Decision Paradigms and Support in the Age of New Normal
The COVID-19 pandemic has accelerated the role of Information and Communications Technologies (ICT) in the way organizations – large or small, global or local, distributed or centralized, formal or informal – make decisions. Decision-making is being profoundly challenged by the digitization of the business world and the rise of political discordance in society across the world. Augmented by digital technologies, decision makers have in their hands massive amount of open source data, and more often than not, they are forced to make swift decisions while trying to mitigate increasing level of risks. Given the diversification of massive information sources that go beyond the organization boundaries, decision makers are facing with a quadruple level of uncertainty – increased difficulty in discerning real news from fake news, challenge in identifying possible courses of actions given a complex and oftentimes ambiguous decision; increased difficulty in estimating the likelihood of decision outcomes of a chosen action, and unexpected emergence of new actors – be it allies or foes, human or bots – along the decision-making process. In this talk, we revisit Herbert Simon’s seminal decision-making paradigm in the age of “new normal”, and propose how decision assurance would be needed to deal with the augmented age of uncertainty.
Tung Bui holds the distinguished professorship of global business endowed by the Matson Navigation Company at the University of Hawaii at Manoa. Prior to joining the University of Hawaii, Prof. Bui was on the faculty at New York University, the United States Naval Postgraduate School, Monterey, California, the Universities of Fribourg and Lausanne, Switzerland, the Hong Kong University of Science and Technology. Bui has published 14 books and over 180 papers. His current research interests focus on effective use of IT in large organizations, information literacy, digital transformation, sustainable development, and in collaborative technology, including group decision and negotiation support systems and crisis management. In 1993, a research journal nominated him as “one of the most influential researchers in the field of decision support systems” based on citation. In 2016, a top journal in Software engineering cites one of his research papers on “Scenario Management” as the top 4 most impactful paper for the last 25 years. He also earned the 2019 INFORMS Section Award on Group Decision and Negotiation. Bui is on the editorial board of a number of academic journals related to information technology in business and society. He has chaired 12 major international conferences, and is a regular program committee member of international meetings and workshops. Since 2015, he assumes the permanent chair of the Hawaii International Conference on System Sciences (HICSS), making it the longest standing and most cited conference in the fields of MIS and System Sciences.
Security by Obscurity, an History of Secrecy
In his Fable titled ‘the Tree and the Reed’, Aesop’s moral is that “Obscurity often brings safety”. However, thanks to GDPR and recent developments from the United States Securities and Exchange Commission (2018) and the European Securities and Monetary Authority (2019), requirements toward transparency in security management are growing. Companies may benefit from being transparent concerning breach disclosure, and most importantly, benefit from disclosing cybersecurity risks and disclosing past security incidents to stakeholders. Information disclosure is an increasingly way to be perceived as having superior performance. But despite being denigrated for the last 20 years, security by obscurity is still researched and well alive, with recent papers validating obscurity to an adversary. Indeed, Security by Obscurity has been the favored design principle in information security since the 2000s. Rebranded as “moving target defense” by the DHS in the 2010s, which consist in “hiding the target”, it is still very popular in information security as a part of deception techniques aimed at “mislead, confuse or hide critical assets” in latest NIST publications. What can explain this popularity? What are the roots of Security by Obscurity? Is there any space left for obscurity in a society where transparency has been elevated as a political and moral ideal?
In this presentation, we will dive into the historical roots of security by obscurity design principle and its developments. By opening the black box of secrecy, we intend to shed light on the symbiotic relationship between transparency and obscurity.
