%0 Journal Article %J Technology Innovation Management Review %D 2021 %T Call for Papers: Distributed Ledger Technologies for Smart Digital Economies %K artificial intelligence %K blockchain %K cybersecurity %K digital economy %K distributed ledger technology %K smartification %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 11 %P 1-1 %8 02/2021 %G eng %U timreview.ca/article/1422 %N 2 %& 1 %R http://doi.org/10.22215/timreview/1422 %0 Journal Article %J Technology Innovation Management Review %D 2020 %T Examining the Relationship Between Cybersecurity and Scaling Value for New Companies %A Tony Bailetti %A Daniel Craigen %K cybersecurity %K scaling company value %K scaling initiatives %K topic model stability %X We explore the cybersecurity-scaling relationship in the context of scaling new company value rapidly. The relationship between the management of what a new company does to protect against the malicious or unauthorized use of electronic data, and the management of what a new company does to scale company value rapidly is important, but not well understood. We use a topic modelling technique to identify the eight topics that best describe a corpus comprised of 137 assertions about what new companies do to scale company value rapidly, manually examine the stability of the topics extracted from the dataset, and describe the relationship between 17 assertions about how to manage cybersecurity in new companies, and the six topics found to be stable. The six stable topics are labelled Fundraise, Enable, Position, Communicate, Innovate, and Complement. We find that of the 17 cybersecurity assertions, seven are related to Position, two to Innovate, one to Fundraise and, one to Complement. Six cybersecurity assertions were not found to be strongly related to any of the eight topics. This paper contributes to our understanding of cybersecurity in the context of a new company that scales its value rapidly, an application of topic modelling to perform small-scale data analysis, and a manual approach to examine the stability of the topics extracted by the topic modelling technique. We expect this paper to be relevant to new companies’ top management teams, members of the networks upon which new companies depend for to scale company value, accelerators and incubators, as well as academics teaching or carrying out research in entrepreneurship. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 10 %P 62-70 %8 02-2020 %G eng %U timreview.ca/article/1329 %N 2 %1 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the past Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %2 Carleton University Mr. Craigen is the community and project manager with the Technology Innovation Management Program, Carleton University. Formerly, he was the Director of Carleton University’s Global Cybersecurity Resource (GCR) (https://www.cugcr.ca) and was the founding president of Global EPIC (https://www.globalepic.org). Mr. Craigen was a senior science advisor with the Government of Canada for 12-years and President of ORA Canada, a company that focused on high assurance technologies and distributed its technology to sites in 65-countries. Mr. Craigen was the Chair of two NATO research task groups (“Dual use of high assurance technologies” and “Validation, verification and certification of embedded systems.”) Mr. Craigen obtained a B. Sc (Honours Math) and an M. Sc from Carleton University. %& 62 %R http://doi.org/10.22215/timreview/1329 %0 Journal Article %J Technology Innovation Management Review %D 2019 %T Editorial: Insights (November 2019) %A Stoyan Tanev %A Gregory Sandstrom %K artificial intelligence %K competitive advantage %K cybersecurity %K deep learning %K Deepfake %K design rules %K digitalization %K entrepreneurial ecosystems %K entrepreneurial university %K entrepreneurship %K entrepreneurship education %K fake news %K innovation %K international entrepreneurship %K leadership %K Learning Capabilities %K marketing %K motivation %K new venture teams %K quadruple helix %K sanctions %K SMEs %K teamwork %K triple helix %K university business incubation %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 9 %P 3-4 %8 11/2019 %G eng %U timreview.ca/article/1278 %N 11 %1 Technology Innovation Management Review Stoyan Tanev, PhD, MSc, MEng, MA, is Associate Professor of Technology Entrepreneurship and Innovation Management associated with the Technology Innovation Management (TIM) Program, Sprott School of Business, Carleton University, Ottawa, ON, Canada. Before re-joining Carleton University, Dr. Tanev was part of the Innovation and Design Engineering Section, Faculty of Engineering, University of Southern Denmark (SDU), Odense, Denmark.
Dr. Tanev has a multidisciplinary background including MSc in Physics (Sofia University, Bulgaria), PhD in Physics (1995, University Pierre and Marie Curie, Paris, France, co-awarded by Sofia University, Bulgaria), MEng in Technology Management (2005, Carleton University, Ottawa, Canada), MA in Orthodox Theology (2009, University of Sherbrooke, Montreal Campus, QC, Canada) and PhD in Theology (2012, Sofia University, Bulgaria).
Dr. Stoyan Tanev has published multiple articles in several research domains. His current research interests are in the fields of technology entrepreneurship and innovation management, design principles and growth modes of global technology start-ups, business analytics, topic modeling and text mining. He has also an interest in interdisciplinary issues on the interface of the natural and social sciences. %2 Technology Innovation Management Review Gregory Sandstrom is Managing Editor of the Technology Innovation Management Review. Former Associate Professor of Mass Media and Communications at the European Humanities University and Affiliated Associate Professor at the Social Innovations Laboratory, Mykolas Romeris University in Vilnius, Lithuania. PhD from St. Petersburg State University and the Sociological Institute of the Russian Academy of Sciences, sector on Sociology of Science. Postdoctoral Research Fellow at the Lithuanian Science Council and Autonomous National University of Mexico's Institute for Applied Mathematics and Systems. Promoter and builder of blockchain distributed ledger technology systems and digital extension services. %& 3 %R http://doi.org/10.22215/timreview/1278 %0 Journal Article %J Technology Innovation Management Review %D 2019 %T The Emergence of Deepfake Technology: A Review %A Mika Westerlund %K artificial intelligence %K cybersecurity %K deep learning %K Deepfake %K fake news %X Novel digital technologies make it increasingly difficult to distinguish between real and fake media. One of the most recent developments contributing to the problem is the emergence of deepfakes which are hyper-realistic videos that apply artificial intelligence (AI) to depict someone say and do things that never happened. Coupled with the reach and speed of social media, convincing deepfakes can quickly reach millions of people and have negative impacts on our society. While scholarly research on the topic is sparse, this study analyzes 84 publicly available online news articles to examine what deepfakes are and who produces them, what the benefits and threats of deepfake technology are, what examples of deepfakes there are, and how to combat deepfakes. The results suggest that while deepfakes are a significant threat to our society, political system and business, they can be combatted via legislation and regulation, corporate policies and voluntary action, education and training, as well as the development of technology for deepfake detection, content authentication, and deepfake prevention. The study provides a comprehensive review of deepfakes and provides cybersecurity and AI entrepreneurs with business opportunities in fighting against media forgeries and fake news. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 9 %P 40-53 %8 11/2019 %G eng %U timreview.ca/article/1282 %N 11 %1

Carleton University

 
Mika Westerlund, DSc (Econ), is an Associate Professor at Carleton University in Ottawa, Canada. He previously held positions as a Postdoctoral Scholar in the Haas School of Business at the University of California Berkeley and in the School of Economics at Aalto University in Helsinki, Finland. Mika earned his doctoral degree in Marketing from the Helsinki School of Economics in Finland. His research interests include open and user innovation, the Internet of Things, business strategy, and management models in high-tech and service-intensive industries.

