Stuart E. MadnickMassachusetts Institute of Technology | MIT · MIT Sloan School of Management
Stuart E. Madnick
PhD, Computer Science, 1972
About
463
Publications
105,615
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
7,732
Citations
Introduction
(1) Cybersecurity - focused on the managerial, organizational, and strategic aspects.
(2) Strategic use of Information Technology.
(3) Data base technologies.
Additional affiliations
January 1972 - present
Publications
Publications (463)
Developing cybersecurity norms and global normative cybersecurity behaviors play an increasingly critical role in global cybersecurity governance. This paper takes a longitudinal approach to analyze cybersecurity norms development activities during the period 1997–2020. A total of 206 individual cases were collected, and 233 individual cybersecurit...
Recent world events and geopolitics have brought the vulnerability of critical infrastructure to cyberattacks to the forefront. While there has been considerable attention to attacks on Information Technology (IT) systems, such as data theft and ransomware, the vulnerabilities and dangers posed by industrial control systems (ICS) have received sign...
The 2019 Capital One data breach is one of the largest data breaches impacting the privacy and security of personal information of over a 100 million individuals. In most reports about a cyberattack, you will hear that it succeeded because of an employee who had clicked on a link in a phishing email or forgot to patch some software, making it seem...
A balloon's-eyeperspective on a unique distributed, time-critical, geo-location problem.
Compliance and cybersecurity are crucial to many healthcare organizations. However, their implementation is often challenging, especially when privacy and trust are involved. An example is the case of the Haga Hospital in The Netherlands that was found in breach of the GDPR (General Data Protection Regulation) for inadequately protecting medical re...
The General Data Protection Regulation (GDPR) was widely seen as a significant step towards enhancing data protection and privacy. Unlike previous legislation, adherence to GDPR required organizations to assume greater responsibility for cybersecurity with respect to data processing. This shift represented a profound transformation in how businesse...
Governing cybersecurity risks from digital trade is a growing responsibility for governments and corporations. This study develops a systematic framework to delineate and analyze the strategies that governments and corporations take to address cybersecurity risks from digital trade. It maps out the current landscape based on a collection of 75 case...
Recent cyber-physical attacks, such as Stuxnet, Triton etc., have invoked an ominous realization about the vulnerability of critical infrastructure, including water, power and gas distribution systems. Traditional IT security-biased protection methods that focus on improving cyber hygiene are largely impotent in the face of targeted attacks by adva...
In the era of Web-based services and Internet-of-Things (IoT), almost every product and service is Internet-connected. Providers want their products and services to capture data, in part to improve performance and consumer satisfaction, but these might also be tools for spying and other malicious activities. Hence cybersecurity has increasingly bee...
Although concerns about cybersecurity have been around for more than a decade with significant attention by governments and regulators, the problem has actually continued to increase. So, it is clear that whatever is being done is not working. The research question for this study is: To what extent does compliance help or hinder cybersecurity for t...
The Equifax data breach in 2017 was one of the largest in history, with 148 million
people affected. Using the Cybersafety method, we reconstructed the attack flow and
Equifax’s hierarchical safety control system structure. We identified 19 systemic failures
spanning the four levels of the hierarchy and, based on our analysis of the reasons
for the...
Cybersecurity is becoming an increasing hurdle for digital trade. The governance of cybersecurity in the global digital trade system is a bottom-up approach, where governments are implementing fragmental and inconsistent trade policies and forming different models of public–private co-governance. Based on network-governance theory, information secu...
Urban mobility is in the midst of a revolution, driven by the convergence of technologies such as artificial intelligence, on-demand ride services, and Internet-connected and self-driving vehicles. Technological advancements often lead to new hazards. Coupled with the increased levels of automation and connectivity in the new generation of autonomo...
If the mantra “data is the new oil” of our digital economy is correct, then data leak incidents are the critical disasters in the online society. The initial goal of our research was to present a comprehensive database of data breaches of personal information that took place in 2018 and 2019. This information was to be drawn from press reports, ind...
The introduction of technology in today's society and the risks associated with its use demonstrate the need to secure information and other digital assets at various levels and in various sectors. Not only is this aspect important for industries, companies, and individuals, but also for countries. Regulations in several organizational and cultural...
Digital trade is growing in importance: it contributed to 10% of the global GDP in the last decade by enabling cross-border e-commerce. However, accompanied by sustained digital innovations, weak cybersecurity is becoming a growing threat to digital trading. Unfortunately, there are no global rules for managing digital trade, let alone rules to add...
