CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

"Do Computer Related Security and Abuse Incidents Cost Organizations? You Bet!" The Incident Cost Analysis and Modeling Projects I and II.

Virginia Rezmierski - University of Michigan

Apr 25, 2001


Colleges and Universities, as open environments for the creation, exchange, and transfer of information, have found themselves particularly vulnerable to abuse, misuse, and outright security attacks. Administrators ask themselves if this is simply the cost of doing business in electronic environments and nothing more to worry about, or if these are real costs that need to be planned for and managed as risks. Dr. Virginia Rezmierski and a staff of research assistants from the University of Michigan's Ford School of Public Policy and the Law School researched and developed a cost analysis model for determine real costs. In a series of two studies, the first funded by the Chief Information Officers of the Committee for Institutional Cooperation (CIC), and the second by the USENIX Association, they gathered, described and analyzed 45 different incidents, presented costs, and described the state of incident handling at participating schools. They identified factors that contributed to costs and those that contributed to the occurrence of incidents. Their methodology and results have been widely disseminated and will be discussed in this seminar.

About the Speaker

Dr. Virginia Rezmierski has a BA in Sociology and Political Science from the Maxwell School of Citizenship at Syracuse University, an MA in psychopathology and Special Education from Syracuse and a Ph.D. in Educational Psychology from the University of Michigan. She has taught at the undergraduate and graduate level at Syracuse and at the University of Michigan. After many years of teaching and lecturing widely regarding abusive and disturbed behaviors and educational methods, Rezmierski joined the Information Technology Administration at the University of Michigan, primarily to learn more about the new \"revolution.\"

For the past fifteen, Rezmierski has been Director of the Office of Policy Development and Education at the University of Michigan. With her staff she has served to identify and analyze ethical and legal issues relating to information technology use and develope policies for the University of Michigan. This group is recognized for providing campus-wide educational campaigns on security, ethical, legal, and policy issues--the most widely known of the campaigns is the \"Passwords Are Like Underwear Campaign---\"don\'t share yours with friends, the longer the better\", etc.which has been shared with a large number of other colleges and universities. Rezmierski cochaired the campus-wide security policy committee for the campus and many other committees dealing with issues of pornography access, protection of personal information, use of social security numbers as identifiers, copyright and others. She publishes and speaks nationally on these issues.

After retiring from her administrative duties in June 2000, Dr. Rezmierski was reappointed to continue teaching at the University of Michigan for two of the colleges. She teaches an advanced course in Technology, Emerging Law, and Applied Policy for the Ford School of Public Policy and a graduate course in Ethics and Values for the School of Information. She also currently directs a National Science Foundation grant designed to describe logging and monitoring activities at colleges and universities and determine the point at which such activities may violate the privacy rights of students under the Family Educational Rights and Privacy Act.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.