Firms in a supply chain share information assets among them, and make use of inter-firm network connections to enable quick information sharing. Both of these approaches have significant implications when a security breach occurs. One, the interconnections may become conduits for security breach propagation. Two, shared information assets now become vulnerable at the owner as well as at the par...

We introduce a novel framework for computing optimal randomized security policies in networked domains which extends previous approaches in several ways. First, we extend previous linear programming techniques for Stackelberg security games to incorporate benefits and costs of arbitrary security configurations on individual assets. Second, we offer a principled model of failure cascades that al...

The present paper introduces a comprehensive Transportation Security Risk Assessment Framework for assessing related risks and provides cohered contingency management procedures in interconnected, interdependent and heterogeneous transport networks. The proposed approach includes elements, methodological tools and approaches found in the literature, in addition to operational experience from th...

Infrastructure challenges continue to drive considerable public policy debate. The nation’s economy relies very heavily on the combined provision of three critical infrastructures: energy, banking and finance, and information technology (IT). These three critical infrastructures are interconnected, interdependent and cross-cutting essential services to the whole economy. Indeed, the “incapacity...

Service Providers using Service Oriented Architecture in order to deliver in-house services as well as on-demand and cloud services have to deal with two interdependent challenges: (1) to achieve, maintain and prove compliance with security requirements stemming from internal needs, 3rd party demands and international regulations and (2) to manage requirements, policies and security configurati...

The World Trade Center terrorist attacks of September 11 th have stimulated us to think about the challenges organizations face in dealing with low-probability events that have catastrophic consequences. More specifically, there are certain bad events that can only occur once. Death is the clearest example: an individual's death is irreversible and unrepeatable. With respect to firm behavior, b...

As organizations increasingly deploy Inter-organizational Information Systems (IOS), the interdependent security risk they add is a problem affecting market efficiency. Connected organizations become part of entire networks, and are subject to threats from the entire network; but members’ security profile information is private, members lack incentives to minimize impact on peers and are not ac...