If the mantra “data is the new oil” of our digital economy is correct, then data leak incidents are the critical disasters in the online society. The initial goal of our research was to present a comprehensive database of data breaches of personal information that took place in 2018 and 2019. This information was to be drawn from press reports, ind...
Today, cybersecurity is evolving, and so is compliance's critical role in influencing cybersecurity prevention and mitigation approaches. However, while compliance often acts as a lever for maturity growth, using regulatory requirements as a plan for building a cybersecurity program may result in an incomplete approach to achieving a secure organiz...
Physical control systems are increasingly controlled by reconfigurable, network-enabled devices to increase flexibility and ease commissioning and maintenance. Such capability creates vulnerabilities. Devices may be remotely reprogrammed by a malicious actor to act in unintended ways, causing physical damage to mechanical equipment, infrastructure,...
The Internet of Things (IoT) aims to translate our physical world into digital signals, ripe for the improvements promised by faster communication and better analytics. One of the greatest obstacles to broad adoption of IoT is the introduction of cyber risk – real and perceived – to buyers. We aimed to understand the mechanisms by which cybersecuri...
Background: Over the past decade, clinical care has become globally dependent on information technology. The cybersecurity of health care information systems is now an essential component of safe, reliable, and effective health care delivery.
Objective: The objective of this study was to provide an overview of the literature at the intersection of...
BACKGROUND
Over the past decade, clinical care has become globally dependent on information technology. The cybersecurity of healthcare information systems is now an essential component of safe, reliable, and effective healthcare delivery.
OBJECTIVE
The objective of this study is to provide an overview of the literature at the intersection of cybe...
Background
Over the past decade, clinical care has become globally dependent on information technology. The cybersecurity of health care information systems is now an essential component of safe, reliable, and effective health care delivery.
Objective
The objective of this study was to provide an overview of the literature at the intersection of c...
We developed a simulation game to study the effectiveness of decision-makers in overcoming two complexities in building cybersecurity capabilities: potential delays in capability development; and uncertainties in predicting cyber incidents. Analyzing 1,479 simulation runs, we compared the performances of a group of experienced professionals with th...
We developed a simulation game to study the effectiveness of decision-makers in overcoming two complexities in building cybersecurity capabilities: potential delays in capability development; and uncertainties in predicting cyber incidents. Analyzing 1479 simulation runs, we compared the performances of a group of experienced professionals with tho...
Cyber attacks are increasingly menacing businesses. Based on the literature review and publicly available reports, this article conducts an extensive and consistent survey of the services used by the cybercrime business, organized using the value chain perspective, to understand cyber attack in a systematic way. Understanding the specialization, co...
Experts from MIT explore recent advances in cybersecurity, bringing together management, technical, and sociological perspectives.
Ongoing cyberattacks, hacks, data breaches, and privacy concerns demonstrate vividly the inadequacy of existing methods of cybersecurity and the need to develop new and better ones. This book brings together experts fro...
Experts from MIT explore recent advances in cybersecurity, bringing together management, technical, and sociological perspectives.
Ongoing cyberattacks, hacks, data breaches, and privacy concerns demonstrate vividly the inadequacy of existing methods of cybersecurity and the need to develop new and better ones. This book brings together experts fro...
Experts from MIT explore recent advances in cybersecurity, bringing together management, technical, and sociological perspectives.
Ongoing cyberattacks, hacks, data breaches, and privacy concerns demonstrate vividly the inadequacy of existing methods of cybersecurity and the need to develop new and better ones. This book brings together experts fro...
The potential of social media to give insight into the dynamic evolution of public conversations, and into their reactive and constitutive role in political activities, has to date been underdeveloped. While topic modeling can give static insight into the structure of a conversation, and keyword volume tracking can show how engagement with a specif...
The potential of social media to give insight into the dynamic evolution of public conversations, and into their reactive and constitutive role in political activities, has to date been underdeveloped. While topic modeling can give static insight into the structure of a conversation, and keyword volume tracking can show how engagement with a specif...
Almost everyone recognizes the salience of cyberspace as a fact of daily life. Given its ubiquity, scale, and scope, cyberspace has become a fundamental feature of the world we live in and has created a new reality for almost everyone in the developed world and increasingly for people in in the developing world. This paper seeks to provide an initi...
