Should executives go to jail over cybersecurity breaches?

The Consumer Data Protection Act, a new bill introduced by Senator Ron Wyden, is proposing “jail time of up to 20 years for executives who knowingly sign off on incorrect or inaccurate annual certifications of their companies’ data-security practices.” The bill also recommends that companies be fined “up to 4 percent of their annual revenue.” While the critics consider the penalties too harsh and severe, the proposed legislation reflects two key realities – a) active involvement and commitment of senior management is essential to achieving a high level of cybersecurity preparedness; and b) legislation and fear of severe penalties (such as Sarbanes-Oxley Act of 2002 and European Union’s General Data Protection Regulation) is often necessary to motivate desired organizational behavior. In an increasingly digital ecosystem characterized by high levels of electronic connectivity, vulnerability to cyberattacks is growing. Organizations are in a perpetual state of breach with rapidly expanding attack surfaces and evolving threat vectors. Protecting confidential data and related digital assets is becoming critical to survival and success. Senior management must come to terms with this new business reality and give strategic priority to cybersecurity preparedness and investments. Research finds active involvement of top management in cyber risk mitigation initiatives to be a critical success factor and best practice. The onus is also on senior management to create a high-performance security culture founded on three key cornerstones – commitment, preparedness, and discipline. They also must lead the charge in establishing a cybersecurity governance structure characterized by joint ownership, responsibility, and accountability.     

Where is the Security Blanket? Developing Social Media Marketing Capability as a Shield from Perceived Cybersecurity Risk

Although cybersecurity is important for any organization, firms have little understanding of the ramifications of perceived cybersecurity risk and how marketers can avert its negative marketing outcomes. The inability of firms to prevent massive data breaches in the recent past has heightened cybersecurity risk perceptions of customers and cybersecurity-related marketing challenges and opportunities. This study links cybersecurity risk with firm risk through firm reputation by developing a conceptual framework grounded in perceived risk theory in conjunction with dynamic capabilities and social network theoretical perspectives. Our findings show that social media marketing capabilities enable firms in mitigating the adverse impact of cybersecurity risk in declining firm reputation and value. Thus, this study provides significant implications for marketing theory and practice.     

Information Privacy and Online Behaviors

Abstract

This study explores several key potential influences of privacy concerns on consumers' attitudes toward websites. Using a sample of 221 subjects, it was found that privacy concerns could decrease the likelihood of purchasing online. This finding highlights the importance of privacy concerns and contributes to the understanding of Internet marketing in that the early literature incompletely addresses the issue of consumer privacy empirically, which represents a potential threat to the growth of e-commerce. Thus, online marketers should be careful not to abuse (e.g., distribute it without permission) the personal information of consumers. In sum, it is advised that online marketers assure the public that consumer information will not be tracked and traded without the individual consumer's knowledge or consent.     

Lean, take two! Reflections from the second attempt at lean implementation

It’s not easy being lean. And for many companies, getting lean right the first time does not always happen. Lean is a management philosophy focused on identifying and eliminating waste throughout a product’s entire value stream, extending not only within the organization but also along the company’s supply chain network. Lean promises significant benefits in terms of waste reduction, and increased organizational and supply chain communication and integration. Implementing lean, however, and achieving the levels of organizational commitment, employee autonomy, and information transparency needed to ensure its success is a daunting task. This article describes in detail two lean implementation projects within the same company: a global manufacturer of food processing machines and equipment. The first project was a failure, while the second is viewed as a success. Examining these projects in detail, the major criteria and conditions that led to either lean failure or lean success are identified. Based on these conditions, we highlight a number of lessons learned, all of which may help other organizations ensure the success of their own lean implementation and improvement efforts.     

Building a risk model for data incidents: A guide to assist businesses in making ethical data decisions

Data protection is important to businesses, and increasingly so as the paper-based world fades into memory. Information safeguards that were sufficient in the past no longer are in the current digitized environment. It is incumbent upon companies to keep their data secure, but what constitutes reasonable protection? In this installment of Business Law & Ethics Corner, we tackle this question and proffer Draper’s Catastrophe Value Curve as an assessment tool toward that end.     

Protecting corporate intellectual property: Legal and technical approaches

The recent FBI v. Apple case has the potential to turn a 227-year-old statute law into a tool for government agencies to gain access to personal and corporate information. Recent events such as ‘Petraeus-gate,’ hacked nude celebrity photos in the cloud, and the use of a search and seizure warrant in the United States seeking customer email contents on an extraterritorial server raise important issues for the supposedly safe storage of data on the World Wide Web. Not only may there be nowhere to hide in cyberspace but nothing in cyberspace may be private. This article explores the legal and technical issues raised by these matters, with emphasis on the court decision In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corporation and the subsequent upholding of that decision.     

