U.Va. Co-hosts “Investing in Cyber Security: Can We Make Better Choices?” Workshop Nov. 5-6

Oct. 23, 2007 — Strategic investments in cyber security can foster business growth, strengthen consumer confidence and increase a company’s competitive advantage. But such decisions — if poorly executed — can be economically devastating to a company. The unpredictable nature of cyber attacks, the lack of supporting data and the large and evolving number of threats further complicate the decision-making process. How much should businesses spend to protect themselves, their clients and their mission-critical data? What is the “right” cyber security investment?

The University of Virginia’s Center for Risk Management of Engineering Systems, the Institute for Information Infrastructure Protection and the Cyber Conflict Studies Association will explore these questions in a two-day workshop on Nov. 5-6 at U.Va.’s Darden School of Business.

Co-chaired by Yacov Y. Haimes and Barry M. Horowitz, distinguished professors in the Department of Systems and Information Engineering at U.Va.’s School of Engineering and Applied Science, the workshop will examine the changing threat environment and also introduce state-of-the art decision-making tools, which provide an analytical framework for security investment.

"An ever-increasing amount of money can be spent on cyber security," says Mitch Rosen, chief technology officer at U.Va.'s Engineering School. "So how does a company or institution rationally decide how much protection and investment is right for them? Professors Haimes and Horowitz, along with their partners, bring a much-needed scientific and quantitative perspective to this key economic question."

Keynote speakers include some of the nation’s leading cyber security experts:

• Richard A. Clarke is chairman of Good Harbor Consulting LLC and former special advisor to President George W. Bush on cyber security. Author of the bestselling memoir, "Against All Enemies," Clarke served as chief counter-terrorism advisor to the U.S. National Security Council and now consults on cyber security for Fortune 500 companies.

• The Honorable George Foresman, former undersecretary for national protection and programs at the Department of Homeland Security, is nationally recognized in the fields of emergency preparedness. He recently served as Virginia Gov. Mark Warner’s homeland security advisor.

• William A. Wulf is a University Professor, AT&T Professor of Computer Science at U.Va.’s Engineering School and, from 1997 to 2007, president of the National Academy of Engineering. He chairs the Computer Science and Telecommunications Board of the National Research Council.

The two days will culminate in a hands-on cyber security investment exercise. Participants will be asked to balance their willingness to accept a specific level of risk against such factors as cost, the likelihood of a cyber attack and other investment options, using their own company as a model.

To register, please visit https://secure41.4dv.net/cyberconflict/virginiaworkshop.asp.
Members of the media are encouraged to attend.

About U.Va.’s Center for Risk Management of Engineering Systems

Founded in 1987, the Center for Risk Management of Engineering Systems develops theory, methodology and technology to assist in the management of risk in a variety of engineering and technology-based systems. Center areas of expertise include collaborative risk modeling and assessment; critical infrastructure protection; business and operations decision making and processes; computer-based systems, including hardware and software performance; and reliability modeling of multiple failure modes in complex systems, among others. For information, visit www.sys.virginia.edu/risk/about.html.

About the Institute for Information Infrastructure Protection

The Institute for Information Infrastructure Protection is a national consortium of leading universities, national laboratories and non-profit institutions dedicated to strengthening the cyber infrastructure of the U.S. Managed by Dartmouth College, the I3P functions as a national forum on cyber security, undertaking research, identifying key R&D topics and seeking solutions through the power of inter-institutional and multi-disciplinary research. For information, visit https://www.thei3p.org/about/ or contact Laurie Burnham at the I3P: .

About The Cyber Conflict Studies Association

The Cyber Conflict Studies Association is a non-profit entity organized to promote and lead a diversified research and intellectual development agenda to advance knowledge in the cyber conflict field. For information, visit www.cyberconflict.org/about.asp.