A Holistic Approach to Cybersecurity Risk Management

No country, company, or private individual can fully utilize the benefits of information technology while protecting all of their own data, communications, or computer networks from every potential cyber threat, regardless of how much time and money they invest in protective systems. Each entity must set priorities, balance tradeoffs, and make choices about cyber protection, knowing that their choices will affect others and that others’ choices will affect them, too. Minimizing the most serious forms of cyber attack, espionage, and crime without hindering beneficial uses of information technology requires skillful multi-stakeholder governance. This project includes a set of research, education, and outreach activities to facilitate that process. 

Full project description
Jan 11, 2019 | Charles Harry

As Americans increasingly buy and install smart devices in their homes, all those cheap interconnected devices create new security problems for individuals and society as a whole. The problem is compounded by businesses radically expanding the number of sensors and...

Dec 17, 2018 | Nancy Gallagher, Charles Harry

An earlier version of this paper was published as a CISSM Working Paper.


Immature classification methods for cyber events prevent technical staff, organisational leaders, and policy makers from engaging in meaningful and nuanced conversations about the threats...

Mar 31, 2018 | Nancy Gallagher, Theresa Hitchens

As use of the Internet has become critical to global economic development and international security, there is near-unanimous agreement on the need for more international cooperation to increase stability and security in cyberspace. Several multilateral initiatives over the last five...

Feb 28, 2018 | Nancy Gallagher, Charles Harry

Publicity surrounding the threat of cyber-attacks continues to grow, yet immature classification methods for these events prevent technical staff, organizational leaders, and policy makers from engaging in meaningful and nuanced conversations about the risk to their organizations or critical infrastructure....