DOCSIS网络系统的安全实现

本文介绍了DOCSIS网络系统保证网络安全的方法,从功能上分析了该安全系统的3个安全组件。同时,重点给出了3个关键的具体实现,阐述了各部分和各步骤之间的运作方式和相互作用。     

WTO国家安全例外条款的合理适用

WTO安全例外条款解释的不确定性使该条款为WTO成员任意适用提供了可能性。乌克兰诉俄罗斯运输限制案中,专家组从管辖权、法律要件及法律解释三方面对安全例外条款做出了正式规制,并以国际公法上的善意原则对WTO各成员的行为进行反面限制。结合TikTok被禁案,笔者在对国家安全概念的内涵与外延作出界定后,从言论自由和反对主权扩张两个方面,对美国以国家安全为由限制贸易的非正当性和不可行性进行论证。最后,为避免国家安全滥用、遏制贸易保护主义兴起,我国应该遵循国家安全内涵扩大化趋势,明确适用WTO国家安全例外条款的态度及立场,加大对安全例外条款的研究力度,积极援引安全例外条款审查贸易制裁的正当性,维护我国国际贸易安全。     

话带Modem技术的发展

语音信道是应用最为广泛的一种通信媒体。其特点是,频带较窄,信噪比较高。为了在语音信道上获得越来越高的传输速率,研究人员和工程人员已为此奋斗了数十年。采用复杂的格状编码调制技术和正交调制技术,带宽利用率已接近3.1kHz语音带宽的Shannon极限：10b/s/Hz。但是所得到的约30kb/s的速率仍不能满足多媒体应用的需求。双绞线可以提供数兆赫兹的带宽,所以Modem的xDSL家庭利用多电平方式实现了每秒数兆比特的速率,本文主要介绍限制语音信道传输速率的因素,以及提高传输速率的方式。     

Open innovation requires integrated competition-community ecosystems: Lessons learned from civic open innovation

Open innovation has received substantial business attention as a means of providing firms in hyper-competitive environments with the ability to create a stream of new products and services. For open innovation, organizing external sources correctly is a critical capability; current literature suggests that external sources should be organized either as collaborative communities or as competitive markets. While firms have generally been slow to adopt open innovation, many cities in the U.S. and Europe have been quick to embrace it—providing needed field-based experience on how to organize external sources. Based on our examination of six cities opening their data for innovation, we found that while cities often started with one or the other approach to organizing their external sources, each approach was inadequate in ways that could potentially be addressed by the addition of the other approach. Thus, we conclude with an integrated approach in which the needs of the entire ecosystem of sources and supporters of innovation are organized to address both competitive and community needs.     

互联网发展对我国文化出口贸易影响的实证分析

随着近年来互联网经济的快速发展,我国也在开展文化出口贸易的过程中融合了互联网,基于互联网的时代背景下,通过对2009—2018年我国与30个周边国家文化出口贸易的面板数据进行实证分析,结果显示:在我国文化出口贸易的影响因素中,贸易国双方的互联网使用人数对我国文化贸易产品出口有显著的正向影响。     

Personal privacy and Internet marketing: An impossible conflict or a marriage made in heaven?

With the decline of print media and network television, marketing strategy is changing. As these advertising vehicles are slowing down and more individuals turn to the Internet for daily functioning, marketers are following in kind. Technology offers businesses and marketing specialists the ability to collect immense amounts of private data about individuals’ interests or characteristics as they surf the Internet and input personal information. Data collection falls into one of two categories: a user's voluntary sharing of such information, or involuntary/uninformed collection by other parties. The threat posed by invasion of personal privacy is real. At the same time, Internet users can benefit in several ways from the sharing and collection of personal information. For example, much online content is funded by advertising, and would otherwise only be available to consumers for a fee. Additionally, valuable information regarding trends and happenings (e.g., flu outbreaks) are detected by aggregated Internet tracking. Finally, many Internet users value and enjoy targeted advertising geared to their particular interests or needs. Laws regarding this matter are currently limited, but are developing in order to protect individuals from unscrupulous data collection, especially involving children. Fortunately, there are ways marketers can legally and ethically collect and use personal information. Ultimately, regulation needs to be developed, and the marketing profession can aid itself by expanding self-regulation and policing in order to stave off additional—and potentially onerous—regulation.     

Marketing analytics using anonymized and fragmented tracking data

With the digitization of the retail industry, there is a growing abundance of event-based tracking data describing consumer behavior (e.g., online clickstreams and offline sensors tracking the movement of shoppers). However, stronger data privacy regulations and the growing privacy consciousness of consumers suggest that much of the data may increasingly only be available to retailers in an anonymized and fragmented form that does not identify individual consumers exactly. In response to the relative paucity of research on marketing analytics in retailing using anonymized and fragmented event-based (AFE) tracking data, this paper makes three interrelated contributions. First, we describe the relevance of AFE data in the future of retailing, contrasting it with other forms of aggregate and individual-level data. Second, we propose a methodology for analyzing AFE data, which allows us to approximately recover individual-level heterogeneity and derive meaningful variables from the raw data. Third, we validate the methodology using representative data collected by deploying sensor-enabled shelves in a field experiment within a store. We find that our approach to analyzing AFE data can help uncover interesting patterns of consumer behavior and could be applied across other online and offline retail settings in practice.     

一种双模导引头目标检测的模糊数据融合算法

本文利用模糊集合来描述传感器的检测率和虚警率,提出了一种双传感器目标检测的模糊数据融合算法,并将其应用于双模复合导引头的目标检测,仿真结果表明算法合理。