for errors in the financial reports submitted by publicly traded firms. This, in turn, has led firms to pay increased attention to the design of their financial reporting business processes taking data quality and error prevention into account. Ramayya Krishnan, Rema Padman and Xue Bai are working with colleagues from IBM Watson Labs on business process analytics and the design of reliable business processes. In a recently published paper, they describe decision support tools to evaluate business process reliability and risk, and prescribe methods to conduct data quality evaluation.
|
IMPACT: This research addresses a policy problem of great importance to a large number of firms. By using more effective decision support tools to facilitate business process design and evaluation, companies can reduce errors in financial reporting. |