 

%& 40 %R http://doi.org/10.22215/timreview/1282 %0 Journal Article %J Technology Innovation Management Review %D 2018 %T Editorial: Innovation Strategy and Practice (November 2018) %A Chris McPhee %K best practice %K collaboration %K creativity %K cybersecurity %K framework %K information security %K innovation %K innovation ecosystems %K maturity model %K method %K model %K practice %K research %K research institutions %K strategy %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 8 %P 3-3 %8 11/2018 %G eng %U https://timreview.ca/article/1194 %N 11 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen’s University in Kingston, Canada. He has nearly 20 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %R http://doi.org/10.22215/timreview/1194 %0 Journal Article %J Technology Innovation Management Review %D 2018 %T Information Security Best Practices: First Steps for Startups and SMEs %A Urpo Kaila %A Linus Nyman %K best practices %K cybersecurity %K information security %K risk management %K SMEs %K startups %X This article identifies important first steps toward understanding and implementing information security. From the broad selection of existing best practices, we introduce a lightweight yet comprehensive security framework with four useful first steps: identifying assets and risks; protecting accounts, systems, clouds, and data; implementing a continuity plan; and monitoring and reviewing. This article is intended primarily for startups and less mature companies, but it is likely to be of interest to any reader seeking an introduction to basic information security concepts and principles as well as their implementation. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 8 %P 32-42 %8 11/2018 %G eng %U https://timreview.ca/article/1198 %N 11 %1 Finnish IT Center for Science (CSC) Urpo Kaila is the Head of Security for CSC – the Finnish IT Center for Science. His background in the information security industry, with long experience in handling security incidents as well as developing solutions for information security and data protection. He has been responsible to achieve the valued ISO/IEC 27001 information security management certification for CSC and is a steering committee member in security groups for some European Research Infrastructures, such as WISE and GÉANT SIG-ISM. Urpo holds the professional international information security certificates CISSP, GCIH, GCED, CISM, and ISO 27001 Lead Auditor. He also holds a Master’s degree from the Hanken School of Economics. His research focuses on best practices in information security and data protection. %2 Hanken School of Economics Linus Nyman is an Assistant Professor at the Hanken School of Economics in Helsinki, Finland, and an Adjunct Research Professor in the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada. He has lectured on a range of topics, including information security and privacy, information systems science, corporate strategy, and open source software development. His current research focuses on information security and privacy, which are topics he also covers in a blog for the Finnish daily newspaper HBL. Linus holds a PhD and a Master’s degree, both from the Hanken School of Economics. %R http://doi.org/10.22215/timreview/1198 %0 Journal Article %J Technology Innovation Management Review %D 2017 %T Anticipating the Economic Benefits of Blockchain %A Melanie Swan %K blockchain %K cryptocurrencies %K cryptoeconomics %K cybersecurity %K digital asset registries %K digital goods %K distributed ledgers %K economics %K eWallet %K lightning network %K long tail markets %K payment channels %K programmable money %K smart assets %K smart contracts %K streaming money %X In this general overview article intended for non-experts, I define blockchain technology and some of the key concepts, and then I elaborate four specific applications that highlight the potential economic benefits of digital ledgers. These applications are digital asset registries, blockchains as leapfrog technology for global financial inclusion, long-tail personalized economic services, and net settlement payment channels. I also highlight key challenges that offset the potential economic benefits of blockchain distributed ledgers, while arguing that the benefits would outweigh the potential risks. The overarching theme is that an increasing amount of everyday operations involving money, assets, and documents could start to be conducted via blockchain-based distributed network ledgers with cryptographic security, and at more granular levels of detail. One economic implication of widespread blockchain adoption is that the institutional structure of society could shift to one that is computationally-based and thus has a diminished need for human-operated brick-and-mortar institutions. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 6-13 %8 10/2017 %G eng %U http://timreview.ca/article/1102 %N 10 %1 Purdue University Melanie Swan is a technology theorist in the Philosophy Department at Purdue University in West Lafayette, Indiana, United States. She is the author of the best-selling book Blockchain: Blueprint for a New Economy (2015), which has been translated into six languages. She is the founder of several startups including the Institute for Blockchain Studies, DIYgenomics, GroupPurchase, and the MS Futures Group. Ms. Swan's educational background includes an MBA in Finance and Accounting from the Wharton School of the University of Pennsylvania, an MA in Contemporary Continental Philosophy from Kingston University London and Université Paris 8, and a BA in French and Economics from Georgetown University. She is a faculty member at Singularity University and the University of the Commons, an Affiliate Scholar at the Institute for Ethics and Emerging Technologies, and an invited contributor to the Edge's Annual Essay Question. %R http://doi.org/10.22215/timreview/1109 %0 Journal Article %J Technology Innovation Management Review %D 2017 %T Big Data and Individual Privacy in the Age of the Internet of Things %A Mackenzie Adams %K big data %K cybersecurity %K data breaches %K Internet of Things %K IOT %K privacy %K smart devices %X The availability of “big data” and “smart” products are credited with advancing solutions to complex problems in medicine, transportation, and education, among others. However, with big data comes big responsibility. The collection, storage, sharing, and analysis of data are far outpacing individual privacy protections, whether technological or legislative. The Internet of Things (IoT), with its promise to create networks of networks, will magnify individual data privacy threats. Recent data breaches, exposing the personal information of millions of users, provide insight into the vulnerability of personal data. Although seemingly expansive, there are core individual privacy issues that are central to current big data breaches and anticipated IoT threats. This article examines both big data and the IoT using examples of data privacy breaches to illustrate the impact of individual data loss. Furthermore, the article examines the complexity of tackling technological and legislative challenges in protecting individual privacy. It concludes by summarizing these issues in terms of the future implications of the IoT and the loss of privacy. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 12-24 %8 04/2017 %G eng %U http://timreview.ca/article/1067 %N 4 %1 SOMANDA Inc. Mackenzie Adams is Co-Founder and Creative Director at SOMANDA Inc., and she is a recent graduate of the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada. As an avid learner and serial entrepreneur, Mackenzie is always seeking new challenges to continue evolving and expanding her interests, knowledge base, and skills. Her interests span the fields of artificial intelligence, quantum computing, EdTech, and FinTech. Her passion is to find and cultivate the next generation of innovators in underserved communities. %R http://doi.org/10.22215/timreview/1067 %0 Journal Article %J Technology Innovation Management Review %D 2017 %T A Blockchain Ecosystem for Digital Identity: Improving Service Delivery in Canada’s Public and Private Sectors %A Greg Wolfond %K blockchain %K consumer privacy %K cybersecurity %K digital assets %K digital attributes %K digital identity %K identity fraud %K identity verification %K online privacy %K online security %X Blockchain-based solutions have the potential to make government operations more efficient and improve the delivery of services in the public and private sectors. Identity verification and authentication technologies, as one of the applications of blockchain-based solutions – and the focus of our own efforts at SecureKey Technologies – have been critical components in service delivery in both sectors due to their power to increase trust between citizens and the services they access. To convert trust into solid value added, identities must be validated through highly-reliable technologies, such as blockchain, that have the capacity to reduce cost and fraud and to simplify the experience for customers while also keeping out the bad actors. With identities migrating to digital platforms, organizations and citizens need to be able to transact with reduced friction even as more counter-bound services move to online delivery. In this article, drawing on our own experiences with an ecosystem approach to digital identity, we describe the potential value of using blockchain technology to address the present and future challenges of identity verification and authentication within a Canadian context. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 35-40 %8 10/2017 %G eng %U http://timreview.ca/article/1112 %N 10 %1 SecureKey Technologies Greg Wolfond is the Founder of SecureKey Technologies and brings more than 30 years of experience in fintech, security, and mobile solutions to his role as Chief Executive Officer. Greg is a serial entrepreneur whose earlier ventures include Footprint Software Inc., a financial software company he sold to IBM, and 724 Solutions Inc., a wireless infrastructure software provider he took public. He sits on several boards and has been recognized as one of Canada’s Top 40 Under 40, Entrepreneur of the Year, and one of the 100 Top Leaders in Identity. Greg holds a Bachelor of Arts in Computer Science from the University of Western Ontario, Canada, and a Bachelor of Science in Biochemistry and Life Sciences from the University of Toronto, Canada. %R http://doi.org/10.22215/timreview/1112 %0 Journal Article %J Technology Innovation Management Review %D 2017 %T Combining Exploratory Analysis and Automated Analysis for Anomaly Detection in Real-Time Data Streams %A Ahmed Shah %A Ibrahim Abualhaol %A Mahmoud Gad %A Michael Weiss %K anomaly detection %K cybersecurity %K exploratory analysis %K real-time data streams %K visualization %X Security analysts can become overwhelmed with monitoring real-time security information that is important to help them defend their network. They also tend to focus on a limited portion of the alerts, and therefore risk missing important events and links between them. At the heart of the problem is the system that analysts use to detect, explore, and respond to cyber-attacks. Developers of security analysis systems face the challenge of developing a system that can present different sources of information at multiple levels of abstraction, while also creating a system that is intuitive to use. In this article, we examine the complementary nature of exploratory analysis and automated analysis by testing the development of a system that monitors real-time Border Gateway Protocol (BGP) traffic for anomalies that might indicate security threats. BGP is an essential component for supporting the infrastructure of the Internet; however, it is also highly vulnerable and can be hijacked by attackers to propagate spam or launch denial-of-service attacks. Some of the attack scenarios on the BGP infrastructure can be quite elaborate, and it is difficult, if not impossible, to fully automate the detection of such attacks. This article makes two contributions: i) it describes a prototype platform for computing indicators and threat alerts in real time and for visualizing the context of an alert, and ii) it discusses the interaction of exploratory analysis (visualization) and automated analysis. This article is relevant to students, security researchers, and developers who are interested in the development or use of real-time security monitoring systems. They will gain insights into the complementary aspects of automated analysis and exploratory analysis through the development of a real-time streaming system. