Search results

The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises.

This paper is the first phase in a planned multiphase project to better understand current practices in security optimization efforts being implemented by commercial organizations exploring means and methods to operate securely while reducing operating costs. The research questions being examined are: What are the general levels of interest in cybersecurity and corporate security convergence? How well do the perspectives on convergence align between organizations? To what extent are organizations pursuing convergence? and How are organizations achieving the anticipated outcomes from convergence?

In organizations, the evolution to a more optimized security structure, either merged or partnered, was traditionally due to unplanned or unforeseen events; e.g. a spin-off/acquisition, new security leadership or a negative security incident was the initiator. This is in contrast to a proactive management decision or formal plan to change or enhance the security structure for reasons that include reducing costs of operations and/or improving outcomes to reduce operational risks. The dominant exception was in response to regulatory requirements. Preliminary findings suggest that outcomes from converged organizations are not necessarily more optimized in situations that are organizationally merged under a single leader. Optimization may ultimately depend on the strength of relationships and openness to collaboration between management, cybersecurity and corporate security personnel.

This report and the number of respondents to its survey do not support generalizable findings. There are too few in each category to make reliable predictions and in analysis, there was an insufficient quantity of responses in most categories to allow supportable conclusions to be drawn.

Practitioners may find useful contextual clues to their needs for convergence or in response to directives for convergence from this report on what is found in some other organizations.

Improved effectiveness and/or reduced costs for organizational cybersecurity would be a useful social outcome as organizations become more efficient in the face of increasing levels of cyber security threats.

Convergence as a concept has been around for some time now in both the practice and research communities. It was initially promoted formally by ASIS International and ISACA in 2005. Yet there is no universally agreed-upon definition for the term or the practices undertaken to achieve it. In addition, the business drivers and practices undertaken to achieve it are still not fully understood. If convergence or optimization of converged operations offers a superior operational construct compared to other structures, it is incumbent to discover if there are measurable benefits. This research hopes to define the concept of security collaboration optimization more fully. The eventual goal is to develop and promote a tool useful for organizations to measure where they are on such a continuum.

An action is utilitarian when it is both useful and practical. This paper aims to examine a number of traditional information security management practices to ascertain their utility. That analysis is performed according to the particular set of challenges and requirements experienced by very large organizations. Examples of such organizations include multinational corporations, the governments of large nations and global investment banks.

The author performs a gap analysis of a number of security management practices. The examination is focused on the question of whether these practices are both useful and practical when used within very large organizations.

The author identifies a number of information security management practices that are considered to be “best practice” in the general case but that are suboptimal at the margin represented by very large organizations. A number of alternative management practices are proposed that compensate for the identified weaknesses.

Quoting from the conclusion of the paper: We have seen in our analysis within this paper that some best practices can experience what economists refer to as diminishing marginal utility. As the target organization drifts from the typical use-case the amount of value-added declines and can potentially enter negative territory. We have also examined the degree of innovation in the practice of security management and the extent to which the literature can support practical, real-world activities. In both the areas, we have identified a number of opportunities to perform further work.

The purpose of this paper is to provide a retrospection on the importance, origins and development of the research programs in the author’s career.

The study uses an autobiographical approach.

Most of the articles, research monographs and books that constitute this research and publishing efforts can be categorized into seven distinct, but related, research programs: channels of distribution; marketing theory; marketing’s philosophy debates; macromarketing and ethics; relationship marketing; resource-advantage theory; and marketing management and strategy. The value system that has guided these research programs has been shaped by specific events that took place in the author’s formative years. This essay chronicles these events and the origins and development of the seven research programs.

Chronicling the importance, origins and development of the seven research programs will hopefully motivate and assist other scholars in developing their own research programs.

A financial analyst for Procter & Gamble must report on the prospects and implications of a new teeth-whitening product. Beyond a realistic profit-and-loss forecast and baseline net present value, he must determine which pricing and marketing strategy is most likely to maximize value for shareholders.

Poets House, a poetry special collection in New York, hosts an annual exhibit of the preceding year's poetry publications in the USA. This paper aims to offer a selection of recommended titles that reflect the range of poetry titles including single‐author works, anthologies, and prose about poetry.

The paper researched and requested donations of 2010‐2011 poetry titles from US poetry publishers to assemble and display a comprehensive collection of poetry publications, from which a selection of 50 titles was made. The selections should appeal to a range of poetry readers, from novices and students to poets looking to access the latest work from their peers.

Over 2,500 poetry titles were published and/or available to readers in the USA between June 2010 and June 2011. These titles range from mainstream publishers to independent presses to artists' collectives publishing works from established poets as well as emerging and international poets.

Without a budget for collection development, the exhibit and resulting titles represent those which publishers have opted to donate to the library. Every effort is made to be all‐inclusive, with the understanding that publishers may send only a selection of their list. The selected titles herein are based on the titles received for the exhibition.

For 19 years Poets House's annual Showcase has been the main collection‐development tool. Publishers donate copies of their titles, which are arranged by publisher for a month‐long exhibition. This approach enriches the poetry special collection, a unique poetry library built on community participation. The all‐inclusive collection‐development approach results in a full representation of poetry publishing.

A selection made from a comprehensive collection of the year's poetry titles offers a sample of poetry publishing from large to small presses and the self‐published in the USA.

To examine a statement issued by Justice Antonin Scalia on November 10, 2014, concurrently with the Supreme Court ' s denial of certiorari in a criminal insider trading case, which raises profound questions about how the courts interpret the federal securities laws and the degree of deference they give to the Securities and Exchange Commission (SEC) in the context of criminal enforcement.

The article discusses the points raised in the justice ' s statement and their potential implications for future securities enforcement cases.

The statement suggests that the traditional deference courts accord the SEC under the landmark decision in Chevron USA Inc. v. Natural Resources Defense Council, Inc., 467 US 837 (1984) may be inappropriate and potentially inconsistent with the rule of lenity, which requires that ambiguous criminal laws be interpreted in a defendant ' s favor.

Expert guidance from experienced securities lawyers.

The City of New York was suddenly and deliberately attacked on September 11, 2001, killing thousands of people and leaving unbelievable destruction. Thirty-eight buildings and structures were destroyed or damaged, including seven buildings in the World Trade Center site completely leveled. Almost five years later, two very large contaminated buildings, Deutsche Bank at 130 Liberty Street and Fiterman Hall of Borough of Manhattan Community College, have yet to be cleaned up and demolished. Some 30 million square feet of commercial space was lost. Transportation was disrupted, including the loss of the World Trade Center PATH station, the 1/9 subway line and portions of Route 9A and Church Street. Cars were not allowed south of Canal Street for a week. For Americans this was a terrorist attack and a crime. It was a time for mourning losses and responding to disaster. There was the shock that something like this could happen. And there was more. The destruction of the WTC also posed competing environmental, economic and social threats.