There's an exciting new contest that will particularly appeal to students and young experts in information assurance: the Gordon Prize in Managing Cybersecurity Resources. Teachers and managers should take advantage of this wonderful opportunity to stimulate original thinking and scholarly expression among our members of the rising generation of security professionals.
Lawrence A. Gordon is the Ernst & Young Alumni Professor of Managerial Accounting and the Information Assurance Affiliate Professor at the University of Maryland Institute for Advanced Computer Studies of the Robert H. Smith School of Business in the University of Maryland College Park (whew!). Gordon has a distinguished career in economics and computer science and is a respected researcher and thinker with particular interests in the economics of information security; he is a frequent speaker at and organizer of several conferences including the annual Workshop on the Economics of Information Security (WEIS – the Eighth Workshop will be held at University College London in June 2009) and the annual Financial Information Systems and Cybersecurity Forum.
The formal announcement of the contest and prize explains that
"Gordon is committed to raising awareness of the issue of cybersecurity and its importance to business and government leaders… Gordon sees the Gordon Prize as another way of encouraging practitioners and theoreticians alike to approach the problem of cybersecurity in a multi-disciplinary way. Information security is a tremendously complex problem, one that can be approached from an economics perspective, as Gordon and Loeb have done for many years, or from a quality assurance perspective, a computer science or engineering perspective, a legal perspective, or a public policy perspective. Gordon hopes that discussions of these problems will be enriched as Gordon Prize applicants examine the issue of managing cybersecurity resources from many different perspectives and points of view.
"The prize will be offered yearly and the competition is open to students, faculty, and information security professionals in both the public and private sector."
Competitors must submit an essay in English of 800 to 1,500 words on the topic of “Managing Cybersecurity Resources.” The submission guidelines explain,
“These perspectives include, but are not limited to:
* determining how much to invest in cybersecurity
* capital vs. operating expenditures on cybersecurity
* cost-benefit analysis for managing cybersecurity resources
* global aspects of resource allocation decisions related to cybersecurity
* cybersecurity risk management
* assessing the economic cost of cybersecurity breaches to organizations
* deriving performance metrics for assessing the return on cybersecurity investments
* developing a framework for incorporating cybersecurity resource allocation decisions into the design and implementation of a management accounting system.”
I encourage all faculty members to alert their students to the contest and all managers to encourage their junior staff to get involved in the competition.
Again, the prize information is available online and includes full instructions on how to enter.
Go for it!