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 25-31 %8 04/2017 %G eng %U http://timreview.ca/article/1068 %N 4 %1 VENUS Cybersecurity Corporation Ahmed Shah holds a BEng in Software Engineering from Lakehead University in Thunder Bay, Canada, and a MEng in Technology Innovation Management from Carleton University in Ottawa, Canada. Ahmed has experience working in a wide variety of research roles at the VENUS Cybersecurity Corporation, the Global Cybersecurity Resource, and Carleton University. %2 Carleton University Ibrahim Abualhaol is a Research Scientist at Larus Technologies and an Adjunct Professor at Carleton University in Ottawa, Canada. He holds a BSc, an MSc, and a PhD in Electrical and Computer Engineering. He is a senior member of IEEE and a Professional Engineer (P.Eng) in Ontario, Canada. His research interests include real-time big-data analytics and its application in cybersecurity and wireless communication systems. %3 VENUS Cybersecurity Corporation Mahmoud M. Gad is a Research Scientist at the VENUS Cybersecurity Corporation. He holds a PhD in Electrical and Computer Engineering from the University of Ottawa in Canada. Additionally, he holds an MSc in ECE from the University of Maryland in College Park, United States. His research interests include big-data analytics for cybersecurity, cyber-physical system risk assessment, cybercrime markets, and analysis of large-scale networks. %4 Carleton University Michael Weiss holds a faculty appointment in the Department of Systems and Computer Engineering at Carleton University in Ottawa, Canada, and he is a member of the Technology Innovation Management program. His research interests include open source, ecosystems, mashups, patterns, and social network analysis. Michael has published on the evolution of open source business, mashups, platforms, and technology entrepreneurship. %R http://doi.org/10.22215/timreview/1068 %0 Journal Article %J Technology Innovation Management Review %D 2017 %T A Cybersecurity Risk Assessment Framework that Integrates Value-Sensitive Design %A Aida Alvarenga %A George Tanev %K cybersecurity %K framework %K medical devices %K risk assessment %K value propositions %K value-sensitive design %X Medical devices today are more effective and connected than ever before, saving more patient lives and making healthcare practitioner’s jobs more efficient. But with this interconnectedness comes inherent concerns over increased cybersecurity vulnerabilities. Medical device cybersecurity has become an increasing concern for all relevant stakeholders including: patients, regulators, manufacturers, and healthcare practitioners. Although cybersecurity in medical devices has been covered in the literature, there is a gap in how to address cybersecurity concerns and assess risks in a way that brings value to all relevant stakeholders. In order to maximize the value created from cybersecurity risk mitigations, we review literature on the state of cybersecurity in the medical device industry, on cybersecurity risk management frameworks in the context of medical devices, and on how cybersecurity can be used as a value proposition. We then synthesize the key contributions of the literature into a framework that integrates cybersecurity value considerations for all relevant stakeholders into the risk mitigation process. This framework is subsequently applied to the hypothetical case of an insulin pump. Using this example case, we illustrate how medical device manufacturers can use the framework as a standardized method that can be applicable to medical devices at large. Our ultimate goal is to make cybersecurity risk mitigation an exploitable asset for manufacturers rather than a regulatory obligation. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 32-43 %8 04/2017 %G eng %U http://timreview.ca/article/1069 %N 4 %1 Carleton University Aida Alvarenga Castillo is a Master’s student in the Technology Innovation Management program at Carleton University in Ottawa, Canada. Aida undertook her undergraduate studies at McGill University in Montreal, Canada, with a focus on Economics, Business Management, and Political Science. She has experience in the financial industry for well-established banks, in a business development role for a technology startup, and as an entrepreneur in launching her own family food business. Within the field of technology innovation, Aida’s main interests are in financial technologies (FinTech) and innovation within the financial industry. %2 Carleton University George Tanev is a Master’s student in the Technology Innovation Management program at Carleton University in Ottawa, Canada. George holds a Master’s of Science degree in Medicine and Technology from the Technical University of Denmark and a Bachelor of Engineering in Biomedical and Electrical Engineering from Carleton University. George has experience in the medical device industry and the air navigation services industry. His interests are in technology entrepreneurship, cybersecurity, medical device product development, signal processing, and data modelling. %R http://doi.org/10.22215/timreview/1069 %0 Journal Article %J Technology Innovation Management Review %D 2017 %T Editorial: Cybersecurity (April 2017) %A Chris McPhee %A Michael Weiss %K anomaly detection %K automation %K big data %K cybersecurity %K exploration %K Hypponen’s law %K Internet of Things %K IOT %K legislation %K medical devices %K privacy %K real time %K risk assessment %K security engineering %K smart devices %K value proposition %K vulnerabilities %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 3-4 %8 04/2017 %G eng %U http://timreview.ca/article/1065 %N 4 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. He has nearly 20 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Carleton University Michael Weiss holds a faculty appointment in the Department of Systems and Computer Engineering at Carleton University in Ottawa, Canada, and is a member of the Technology Innovation Management program. His research interests include open source, ecosystems, mashups, patterns, and social network analysis. Michael has published on the evolution of open source business, mashups, platforms, and technology entrepreneurship. %R http://doi.org/10.22215/timreview/1065 %0 Journal Article %J Technology Innovation Management Review %D 2017 %T Editorial: Insights (June 2017) %A Chris McPhee %K competitive intelligence %K creativity %K cybersecurity %K entrepreneurship %K internal communication management %K Internet of Things %K service design %K training %K university–industry collaboration %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 3-4 %8 06/2017 %G eng %U http://timreview.ca/article/1079 %N 6 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. He has nearly 20 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express %R http://doi.org/10.22215/timreview/1079 %0 Journal Article %J Technology Innovation Management Review %D 2017 %T The Internet of (Vulnerable) Things: On Hypponen's Law, Security Engineering, and IoT Legislation %A Mikko Hypponen %A Linus Nyman %K consumers %K cybersecurity %K Hypponen’s law %K Internet of Things %K IOT %K legislation %K manufacturers %K security engineering %K smart devices %K vulnerability %X The Internet of Things (IoT) and the resulting network-connectedness of everyday objects and appliances in our lives bring not only new features and possibilities, but also significant security concerns. These security concerns have resulted in vulnerabilities ranging from those limited in effect to a single device to vulnerabilities that have enabled IoT-based botnets to take over hundreds of thousands of devices to be used for illegal purposes. This article discusses the vulnerable nature of the IoT – as symbolized by Hypponen’s law – and the parts both manufacturers and consumers play in these vulnerabilities. This article makes the case for the importance of security engineering for IoT manufacturers, highlights some significant issues to help consumers address these vulnerabilities, and argues for legislation as perhaps the only reliable means of securing the Internet and its connected devices. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 5-11 %8 04/2017 %G eng %U http://timreview.ca/article/1066 %N 4 %1 F-Secure Mikko Hypponen is Chief Research Officer at F-Secure. He has written about his research for The New York Times, Wired, and Scientific America, and he has lectured at several universities, among them Stanford, Oxford, and Cambridge. He has been selected as one of the 50 most important people on the web by PC World Magazine and was included in the FP Global Thinkers list. He is a member of the board of the Nordic Business Forum and the advisory board of the t2 infosec conference. %2 Hanken School of Economics Linus Nyman is an Assistant Professor at the Hanken School of Economics in Helsinki, Finland. He has lectured on a range of topics, including corporate strategy and open source software development. His current research focuses on information security and privacy, which are topics he also covers in a blog for the Finnish daily newspaper Hufvudstadsbladet. Linus holds a PhD and a Master’s degree, both from the Hanken School of Economics. %R http://doi.org/10.22215/timreview/1066 %0 Journal Article %J Technology Innovation Management Review %D 2017 %T TIM Lecture Series – Building Trust in an IoT-Enabled World %A Jeremy Watson %A John Marshall %A Mike Young %A Peter Smetny %A David Mann %K cybersecurity %K Internet of Things %K IOT %K ransomware %K trust %K WannaCry %K wireless %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 50-54 %8 06/2017 %G eng %U http://timreview.ca/article/1084 %N 6 %1 IET Jeremy Watson CBE is President and Fellow of the IET and Professor of Engineering Systems and Vice-Dean (Mission) in the Faculty of Engineering Sciences, based in the Department of Science Technology, Engineering and Public Policy at University College London. He is also Chief Scientist and Engineer at the Building Research Establishment (BRE). Until November 2012, Jeremy was Chief Scientific Advisor for the Department of Communities & Local Government (DCLG). He worked as Arup's Global Research Director between 2006 and 2013. Jeremy was awarded a CBE in the Queen's 2013 Birthday honours for services to engineering. An engineer by training, Jeremy has experience as a practitioner and director of pure and applied research and development in industry, the public sector, and academia. He has held research and technical management roles in industry and universities plus voluntary service with the DTI and BIS. His interests include interactions in, and the design of, socio-technical systems, emerging technology identification, development and deployment, and strategic innovation processes. Jeremy is a Chartered Engineer, a Fellow of the Royal Academy of Engineering, a Fellow of the Institution of Civil Engineers. He is a former Board member of the UK Government Technology Strategy Board (Innovate UK), and he is a founding trustee and Chair-elect of the Institute for Sustainability. He chairs the Natural Environment Research Council (NERC) Innovation Advisory Board and BuildingSMART UK, and until recently, served on the Council of the Engineering & Physical Sciences Research Council (EPSRC). %2 inBay Technologies John Marshall is Principal Software Engineer at inBay Technologies in Kanata, Canada. He has over 20 years of experience as a software architect and