Organizations today face unprecedented risk from cyberattacks, which can lead to significant financial and reputational loss, inconvenience customers and employees, severely compromise private and proprietary information, cripple the operations of an organization or the economy, and even cause physical harm. All levels of an organization -- especially senior managers both in the private and public sectors -- must be more vigilant than ever before in order to mitigate the risk caused by cyberattacks and data breaches, whether it is a direct attack on an enterprise or the risks brought to it by personal employee devices.
Several evolving technical solutions partially mitigate these risks for organizations. These solutions are continuously adapting as the nature of cyberattacks change over time, and multiple technical solutions are used in parallel to provide “defense in depth.” The role of technology managers, especially those with cybersecurity responsibilities, is to manage the deployment of such technical solutions, countermeasures, policies and procedures to meet the risk objectives of senior management within the limited resources available. Georgia Tech researchers are developing risk management models as the middle layer that deploys the technical solutions available to meet the risk objectives of senior management, with special emphasis on policies, procedures and end-user training in order to create a safer computing environment. In addition, the research focus is also on public policy issues that provide the right incentives to various stakeholders within the ecosystem to minimize risk for participants. Broad research themes for risk management include controls and countermeasures, financial analysis and metrics, and cybersecurity ecosystems.