Expert in cybersecurity, Jean-Loup Richet is associate Professor of Management and co-director of the Risk Chair at Sorbonne Business School, IAE Paris, Université Paris I Panthéon-Sorbonne, France. He is an accredited expert in Cybercrime by the Europol and the Gendarmerie Nationale, and authored multiple studies for the United Nation Office on Drugs and Crime, Europol, the International Telecommunication Union and the European Commission. Jean-Loup Richet’s work explore the boundaries of cybercrime and cybersecurity, focusing on trends in online money laundering or new frauds enabled by Artificial Intelligence and Machine Learning. He has published numerous papers in trade and academic journals (European Journal of Information Systems; IEEE Transactions on Engineering Management); his work was featured in The Wall Street Journal, Wired, CBS, MIT Technology Review, Computer World, and many other media outlets. Jean-Loup Richet has received a number of awards such as the ITU Fellowship, the French Ministry innovation and research grant or the Robert Reix research prize from the Association Information & Management
“Digital Era yes, but… Data awareness first ! It could be an introduction before taking risks ”
In 28 October 2016, during the Eurocloud forum, Europe wanted Datacenters providers to build a European cloud initiative. It was obviously a good idea, but companies were not ready to jump in. As DPO, Leopold considers that GDPR represents the great game changer to urge both, EU citizens and EU companies to care about their digital assets. Data privacy is probably the first side of a multi facet diamond that is slowly coming to light. Another way to say it as Risk Manager, quite often, when a risk is not managed in the proper way, following major incidents, regulators under the pressure of the medias, react and implement compulsory rules. On this, GDPR, forces companies to take consciousness of part of their digital assets. Sensitive figures, such as split by sales network, split by products, by clients are not privacy data, but are still essential; because companies learnt about privacy, they will be ready for the next chapter, probably a financial one. Front of technology and innovation as an optimistic, I would say yes, and it could represent great opportunities for those, able to manage it, with the long-term perspectives. “A free and open digital market of technology and innovation”, I would say no. Ethics, perhaps philosophical point of view may help to structure the use of the data. As risk manager, I consider this broad approach as the maturity step.
Leopold is known for finding solutions when none are obvious especially regarding emerging risks. He likes to build solution with teams when problems arise regarding IT security, payment’s process, management of key resources, dependency to key suppliers. Leopold is a trusted advisor who helps board members to see through technology safe path, in order to embrace technology changes.
Leopold has over 20 years of experience in Risk Management in Digital environment. Since 2017 he serves Mazars the leading international audit firm as “Risk Manager”. He animates the community of Risk Managers at Mazars. He served during 7 years as Risk Manager of a CAC 60 executive teams. He has led the set-up of a reinsurance company and managed it as board member. Leopold started as “Risk Analyst” & “Risk Underwriter” in Insurance industry: AXA, CHUBB Insurance, Marsh.
Leopold has a Master in Computer Sciences and a Master degree in Finance – Major Risk Management from Paris Dauphine University. Every year he shares his passion of Risk Management and Digital Risks to over 200 students and professionals: Master SIEE Paris Dauphine, Master II of Computer sciences Nice, Executive Master Internal Audit ESCP Business School, Master Finance Paris Nanterre, CEFAR AMRAE Formation and Ecole Supérieure Assurance.
Leopold is one of the active board members of AMRAE (non for-profit organisation of French Risk Managers). He is VP in charge of training programs of AMRAE Formation.
FedEx, Amsterdam, Netherlands
Data, knowledge management and cybersecurity in organizations
While many organizations have already gone through difficult times, the COVID-19 pandemic has led many organizations around the world to close their offices, forcing millions of employees to work from home and creating a new way of daily communication. More than ever before, the threat of data breaches and cyberattacks continues to grow and made cybersecurity to become one of the major concerns for organizations. Indeed, focuses of organizations are mainly on information technology (IT) to ensure their business continuity; however, they should take not only a technology-driven approach but also a business-driven approach. The chief information security officer (CISO) should only be responsible for monitoring and assessing security compliance based on business managers’ input since they have a broader business view and a better understanding of control’s impact on the business goals. Organizations can only maximize their return on information security investment if dedicated governance involves the business side including employees from operations to boards of directors. This presentation is going to review the business continuity principles and propose how organizations must develop their information security governance in order to meet and support their business objectives.
Roland Inan is currently a senior IS/IT auditor at FedEx Express based in Amsterdam with more than 8 years of professional experience in a broad range of categories. His expertise includes audit management; information systems, IT networks, cybersecurity, project management, change management, data privacy, and operational auditing. As a head of IS & IT audit assignments, Roland delivers interactive, practical training and consulting for auditors and professionals about data privacy, cybersecurity, and auditing. Before joining FedEx as head of information IS / IT audit assignments, he worked with banks, the French Ministry of Defence, and a pharmaceutical company. Since 2017, he holds the lecturer’s permanent position at Paris Dauphine, Tunis Dauphine, and SKEMA business school covering cybersecurity, and IT networks, and IS / IT audit courses. In 2019, he was promoted to establish the new MSc cybersecurity program: information system of the extended enterprise: audit and advisory at Paris Dauphine. Roland is certified as a certified information security manager (CISM), certified information system auditor (CISA), and information technology infrastructure library (ITIL) as well as followed training specialized in ethical hacking (HSA).