technical leader developing real-time embedded telecommunications software, with a passion for improving software development. Previously, he worked as a Senior Software Engineer at Avaya and Software Architect for Nortel Networks. He holds a Bachelor’s degrees in Computing Science from the Technical University of Nova Scotia in Halifax, Canada, and in Mathematics from Dalhousie University, also in Halifax. %3 Bastille Mike Young is a Senior Wireless Security Engineer at Bastille in New York, United States. He founded the Connecticut ISSA chapter and is currently a board member of the New York Metro ISSA. He has worked at Verizon, Verisign, RSA Security, and many security startups. He gave a speech on “Applying PKI” at the NSA in Fort Meade, Maryland. Mike received his Bachelor’s degree in IT Management from Fordham University in New York, and he holds a Master’s degree in IT Management from the University of Virginia in Charlottesville. %4 Fortinet Peter Smetny is the Systems Engineering Director at Fortinet in Ottawa, Canada. As a technical architect, Peter has extensive experience in systems infrastructure design and implementation. He offers vast experience as a network/security architect, with a wide range of network devices, protocols, applications, operating systems, as well as integration, best practice, and design knowledge. His success is attributed to a demonstrated sense of accomplishment, leadership, dedication and initiative. Peter holds a Bachelor of Engineering degree from Carleton University in Ottawa, Canada. %# inBay Technologies David Mann is Director and Chief Security Officer of inBay Technologies in Kanata, Canada. He is a visionary innovator and calculated risk-taker with expertise in creating and leading new business ventures. He is a former Nortel executive, where amongst many achievements he nurtured the development of Entrust, a pioneer digital security company, leading to its $700+ million IPO. David actively engages in executive mentoring and advising Canada's leading researchers in the futures of cybersecurity, web network evolution, and the rapidly changing market of smart web-based applications. David is the Chair of several not-for-profit organizations, including the IET Ottawa Local Network, and he is an honorary member of the Canadian Association for the Advancement of Science. %R http://doi.org/10.22215/timreview/1084 %0 Journal Article %J Technology Innovation Management Review %D 2016 %T Crowdsourcing Literature Reviews in New Domains %A Michael Weiss %K co-creation %K crowdsourcing %K crowdsourcing platform %K cybersecurity %K literature review %K narrative %K new domains %K systematic %X Conducting a literature review in new domains presents unique challenges. The literature in a new domain is typically broad, fragmented, and growing quickly. Because little is known about the new domain, the literature review cannot be guided by established classifications of knowledge, unlike in an existing domain. Rather, it will be driven by evidence that challenges and extends existing knowledge. In a way, exploring a new domain means looking for anomalies in the evidence that cannot be explained by what is already known. This article summarizes lessons from conducting two literature reviews in new domains in the area of cybersecurity. It then presents a design for using leader-driven crowdsourcing to collect evidence and synthesize it into insights in a new domain. The article will be relevant to those who are exploring a new domain, in particular students, researchers, and members of R&D projects in industry. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 6 %P 5-14 %8 02/2016 %G eng %U http://timreview.ca/article/963 %N 2 %1 Carleton University Michael Weiss holds a faculty appointment in the Department of Systems and Computer Engineering at Carleton University in Ottawa, Canada, and is a member of the Technology Innovation Management program. His research interests include open source, ecosystems, mashups, patterns, and social network analysis. Michael has published on the evolution of open source business, mashups, platforms, and technology entrepreneurship. %R http://doi.org/10.22215/timreview/963 %0 Journal Article %J Technology Innovation Management Review %D 2016 %T Editorial: Cybersecurity (February 2016) %A Chris McPhee %A Dan Craigen %K cybersecurity %K intrusion %K licensing %K literature reviews %K machine learning %K malware %K multisided platforms %K new domains %K open source %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 6 %P 3-4 %8 02/2016 %G eng %U http://timreview.ca/article/962 %N 2 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada and a Visiting Scholar in the Technology Innovation Management Program at Carleton University in Ottawa, Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees in Mathematics from Carleton University. %R http://doi.org/10.22215/timreview/962 %0 Journal Article %J Technology Innovation Management Review %D 2016 %T Editorial: Managing Innovation (April 2016) %A Chris McPhee %K creativity %K cybersecurity %K entrepreneurship %K frugal innovation %K innovation %K managing innovation %K national culture %K Open innovation %K projects %K startups %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 6 %P 3-4 %8 04/2016 %G eng %U http://timreview.ca/article/976 %N 4 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %R http://doi.org/10.22215/timreview/976 %0 Journal Article %J Technology Innovation Management Review %D 2016 %T Examining the Modes Malware Suppliers Use to Provide Goods and Services %A Tony Bailetti %A Mahmoud Gad %K agents %K customers %K cybercrime %K cybersecurity %K malware %K modes %K multisided platform %K suppliers %X Malware suppliers use various modes to provide goods and services to customers. By mode, we mean “the way” the malware supplier chooses to function. These modes increase monetization opportunities and enable many security breaches worldwide. A theoretically sound framework that can be used to examine the various modes that malware suppliers use to produce and sell malware is needed. We apply a general model specified recently by Hagiu and Wright to study five modes that malware suppliers use to deliver goods and services to their customers. The framework presented in this article can be used to predict the mode in which a malware supplier will function; to study which types of malware suppliers, agents, and customers are attracted to each mode; to discover new modes; and to better understand the threat a malware supplier presents. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 6 %P 21-27 %8 02/2016 %G eng %U http://timreview.ca/article/965 %N 2 %1 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %2 VENUS Cybersecurity Corporation Mahmoud M. Gad is a Research Associate at VENUS Cybersecurity. He holds a PhD in Electrical and Computer Engineering from the University of Ottawa in Canada and an MSc in Electrical and Computer Engineering from the University of Maryland in College Park, United States. His research interests include cybercrime markets, machine learning for intrusion detection, analysis of large-scale networks, and cognitive radio networks. %R http://doi.org/10.22215/timreview/965 %0 Journal Article %J Technology Innovation Management Review %D 2016 %T Intrusion Learning: An Overview of an Emergent Discipline %A Tony Bailetti %A Mahmoud Gad %A Ahmed Shah %K adversarial learning %K clustering %K cybersecurity %K enterprise %K intrusion detection %K intrusion learning %K learning algorithms %K machine learning %K real-time analysis %K resiliency %K security %K streaming network data %X The purpose of this article is to provide a definition of intrusion learning, identify its distinctive aspects, and provide recommendations for advancing intrusion learning as a practice domain. The authors define intrusion learning as the collection of online network algorithms that learn from and monitor streaming network data resulting in effective intrusion-detection methods for enabling the security and resiliency of enterprise systems. The network algorithms build on advances in cyber-defensive and cyber-offensive capabilities. Intrusion learning is an emerging domain that draws from machine learning, intrusion detection, and streaming network data. Intrusion learning offers to significantly enhance enterprise security and resiliency through augmented perimeter defense and may mitigate increasing threats facing enterprise perimeter protection. The article will be of interest to researchers, sponsors, and entrepreneurs interested in enhancing enterprise security and resiliency. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 6 %P 15-20 %8 02/2016 %G eng %U http://timreview.ca/article/964 %N 2 %1 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %2 VENUS Cybersecurity Corporation Mahmoud M. Gad is a Research Associate at VENUS Cybersecurity. He holds a PhD in Electrical and Computer Engineering from the University of Ottawa in Canada. Additionally, he holds an MSc in Electrical and Computer Engineering from the University of Maryland in College Park, United States. His research interests include cybercrime markets, machine learning for intrusion detection, analysis of large-scale networks, and cognitive radio networks. %3 Carleton University Ahmed Shah holds a BEng in Software Engineering and is pursuing an MASc degree in Technology Innovation Management at Carleton University in Ottawa, Canada. Ahmed has experience working in cybersecurity research with the VENUS Cybersecurity Corporation and has experience managing legal deliverables at IBM. %R http://doi.org/10.22215/timreview/964 %0 Journal Article %J Technology Innovation Management Review %D 2016 %T License Compliance in Open Source Cybersecurity Projects %A Ahmed Shah %A Selman Selman %A Ibrahim Abualhaol %K contamination %K copyright %K cybersecurity %K GPL %K license %K open source %K third-party code %X Developers of cybersecurity software often include and rely upon open source software packages in their commercial software products. Before open source code is absorbed into a proprietary product, developers must check the package license to see if the project is permissively licensed, thereby allowing for commercial-friendly inheritance and redistribution. However, there is a risk that the open source package license could be inaccurate due to being silently contaminated with restrictively licensed open source code that may prohibit the sale or confidentiality of commercial derivative work. Contamination of commercial products could lead to expensive remediation costs, damage to the company's reputation, and costly legal fees. In this article, we report on our preliminary analysis of more than 200 open source cybersecurity projects to identify the most frequently used license types and languages and to look for evidence of permissively licensed open source projects that are likely contaminated by restrictive licensed material (i.e., containing commercial-unfriendly code). Our analysis identified restrictive license contamination cases occurring in permissively licensed open source projects. Furthermore, we found a high proportion of code that lacked copyright attribution. We expect that the results of this study will: i) provide managers and developers with an understanding of how contamination can occur, ii) provide open source communities with an understanding on how they can better protect their intellectual property by including licenses and copyright information in their code, and ii) provide entrepreneurs with an understanding of the open source cybersecurity domain in terms of licensing and contamination and how they affect decisions about cybersecurity software architectures. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 6 %P 28-35 %8 02/2016 %G eng %U http://timreview.ca/article/966 %N 2 %1 Carleton University Ahmed Shah holds a BEng in Software Engineering and is pursuing an MASc degree in Technology Innovation Management at Carleton University in Ottawa, Canada. Ahmed has experience working in cybersecurity research with the VENUS Cybersecurity Corporation and has experience managing legal deliverables at IBM. %2 Carleton University Selman Selman is a Software Engineer at Synopsys under the Software Integrity Group. He is also carrying out graduate studies in Technology Innovation Management at Carleton University in Ottawa, Canada. %3 Carleton University Ibrahim Abualhaol holds BSc and MSc degrees in Electrical Engineering from Jordan University of Science and Technology, an MEng in Technology Innovation Management from Carleton University in Ottawa, Canada, and a PhD in Electrical Engineering from the University of Mississippi in Oxford, United States. He worked for two years as a Wireless Engineer at Broadcom Corporation and as a System Engineer Intern at Qualcomm Incorporation in the United States. He then worked as an Assistant Professor of Wireless Communications at Khalifa University, United Arab Emirates for four years. Currently, he is a Cybersecurity R & D Engineer working on operationalizing collective intelligence with artificial intelligence to improve cybersecurity. He is senior member of IEEE, a member of Phi Kappa Phi, and a member of Sigma Xi. %R http://doi.org/10.22215/timreview/966 %0 Journal Article %J Technology Innovation Management Review %D 2016 %T TIM Seminar – Transforming a Desert City into an International Cybersecurity Hub and Ecosystem %A Roni Zehavi %K Canada %K collaboration %K cooperation %K cybersecurity %K CyberSpark %K Israel %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 6 %P 43-45 %8 04/2016 %G eng %U http://timreview.ca/article/982 %N 4 %1 CyberSpark Roni Zehavi is the CEO of CyberSpark, the industry initiative created to advance research and development of cyber-solutions in Beer-Sheva, Israel. He has more than 10 years of experience in the entrepreneurial hi-tech arena, integrating highly-innovative and multidisciplinary technologies into sellable products. His range of experience includes stewarding ideas through the development process into the marketplace. His most recent company, "To-Be-Education," is creating a platform upon which teachers and students can upload content that can be transformed into dilemma-based learning games with multiple users, facilitating the development of global learners’ communities. An experienced test engineer and pilot from ETPS UK and an Aeronautical Engineer from the Technion, Roni is a well-known expert in the aviation professions, including their operational, methodological, and technological aspects. In 2004, Roni founded Rontal Applications, a leading provider of a 3D-based application for simulations and real-time command-and-control systems. Under his leadership, the company achieved successful results before being acquired by an American corporation. %R http://doi.org/10.22215/timreview/982 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Building Cyber-Resilience into Supply Chains %A Adrian Davis %K cyber-resilience %K cybersecurity %K direct suppliers %K indirect suppliers %K information-centric approach %K procurement %K requirements %K resilience %K supply chain %K Tier 1 suppliers %X The article discusses how an organization can adopt an information-centric approach to protect its information shared in one or more supply chains; clearly communicate the expectations it has for a direct (Tier 1) supplier to protect information; and use contracts and measurement to maintain the protection desired. Building on this foundation, the concept of resilience – and that of cyber-resilience – is discussed, and how an information-centric approach can assist in creating a more cyber-resilient supply chain. Finally, the article concludes with five steps an organization can take to improve the protection of its information: i) map the supply chain; ii) build capability; iii) share information and expertise; iv) state requirements across the supply chain using standards, common frameworks, and languages; and v) measure, assess, and audit. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 19-27 %8 04/2015 %G eng %U http://timreview.ca/article/887 %N 4 %1 (ISC)2 Adrian Davis, PhD, MBA, FBCS CITP, CISSP, heads the Europe, Middle East, and Africa (EMEA) team for (ISC)2, the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. His role is to deliver the (ISC)2 vision of inspiring a safe and secure cyber-world and its mission of supporting and providing members and constituents with credentials, resources, and leadership to secure information and deliver value to society. Before working for (ISC)2, Adrian delivered practical business solutions to over 360 blue-chip multinational clients for the Information Security Forum. His expertise included: managing information security in supply chains; information security governance and effectiveness; the relationship between information security and business continuity; and possible near-term threats to organizations. Adrian regularly attends and chairs conferences and contributes articles for the press. He also contributed to the development of ISO/IEC 27014: Governance of Information Security and currently acts as a co-editor for ISO/IEC 27036 Information Security in Supplier Relationships, Part 4: Guidelines for Security of Cloud Services. %R http://doi.org/10.22215/timreview/887 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Challenges in Maritime Cyber-Resilience %A Lars Jensen %K container %K cyber-resilience %K cyber-risk %K CyberKeel %K cybersecurity %K maritime %K terminal %K vessel %X The maritime industry has been shown to be under increasing levels of cyber-attack, with future attacks having the potential to severely disrupt critical infrastructure. The industry lacks a standardized approach to cybersecurity, a national approach will be counterproductive, and a global mandatory standard, while needed, will take a long time to implement. In the shorter term, this article recommends that the industry coalesce around a set of voluntary guidelines in order to reduce the risk profile and increase resilience. To provide context for these recommendations, this article examines the specific characteristics of the maritime industry in relation to cybersecurity. Examples of existing vulnerabilities and reported cyber-attacks demonstrate that the threat is current and real. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 35-39 %8 04/2015 %G eng %U http://timreview.ca/article/889 %N 4 %1 CyberKeel Lars Jensen is CEO and Co-Founder of CyberKeel, an international maritime cybersecurity company based in Copenhagen, Denmark. He is a recognized global expert in container shipping markets, having worked initially working for Maersk Line, where he was responsible for global intelligence and analysis as well as e-Commerce. In 2011, he founded SeaIntel Maritime Analysis, and he is currently the CEO of SeaIntel Consulting in addition to being CEO of CyberKeel. He holds a PhD in Theoretical Physics from the University of Copenhagen, and he has received strategy and leadership training from the London Business School and the Copenhagen Business School. %R http://doi.org/10.22215/timreview/889 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Cybersecurity and Cyber-Resilient Supply Chains %A Hugh Boyes %K cyber-resilience %K cybersecurity %K risk management %K supply chain %K threat management %X There has been a rapid growth in the use of communications and information technology, whether embedded in products, used to deliver services, or employed to enable integration and automation of increasingly global supply chains. Increased use of information technology introduces a number of cybersecurity risks affecting cyber-resilience of the supply chain, both in terms of the product or service delivered to a customer and supply chain operation. The situation is complicated by factors such as the global sourcing of technology components or software, ownership of the systems in a supply chain, different legal jurisdictions involved, and the extensive use of third parties to deliver critical functionality. This article examines the cyber-resilience issues related to the supply of products, services, and the supply chain infrastructure considering the nature of threats and vulnerabilities and the attributes of cybersecurity. In doing so, it applies a model for cybersecurity that is adapted from the Parkerian hexad to explore the security and trustworthiness facets of supply chain operations that may impact cyber-resilience. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 28-34 %8 04/2015 %G eng %U http://timreview.ca/article/888 %N 4 %1 University of Warwick Hugh Boyes is a Principal Fellow at WMG at the University of Warwick, United Kingdom, where he focuses on cyber-resilience and the cybersecurity of cyber-physical systems. He is a Chartered Engineer, a Fellow of the IET and holds the CISSP credential issued by (ISC)2. Hugh is also the Cyber Security Lead at the Institution of Engineering and Technology (IET), where he focuses on developing cybersecurity skills initiatives for engineering and technology communities. This work is particularly focused on the design and operation of physical-cyber systems (e.g., industrial control systems, building automation systems). He has written two guidance documents for the Institution of Engineering and Technology (IET) on cybersecurity in the built environment, and with Alex Luck, is the joint technical author of a BSI publicly available specification (PAS) on security-minded building information modeling, digital built environments, and smart asset management. %R http://doi.org/10.22215/timreview/888 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Cybersecurity Skills Training: An Attacker-Centric Gamified Approach %A Mackenzie Adams %A Maged Makramalla %K cyber attackers %K cybersecurity %K entrepreneur %K gamification %K training %X Although cybersecurity awareness training for employees is important, it does not provide the necessary skills training required to better protect businesses against cyber-attacks. Businesses need to invest in building cybersecurity skills across all levels of the workforce and leadership. This investment can reduce the financial burden on businesses from cyber-attacks and help maintain consumer confidence in their brands. In this article, we discuss the use of gamification methods that enable all employees and organizational leaders to play the roles of various types of attackers in an effort to reduce the number of successful attacks due to human vulnerability exploits. We combine two separate streams – gamification and entrepreneurial perspectives – for the purpose of building cybersecurity skills while emphasizing a third stream – attacker types (i.e., their resources, knowledge/skills, and motivation) – to create training scenarios. We also define the roles of attackers using various theoretical entrepreneurial perspectives. This article will be of interest to leaders who need to build cybersecurity skills into their workforce cost-effectively; researchers who wish to advance the principles and practices of gamification solutions; and suppliers of solutions to companies that wish to build cybersecurity skills in the workforce and leadership. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 5-14 %8 01/2015 %G eng %U http://timreview.ca/article/861 %N 1 %1 Carleton University Mackenzie Adams is a serial entrepreneur, a Senior Technical Communicator, and a graduate student in the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada. She is also a VP/Creative Director at SOMANDA, a consulting company. Over the past 15 years, Mackenzie has worked in a variety of fields ranging from social work to accounting and has used those experiences to develop strong strategic and analytical skills. She is interested in the fields of artificial intelligence and quantum computing, and how they relate to cybersecurity. %2 Carleton University Maged Makramalla is a current graduate student in the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada. He holds a Bachelor of Science degree in Mechatronics Engineering from the German University in Cairo, Egypt. For three years, he has been working as Manager of the Sales and Marketing Department of TREND, a trading and engineering company based in Cairo. His primary research interest lies in the improvement of educational techniques by introducing experiential learning into the regular curriculum while promoting gamification of educational methods. %R http://doi.org/10.22215/timreview/861 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T A Design Science Approach to Constructing Critical Infrastructure and Communicating Cybersecurity Risks %A Steven Muegge %A Dan Craigen %K advanced persistent threats %K critical infrastructures %K cybersecurity %K design propositions %K design science %K resilience %X Academics are increasingly examining the approaches individuals and organizations use to construct critical infrastructure and communicate cybersecurity risks. Recent studies conclude that owners and operators of critical infrastructures, as well as governments, do not disclose reliable information related to cybersecurity risks and that cybersecurity specialists manipulate cognitive limitations to overdramatize and oversimplify cybersecurity risks to critical infrastructures. This article applies a design science perspective to the challenge of securing critical infrastructure by developing a process anchored around evidence-based design principles. The proposed process is expected to enable learning across critical infrastructures, improve the way risks to critical infrastructure are communicated, and improve the quality of the responses to citizens’ demands for their governments to collect, validate, and disseminate reliable information on cybersecurity risks to critical infrastructures. These results will be of interest to the general public, vulnerable populations, owners and operators of critical infrastructures, and various levels of governments worldwide. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 6-16 %8 06/2015 %G eng %U http://timreview.ca/article/902 %N 6 %1 Carleton University Steven Muegge is an Assistant Professor at the Sprott School of Business at Carleton University in Ottawa, Canada, where he teaches and leads a research program within Carleton’s Technology Innovation Management (TIM) program. His research, teaching, and community service interests include technology entrepreneurship and commercialization, non-traditional settings for innovation and entrepreneurship (business ecosystems, communities, platforms, and interconnected systems that combine these elements), and business models of technology entrepreneurs (especially in non-traditional settings). %2 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada and a Visiting Scholar at the Technology Innovation Management Program of Carleton University in Ottawa, Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees in Mathematics from Carleton University. %R http://doi.org/10.22215/timreview/902 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Editorial: 100th Issue (November 2015) %A Chris McPhee %K 3D printing %K born-global firms %K collaborative innovation %K cybersafety %K cybersecurity %K cyberspace %K future research %K innovation %K lean global startups %K lean startups %K management %K Open innovation %K social innovation %K supply chains %K technology %K technology innovation management review %K TIM Review %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 3-4 %8 11/2015 %G eng %U http://timreview.ca/article/939 %N 11 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %R http://doi.org/10.22215/timreview/939 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Editorial: Critical Infrastructures and Cybersecurity (June 2015) %A Chris McPhee %A Dan Craigen %A Steven Muegge %K botnet %K club theory %K critical infrastructure %K cybersecurity %K design principles %K design science %K healthcare %K networked medical devices %K project management maturity model %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 3-5 %8 06/2015 %G eng %U http://timreview.ca/article/901 %N 6 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada and a Visiting Scholar at the Technology Innovation Management Program of Carleton University in Ottawa, Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees in Mathematics from Carleton University. %3 Carleton University Steven Muegge is an Assistant Professor at the Sprott School of Business at Carleton University in Ottawa, Canada, where he teaches and leads a research program within Carleton’s Technology Innovation Management (TIM) program. His research, teaching, and community service interests include technology entrepreneurship and commercialization, non-traditional settings for innovation and entrepreneurship (business ecosystems, communities, platforms, and interconnected systems that combine these elements), and business models of technology entrepreneurs (especially in non-traditional settings). %R http://doi.org/10.22215/timreview/901 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Editorial: Cyber-Resilience in Supply Chains (April 2015) %A Chris McPhee %A Omera Khan %K cyber-attacks %K cyber-resilience %K cyber-risk %K cybersecurity %K resilience %K supply chains %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 3-5 %8 04/2015 %G eng %U http://timreview.ca/article/884 %N 4 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. He holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. Chris has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Technical University of Denmark Omera Khan is a Full Professor of Operations Management at the Technical University of Denmark. She works with leading organizations on a range of supply chain and logistics issues and is advisor to many universities developing courses in logistics, supply chains, and operations management. She has led and conducted research projects commissioned by government agencies, research councils, and companies in supply chain resilience, responsiveness, sustainability, and the impact of product design on the supply chain. Her latest area of research focuses on cyber-risk and resilience in the supply chain. Omera is an advisor to many organizations and provides specialist consultancy in supply chain risk management. She is a highly acclaimed presenter and is regularly invited as a keynote speaker at global conferences and corporate events. She has published her research in leading journals, contributed to several book chapters, and is lead author of Handbook for Supply Chain Risk Management: Case Studies, Effective Practices and Emerging Trends. She founded and was Chair of the Supply Chain Risk and Resilience Research Club and the Product Design and Supply Chain Special Interest Group. She has also been a visiting professor at a number of leading business schools. %R http://doi.org/10.22215/timreview/884 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Editorial: Cybersecurity (January 2015) %A Chris McPhee %A Tony Bailetti %K automotive manufacturing %K botnet takedowns %K botnets %K commercialization %K critical infrastructure %K cyber-attacks %K cybersecurity %K employee training %K gamification %K Internet %K outsourcing %K quantum key distribution %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 3-4 %8 01/2015 %G eng %U http://timreview.ca/article/860 %N 1 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa and BScH and MSc degrees in Biology from Queen's University in Kingston. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %R http://doi.org/10.22215/timreview/860 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Editorial: Insights (May 2015) %A Chris McPhee %K business ecosystems %K cybersecurity %K Innovation management %K Internet of Things %K non-practicing entities %K open source policies %K open source software %K patent trolls %K social innovation %K transformative innovation %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 3-4 %8 05/2015 %G eng %U http://timreview.ca/article/893 %N 5 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %R http://doi.org/10.22215/timreview/893 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Q&A. How Can I Secure My Digital Supply Chain? %A Richard Wilding %A Malcolm Wheatley %K cyber-crime %K cybersecurity %K intellectual property protection %K IT security management %K supply chain risk %K supply chain security %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 40-43 %8 04/2015 %G eng %U http://timreview.ca/article/890 %N 4 %1 Cranfield School of Management Richard Wilding OBE is a Full Professor and Chair of Supply Chain Strategy at Cranfield School of Management, England. A European and Chartered Engineer, he is a chartered fellow of the Institute of Engineering and Technology (Manufacturing Division) (FIET), the Chartered Institute of Logistics & Transport (FCILT) and the Chartered Institute of Purchasing & Supply (FCIPS). He has published widely in the area of Supply Chain Management and is an editorial advisor to a number of major journals in this area. In recognition of his outstanding achievements in the area of logistics and supply chain management, he was appointed an Officer of the Most Excellent Order of the British Empire (OBE) by Queen Elizabeth II in the 2013 New Year Honours, for services to business. %2 Cranfield School of Management Malcolm Wheatley PhD is a visiting fellow at Cranfield School of Management, England. A former management consultant with Price Waterhouse and Deloitte, Haskins & Sells, he has written extensively on manufacturing and supply chain management IT, security and strategy matters. His supply chain security-specific work has appeared in publications such as CIO Magazine, CSO Magazine, The Manufacturer, and Procurement Leaders. %R http://doi.org/10.22215/timreview/890 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Q&A. Should the Internet Be Considered Critical Infrastructure? %A Walter Miron %K communication networks %K critical infrastructure %K cyber-attacks %K cybersecurity %K information technology %K Internet %K vulnerabilities %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 37-40 %8 01/2015 %G eng %U http://timreview.ca/article/865 %N 1 %1 TELUS Communications Walter Miron is a Director of Technology Strategy at TELUS Communications, where he is responsible for the evolution of their packet and optical networks. He has over 20 years of experience in enterprise and service provider networking conducting technology selection and service development projects. Walter is a member of the research program committee of the SAVI project, the Heavy Reading Global Ethernet Executive Council, and the ATOPs SDN/nFV Working Group. He is also the Chair of the Venus Cybersecurity Corporation and is a graduate student in the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada. %R http://doi.org/10.22215/timreview/865 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Representing Botnet-Enabled Cyber-Attacks and Botnet Takedowns Using Club Theory %A Olukayode Adegboyega %K botmaster %K botnet %K botnet takedown %K collective action %K cyber-attack %K cybersecurity %X A model for executing and resisting botnet-enabled cyber-attacks and botnet takedowns does not exist. The lack of this representation results in ineffective and inefficient organizational decision making and learning, hampers theory development, and obfuscates the discourse about the “best-case” scenarios for the future of the online world. In this article, a club theory model for botnet-enabled cyber-attacks and botnet takedowns is developed. Initiatives to execute and resist botnet-enabled cyber-attacks and botnet takedowns are conceptualized as collective actions carried out by individuals and groups organized into four types of Internet-linked clubs: Attacker, Defender, Botbeheader, and Botmaster. Five scenarios of botnet-enabled cyber-attacks and five scenarios of botnet takedowns are examined to identify the specific dimensions of the three constructs and provide examples of the values in each dimension. The developed theory provides insights into the clubs, thereby paving the way for more effective botnet mitigation strategies. This research will be of particular interest to executives and functional personnel of heterogeneous organizations who are interested in improving the quality of their communications and accelerating decision making when solving botnet-related problems. Researchers applying club theory to examine collective actions of organizations linked by the Internet will also be interested in this research. Although club theory has been applied to solve problems in many fields, this is the first effort to apply it to botnet-related problems. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 35-44 %8 06/2015 %G eng %U http://timreview.ca/article/905 %N 6 %1 Carleton University Olukayode Adegboyega holds an MASc degree in Technology Innovation Management (TIM) from Carleton University in Ottawa, Canada and a Bachelor in Electrical and Electronics Engineering from the Federal University of Technology in Akure, Nigeria. He has worked as an IP Network Service Engineer at LM Ericsson Nigeria Limited and as a Data Communication Network Engineer at Globacom Limited of Nigeria. %R http://doi.org/10.22215/timreview/905 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Secure by Design: Cybersecurity Extensions to Project Management Maturity Models for Critical Infrastructure Projects %A Jay Payette %A Esther Anegbe %A Erika Caceres %A Steven Muegge %K C2M2 %K capability maturity models %K CERT RMM %K critical infrastructures %K cybersecurity %K NIST %K P3M3 %K PjM3 %K project management %X Many systems that comprise our critical infrastructures – including electricity, transportation, healthcare, and financial systems – are designed and deployed as information technology (IT) projects using project management practices. IT projects provide a one-time opportunity to securely "design in" cybersecurity to the IT components of critical infrastructures. The project management maturity models used by organizations today to assess the quality and rigour of IT project management practices do not explicitly consider cybersecurity. This article makes three contributions to address this gap. First, it develops the argument that cybersecurity can and should be a concern of IT project managers and assessed in the same way as other project management capabilities. Second, it examines three widely used cybersecurity maturity models – i) the National Institute of Science and Technology (NIST) framework for improving critical infrastructure cybersecurity, ii) the United States Department of Energy’s Cybersecurity Capability Maturity Model (C2M2), and iii) the CERT Resilience Management Model (CERT RMM) from the Carnegie Mellon Software Engineering Institute – to identify six cybersecurity themes that are salient to IT project management. Third, it proposes a set of cybersecurity extensions to PjM3, a widely-deployed project management maturity model. The extensions take the form of a five-level cybersecurity capability perspective that augments the seven standard perspectives of the PjM3 by explicitly assessing project management capabilities that impact the six themes where IT project management and cybersecurity intersect. This article will be relevant to IT project managers, the top management teams of organizations that design and deploy IT systems for critical infrastructures, and managers at organizations that provide and maintain critical infrastructures. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 26-34 %8 06/2015 %G eng %U http://timreview.ca/article/904 %N 6 %1 Carleton University Jay Payette is a graduate student in the Masters of Design program at Carleton University in Ottawa, Canada, and is the Managing Principal of Payette Consulting. Jay founded Payette Consulting in 2011 to help clients balance the consistent results of repeatable business processes and analytic decision making, with the fuzzy world of creativity. His research has focused on applying design-thinking principles to business model generation, strategy, and project delivery. Prior to founding Payette Consulting, Jay worked for the Canadian consulting practice of Accenture and as an independent IT Project Manager. %2 Carleton University Esther Anegbe is a graduate student in the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada. She also holds a Bachelor's degree in Computer Engineering from Ladoke Akintola University of Technology in Nigeria. She worked as a Technology Analyst with a leading Investment Management Firm in Lagos, Nigeria (Sankore Global Investments), where she formed part of the technology team that developed, deployed, and provided support for the financial software projects that expanded the market reach of the firm’s stock brokerage and wealth management subsidiaries. She is currently working on a startup (Tech Wits) to provide enterprise solutions and services to startups in their accelerators and incubators. %3 Carleton University Erika Caceres is a graduate student in the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada. She holds a Bachelor's degree in Technology Information Management from The University of Yucatan, Mexico. She previous worked as an innovation consultant at I+D+i Hub, a leading technology transfer office in Merida, Mexico, where she formed part of the management team to produce innovation projects that were submitted for funding to the government to help accelerate the economy in the south of Mexico. She is currently working on Volunteer Safe, an online startup that pre-screens and licenses volunteers and connects them to volunteer opportunities aligned to their profile. %4 Carleton University Steven Muegge is an Assistant Professor at the Sprott School of Business at Carleton University in Ottawa, Canada, where he teaches and leads a research program within Carleton’s Technology Innovation Management (TIM) program. His research, teaching, and community service interests include technology entrepreneurship and commercialization, non-traditional settings for innovation and entrepreneurship (business ecosystems, communities, platforms, and interconnected systems that combine these elements), and business models of technology entrepreneurs (especially in non-traditional settings). %R http://doi.org/10.22215/timreview/904 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Securing Cyberspace: Towards an Agenda for Research and Practice %A Renaud Levesque %A D’Arcy Walsh %A David Whyte %K Canada %K challenges %K countermeasures %K cyber security %K cybersafety %K cybersecurity %K cyberspace %K detection %K Internet of Things %K leadership %K mitigation %K research %K security %X In this article, we seek to identify the important challenges preventing security in cyberspace and to identify the key questions that nations should set out to answer to play a leading role in securing cyberspace. An important assertion is that the challenge of securing cyberspace transcends the abilities of any single entity and requires a radical shift in our approach in how: i) research is conducted, ii) cybersecurity researchers are educated, iii) new defendable systems are developed, and iv) effective defensive countermeasures are deployed. Our response draws upon extensive source material and our personal experiences as cybersecurity professionals contributing to the establishment of the VENUS Cybersecurity Corporation, a not-for-profit corporation that aims to make Canada a global leader in cybersecurity. We view the challenge to be global and transdisciplinary in nature and this article to be of relevance world-wide to senior decision makers, policy makers, managers, educators, strategists, futurists, scientists, technologists, and others interested in shaping the online world of the future. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 26-34 %8 11/2015 %G eng %U http://timreview.ca/article/943 %N 11 %1 Communications Security Establishment Renaud Levesque is the Director General of Core Systems at the Communications Security Establishment (CSE) in Ottawa, Canada, where he is responsible for R&D and systems development. He has significant experience in the delivery of capability and organizational change in highly technical environments. His career began at CSE in 1986 as a Systems Engineer, responsible for the development and deployment of numerous systems, including the CSE IP corporate network in 1991. In 2000 Renaud went to work in the private sector as Head of Speech Technologies at Locus Dialogue, and later at Infospace Inc., where he became Director of Speech Solutions Engineering. He rejoined CSE in 2003, where he assumed the lead role in the IT R&D section. Subsequently, as a Director General, he focused efforts towards the emergence of CSE's Joint Research Office and The Tutte Institute for Mathematics and Computing. Renaud holds a Bachelor of Engineering from l’École Polytechnique, Université de Montréal, Canada. %2 Communications Security Establishment D’Arcy Walsh is a Science Advisor at the Communications Security Establishment (CSE) in Ottawa, Canada. His research interests include software-engineering methods and techniques that support the development and deployment of dynamic systems, including dynamic languages, dynamic configuration, context-aware systems, and autonomic and autonomous systems. He received his BAH from Queen’s University in Kingston, Canada, and he received his BCS, his MCS, and his PhD in Computer Science from Carleton University in Ottawa, Canada. %3 Communications Security Establishment David Whyte is the Technical Director for the Cyber Defence Branch at the Communications Security Establishment (CSE) in Ottawa, Canada. He is CSE's technical lead responsible for overseeing the implementation of the next-generation cyberthreat-detection services for the Government of Canada. He has held many positions over the last 16 years within CSE that span both the Signals Intelligence and Information Technology Security mission lines. David holds a PhD in Computer Science from Carleton University in Ottawa, Canada. The main focus of his research is on the development of network-based behavioural analysis techniques for the detection of rapidly propagating malware. %R http://doi.org/10.22215/timreview/943 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Securing the Car: How Intrusive Manufacturer-Supplier Approaches Can Reduce Cybersecurity Vulnerabilities %A Mohamed Amin %A Zaid Tariq %K automobile manufacturing %K car design %K control %K cybersecurity %K glue code %K governance %K intrusiveness %K outsourcing %K supplier %K supplier-manufacturer relationships %K vulnerabilities %X Today's vehicles depend on numerous complex software systems, some of which have been developed by suppliers and must be integrated using "glue code" so that they may function together. However, this method of integration often introduces cybersecurity vulnerabilities at the interfaces between electronic systems. In this article we address the “glue code problem” by drawing insights from research on supplier-manufacturer outsourcing relationships in the automotive industry. The glue code problem can be framed as a knowledge coordination problem between manufactures and suppliers. Car manufacturers often employ different levels of intrusiveness in the design of car subsystems by their suppliers: the more control over the supplier the manufacturer exerts in the design of the subsystem, the more intrusive the manufacturer is. We argue that high intrusiveness by car manufacturers in defining module interfaces and subcomponents for suppliers would lead to more secure cars. