CISAC - Publications Page

Publications

Filter:

Filter results Close
  • expanded
  • expanded
  • expanded
  • expanded
  • expanded
  • expanded
  • expanded
  • expanded
  • expanded
  • expanded
  • expanded
  • expanded
  • expanded
  • expanded
Elisabeth Paté-Cornell
Books

Perspectives on Complex Global Challenges: Education, Energy, Healthcare, Security, and Resilience

Elisabeth Paté-Cornell, William B. Rouse, Charles M. Vest
Wiley (1st edition) , 2016

This book discusses issues in large-scale systems in the United States and around the world. The authors examine the challenges of education, energy, healthcare, national security, and urban resilience. The book covers challenges in education including America's use of educational funds, standardized testing, and the use of classroom technology.  On the topic of energy, this book examines debates on climate, the current and future developments of the nuclear power industry, the benefits and cost decline of natural gases, and the promise of renewable energy.

Show body
Working Papers

An Empirical Analysis of Cyber Security Incidents at a Large Organization

Marshall Kuypers, Elisabeth Paté-Cornell, Thomas Maillart
2016

Every day, security engineers cope with a flow of cyber security incidents. While most incidents trigger routine reactions, others require orders of magnitude more effort to investigate and resolve. How security operation teams in organizations should tune their response to tame extreme events remains unclear. Analyzing the statistical properties of sixty thousand security events collected over six years at a large organization, we find that the distribution of costs induced by security incidents is in general highly skewed, following a power law tail distribution.

Show body
Working Papers

Department of Energy Cyber Security Incidents

Elisabeth Paté-Cornell, Marshall Kuypers
2016

Despite significant interest in cybersecurity, data on cyber security incidents remains scarce. On April 16, 2015, the US Department of Energy released data on 1,131 cybersecurity incidents through a Freedom of Information Act Request. While only containing the date, location, and type of incident, several interesting insights can be kneaded from the data. In this paper, we analyze the DOE security incident data and perform a statistical analysis on the rate of incidents.

Show body
Working Papers

Documenting Cyber Security Incidents

Marshall Kuypers, Elisabeth Paté-Cornell
2015

Organizations often record cybersecurity incidents to track employee workload, satisfy auditors, fulfil reporting requirements, or to analyze cyber risk. While security incident databases are often neglected, they contain invaluable information that can be leveraged to assess the threats, vulnerabilities, and impacts of cyber attacks, providing a detailed view of cyber risk in an organization. This paper emphasizes what data is useful for a risk assessments and how data should be recorded.

Show body
Commentary

Risk in Cyber Systems

Marshall Kuypers, Elisabeth Paté-Cornell
2015

Currently, significant uncertainty surrounds cyber security investments. Chief Information Security Officers do not have an effective framework to compare investments into various security safeguards, such as encryption technology, data loss prevention (DLP), or two-factor authentication. Further, there are not clear methods to assess the risk reduction associated with security investments, thus leaving organizations prone to purchasing ineffective products from security vendors. 
  

Show body
Policy Briefs

Analysis of Pin and TPM for Microsoft Laptops

Marshall Kuypers, Elisabeth Paté-Cornell
2015

Organizations routinely face risk trade-offs. Broadly modeling a system can act as decision support in the face of significant uncertainty about an organizations threats, vulnerabilities, and defenses. This paper gives an example of a policy brief discussing the security of different security configurations for laptops at a large organization.

Show body
Journal Articles

Analysis of National Strategies to Counter a Country's Nuclear Weapons Program

David Caswell, Ronald A. Howard, Elisabeth Paté-Cornell
Decision Analysis , 2011

Abstract:

Finding the best national strategy to prevent or delay a country from acquiring nuclear weapons continues to be a critical issue for U.S. policy makers. In this paper, we build on previous work to develop a model that addresses this question. This model identifies the strategy that minimizes the disutility of the overall cost of the strategy and the cost of the consequences resulting from the strategy. We illustrate the insights that the model provides with a case study of Iran's nuclear weapons program.


Show body
Working Papers

Bayesian Updating of the Probability of Nuclear Attack

M. Elisabeth Pate-Cornell, Paul S. Fischbeck
CISAC , 1990
Show body