Kellogg World Alumni Magazine Spring 2006Kellogg School of Management
In DepthIn BriefDepartmentsClass NotesClub NewsArchivesContactKellogg Homepage
A collaborative journey
The student voice

Adventure awaits

'Best citizens' unite for change
Bumpy takeoff didn't ground innovative GIM course
Dramatic presence
Student leaders give back
Channel surfing
The ultimate ROI: Business skills save lives
No kidding around
Address Update
Alumni Home
Submit News
Internal Site
Northwestern University
Kellogg Search
  Managing Cyber-Security Resources
  The little black book of computer security

Internet security: The keys to the online store

New books by Kellogg alumni explain how to guard against network break-ins

By Rebecca Lindell

Most people lock the doors of their homes and guard their keys carefully. But many don't do the same with their businesses, says Joel Dubin '91.

"Countless companies leave the doors to their networks wide open or give the keys away to all of their employees," says Dubin, author of a recently published book on network security. "Typically, the people in charge aren't aware of the potential for damage."

Dubin seeks to illuminate those perils in The Little Black Book of Computer Security (29th Street Press), a recently published primer on how to protect a network from breaches by hackers. The book is intended as a reference guide for IT managers who want a comprehensive yet easy-to-read summary of current IT security practices.

"It's not highly technical; it doesn't get into the nitty-gritty of setting up a firewall, for example," says Dubin, an independent computer security consultant based in Chicago. "But it does explain the difference between the three types of firewalls, how to 'harden' your server so that it is less vulnerable to attack, and what your hiring practices should be."

The last point merits special consideration in the book, as Dubin notes that many network break-ins are often remarkably low-tech.

"When a hacker is testing the security of a computer system, he doesn't always use a complicated means to break in," Dubin says. "He might, for example, pose as a UPS driver, and then check to see if passwords are posted near the computer. The methods aren't necessarily on a par with brain surgery, but the damage can be considerable."

Given the risks involved in having so much information on computers, it's easy to imagine spending "whatever it takes" to secure the network. But how much is enough — and how can companies get the best return on their investment? Martin Loeb, who earned his doctorate from Kellogg in 1975, addresses that question in his new book, Managing Cybersecurity Resources: A Cost-Benefit Analysis (McGraw Hill).

Loeb and co-author Lawrence Gordon are professors at the University of Maryland's Robert H. Smith School of Business. They aim to provide techies with the economic understanding and financial tools to compete effectively for the resources they need to protect a firm's networks, Loeb says.

The book takes the approach that modern economic analysis, including the theory of real options, can be applied to computer security. The authors seek to help readers determine their exposure to risk and provide measures for investments in cybersecurity. "Risk isn't just expected loss," Loeb explains. "You also have to look at the maximum you could afford or expect to lose" in the event of a breach.

Some breaches, the authors note, have a bigger impact on the bottom line than others. Those that involve the loss of confidential customer information tend to be far more devastating than other types of breaches, and protection against such attacks is likely to be worth the expense, the authors suggest.

The book provides readers with decision-making models that help managers identify key parameters to analyze the costs and benefits of cybersecurity investments. "Allocating money efficiently among different investments will give you more security and more bang for your buck," Loeb says.

Back to "Channel surfing"

©2002 Kellogg School of Management, Northwestern University