With increasing economic pressures and exponential growth in technological innovations, companies are increasingly relying on digital technologies for innovation and value creation. But, with increasing levels of cybersecurity breaches, the trustworthiness of many established and new technologies is of concern. Consequently, companies are aggressiv...
Renewable energy systems need to be able to make frequent and rapid adjustments to address shifting solar and wind production. This requires increasingly sophisticated industrial control systems (ICS). But, that also increases the potential risks from cyber-attacks. Despite increasing attention to technical aspects (i.e., software and hardware) of...
This book constitutes revised selected papers from the 5th ECML PKDD Workshop on Data Analytics for Renewable Energy Integration, DARE 2017, held in Skopje, Macedonia, in September 2017.
The 11 papers presented in this volume were carefully reviewed and selected for inclusion in this book and handle topics such as time series forecasting, the detec...
This book constitutes revised selected papers from the 4th ECML PKDD Workshop on Data Analytics for Renewable Energy Integration, DARE 2016, held in Riva del Garda, Italy, in September 2016.
The 11 papers presented in this volume were carefully reviewed and selected for inclusion in this book and handle topics such as time series forecasting, the d...
Renewable energy systems need to be able to make frequent and rapid adjustments to address shifting solar and wind production. This requires increasingly sophisticated industrial control systems (ICS). But, that also increases the potential risks from cyber-attacks. Despite increasing attention to technical aspects (i.e., software and hardware) of...
The interdependency of information security and usability has been evident for several years, yet this area is largely under-represented within the Literature. Consequently, no standards yet exist that address the balance between security and usability within system design. To address this gap in knowledge, the authors propose a method that can be...
Cyber Physical Systems (CPSs) are increasingly being adopted in a wide range of industries such as smart power grids. Even though the rapid proliferation of CPSs brings huge benefits to our society, it also provides potential attackers with many new opportunities to affect the physical world such as disrupting the services controlled by CPSs. Stuxn...
Social mobilization is a process that enlists a large number of people to achieve a goal within a limited time, especially through the use of social media. There is increasing interest in understanding the factors that affect the speed of social mobilization. Based on the Langley Knights competition data set, we analyzed the differences in mobiliza...
In 1980, Jay Forrester enumerated three types of data needed to develop the structure and decision rules in models: numerical, written and mental data, in increasing order of importance. While this prioritization is appropriate, it is numerical data that has experienced the most development in the 25 years since Forester made his enumeration. In th...
Despite the potential benefits, many organizations have failed in service-oriented architecture (SOA) implementation projects. Prior research often used a variance perspective and neglected to explore the complex interactions and timing dependencies between the critical success factors. This study adopts a process perspective to capture the dynamic...
This book constitutes revised selected papers from the third ECML PKDD Workshop on Data Analytics for Renewable Energy Integration, DARE 2015, held in Porto, Portugal, in September 2015.
The 10 papers presented in this volume were carefully reviewed and selected for inclusion in this book.
Interest in renewable energy has grown rapidly, driven by widely held concerns about energy sustainability and security. At present, no single mode of renewable energy generation dominates and consideration tends to center on finding optimal combinations of different energy sources and generation technologies. In this context, it is very important...
Large-scale mobilization of individuals across social networks is becoming increasingly prevalent in society. However, little is known about what affects the speed of social mobilization. Here we use a framed field experiment to identify and measure properties of individuals and their relationships that predict mobilization speed. We ran a global s...
Almost everyone recognizes the salience of cyberspace as a fact of daily life. Given its ubiquity, scale, and scope, cyberspace has become a fundamental feature of the world we live in and has created a new reality for almost everyone in the developed world and increasingly for people in the developing world. This paper seeks to provide an initial...
A new breed of executive, the chief data officer (CDO), is emerging as a key leader in the organization. We provide a three-dimensional cubic framework that describes the role of the CDO. The three dimensions are: (1) Collaboration Direction (inwards vs. outwards), (2) Data Space (traditional data vs. big data) and (3) Value Impact (service vs. str...
This paper applies the theory of real options to analyze how the value of information-based flexibility should affect the decision to centralize or decentralize data management under low and high uncertainty. This study makes two main contributions. First, we show that in the presence of low uncertainty, centralization of data management decisions...
We present a comprehensive classification of data misinterpretation problems and develop an approach to automatic detection and reconciliation of data interpretation conflicts in Web services composition. The approach uses a lightweight ontology augmented with modifiers, contexts, and atomic conversions between the contexts. The WSDL descriptions o...