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 21-25 %8 01/2015 %G eng %U http://timreview.ca/article/863 %N 1 %1 Carleton University Mohamed Amin is an MASc student in the Technology Innovation Management program at Carleton University in Ottawa, Canada. His research interests include cybersecurity, API strategy, and industry architecture. He works as a Solution Architect for Alcatel-Lucent Canada, where he designs and delivers network solutions for various internet service providers around the world. %2 Carleton University Zaid Tariq is completing his MEng in Technology Innovation Management at Carleton University in Ottawa, Canada. He also holds a BEng degree in Computer Engineering from McGill University in Montreal, Canada. He is a Senior Network Engineer at Cisco Systems and has 9 years experience working in the network design, architecture, and test domains. %R http://doi.org/10.22215/timreview/863 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T Supply Chain Cyber-Resilience: Creating an Agenda for Future Research %A Omera Khan %A Daniel A. Sepúlveda Estay %K cyber-risk %K cybersecurity %K resilience %K supply chain management %K theoretical foundation %X Supply chains have become more vulnerable in recent years, and high-profile cyber-attacks that have crippled the supply chains of well-known companies reveal that the point of entry for hackers is often through the weakest link in the chain. Exacerbated by growing complexity and the need to be visible, these supply chains share vital streams of information every minute of the day, thereby becoming an easy and highly lucrative target for talented criminals, causing financial losses as well as damaging brand reputation and value. Companies must therefore invest in supply chain capabilities to withstand cyber-attacks (i.e., cyber-resilience) in order to guard against potential threats. They must also embrace the reality that this often-unknown dimension of risk is the "new normal". Although interest on this topic has grown in the business world, less has been reported by the academic community. One reason for this could be due to the convergence of two different disciplines, information technology and supply chains, where supply chain cyber-risk and cyber-resilience appear to have a natural fit. The topic of cyber-resilience in supply chains is still in early stages of development, and this is one of the first journals to focus a special issue on it. Currently, the closest academic literature is within the realms of supply chain risk and resilience, where numerous models and frameworks exist. In this article, this literature is explored to identify whether these models can incorporate the dimension of cyber-risk and cyber-resilience. In doing so, we create a research agenda for supply chain cyber-resilience and provide recommendations for both academia and practice. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 6-12 %8 04/2015 %G eng %U http://timreview.ca/article/885 %N 4 %1 Technical University of Denmark Omera Khan is a Full Professor of Operations Management at the Technical University of Denmark. She works with leading organizations on a range of supply chain and logistics issues and is advisor to many universities developing courses in logistics, supply chains, and operations management. She has led and conducted research projects commissioned by government agencies, research councils, and companies in supply chain resilience, responsiveness, sustainability, and the impact of product design on the supply chain. Her latest area of research focuses on cyber-risk and resilience in the supply chain. Omera is an advisor to many organizations and provides specialist consultancy in supply chain risk management. She is a highly acclaimed presenter and is regularly invited as a keynote speaker at global conferences and corporate events. She has published her research in leading journals, contributed to several book chapters, and is lead author of Handbook for Supply Chain Risk Management: Case Studies, Effective Practices and Emerging Trends. She founded and was Chair of the Supply Chain Risk and Resilience Research Club and the Product Design and Supply Chain Special Interest Group. She has also been a visiting professor at a number of leading business schools. %2 Technical University of Denmark Daniel A. Sepulveda Estay is a PhD researcher at the Technical University of Denmark, where he researches cyber-risk and security in the global supply chain. He has worked in the engineering and supply divisions of a number of multinational companies, both in strategic/leadership and operational roles for over 11 years, having partially led initiatives such as the implementation of lean manufacturing in Coca-Cola Company Latin America and supply rationalization in BHP Billiton´s copper projects division. Daniel has a BSc in Mechanical Engineering from the Federico Santa Maria Technical University in Valparaiso, Chile, an MSc degree in Industrial Engineering from the Pontifical Catholic University of Chile in Santiago, Chile, and an MSc degree in Management from the MIT Sloan School of Management, in Boston, United States. %R http://doi.org/10.22215/timreview/885 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T TIM Lecture Series – The Expanding Cybersecurity Threat %A Cheri F. McGuire %K antivirus %K cyber-attacks %K cyber-espionage %K cyber-threats %K cybersecurity %K data breaches %K malware %K private-public partnerships %K ransomware %K scareware %K social engineering %K Symantec %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 56-48 %8 03/2015 %G eng %U http://timreview.ca/article/881 %N 3 %1 Symantec Cheri McGuire is Vice President for Global Government Affairs and Cybersecurity Policy at Symantec, where she is responsible for the global public policy agenda and government engagement strategy, which includes cybersecurity, data integrity, critical infrastructure protection, and privacy. She currently serves on the World Economic Forum Global Agenda Council on Cybersecurity, and on the boards of the Information Technology Industry Council, the US Information Technology Office in China, and the National Cyber Security Alliance. She also is a past board member of the IT Information Sharing and Analysis Center, a former member of the Industry Executive Subcommittee of the President’s National Security Telecommunications Advisory Committee, and a former Chair of the US IT Sector Coordinating Council. Ms. McGuire is a frequent presenter on technology policy issues, including testifying five times before the US Congress on cybersecurity, privacy, and cybercrime. Prior to joining Symantec, she served as Director for Critical Infrastructure and Cybersecurity in Microsoft’s Trustworthy Computing Group, and she has held numerous positions in the Department of Homeland Security, Booz Allen Hamilton, and a telecom engineering firm that was acquired by Exelon Infrastructure Services. She was also a Congressional staffer for seven years. Ms. McGuire holds an MBA from The George Washington University and a BA from the University of California, Riverside. %R http://doi.org/10.22215/timreview/881 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T TIM Lecture Series – The Internet of Everything: Fridgebots, Smart Sneakers, and Connected Cars %A Jeff Greene %K Consumer Internet of Things %K cyber-attacks %K cybersecurity %K hackers %K Industrial Internet %K Internet of Everything %K Internet of Things %K IOT %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 47-49 %8 05/2015 %G eng %U http://timreview.ca/article/898 %N 5 %1 Symantec Jeff Greene is the Director of Government Affairs for North America and Senior Policy Counsel at Symantec, where he focuses on issues including cybersecurity, the Internet of Things, and privacy. In this role, he monitors executive and legislative branch activity and works extensively with industry and government organizations. Prior to joining Symantec, Jeff was Senior Counsel with the U.S. Senate Homeland Security and Governmental Affairs Committee, where he focused on cybersecurity and Homeland Defense issues. He has also worked in the House of Representatives, where he was a subcommittee staff director on the House Committee on Homeland Security. Previously, he was an attorney with a Washington, D.C. law firm, where his practice focused on government contracts and contract fraud, as well as general civil and criminal investigations. Jeff recently served as the staff co-chair of the “Internet of Things” research subcommittee of the President's National Security Telecommunications Advisory Committee. He is also a Senior Advisor at the Truman National Security Project, where he is on the Steering Committee for the Cyberspace and Security Program. He is co-chair of the Homeland Security Committee of the American Bar Association’s Section of Science & Technology Law and is on the Executive Committee of the Information Technology Sector Coordinating Council. He has a BA in International Relations from Boston University in the United States and a JD with Honors from the University of Maryland, also in the United States, where he has taught classes in Homeland Security law and policy. %R http://doi.org/10.22215/timreview/898 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T TIM Lecture Series – Three Collaborations Enabling Cybersecurity %A Deborah Frincke %A Dan Craigen %A Ned Nadima %A Arthur Low %A Michael Thomas %K book launch %K collaboration %K cybersecurity %K entrepreneurship %K NSA %K research %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 45-48 %8 06/2015 %G eng %U http://timreview.ca/article/906 %N 6 %1 National Security Agency Deborah Frincke is the Director of Research for the National Security Agency/Central Security Service in the United States. Dr. Frincke's research spans a broad cross section of computer security, both open and classified, with a particular emphasis on infrastructure defense and computer security education. She has been a member of several editorial boards, including: Journal of Computer Security, the Elsevier International Journal of Computer Networks, and the International Journal of Information and Computer Security, and she co-edits a Board column for IEEE Security and Privacy. She is a steering committee member for Recent Advances in Intrusion Detection (RAID) and Systematic Advances in Digital Forensic Engineering (SADFE). Dr. Frincke received her PhD from the University of California, Davis in 1992. %2 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada and a Visiting Scholar at the Technology Innovation Management Program of Carleton University in Ottawa, Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees from Carleton University. %3 Denilson Ned Nadima is the Founder and Chief Executive Officer of Denilson, a company that develops mobile payment solutions for retail enterprises. He is currently a graduate student in the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada, and he holds a Bachelor's of Science degree in Commerce and Marketing from the University of Ottawa. %4 Crack Semiconductor Arthur Low is the founder and Chief Executive Officer of Crack Semiconductor, a supplier of high-performance cryptographic silicon IP used in some of the most demanding security applications. Arthur has a number of patents in the field of hardware cryptography. He has worked for a number of IC startups as a Senior IC designer and Architect and gained much of his fundamental IC design experience with Bell-Northern Research in the early 1990s and with IBM Microelectronics in the late 1990s. Arthur has a BSc degree in Electrical Engineering from the University of Alberta in Edmonton, Canada, and is completing his MSc degree in Technology Innovation Management in the Department of Systems and Computer Engineering at Carleton University in Ottawa, Canada. %# Bedarra Research Labs Michael Thomas is the Vice President of Development at Bedarra Research Labs, a private industrial R&D lab whose mission is to seek out promising next-generation computing and communication technologies and apply them to creative solutions for emerging business problems. Prior to joining Bedarra Research Labs, he worked as a Software Developer and Release Engineer at Object Technology International. Michael holds a Master of Business Administration degree from Athabasca University in Canada, in addition to a Bachelor of Arts degree from Brock University in St. Catharines, Canada. %R http://doi.org/10.22215/timreview/906 %0 Journal Article %J Technology Innovation Management Review %D 2015 %T A Value Blueprint Approach to Cybersecurity in Networked Medical Devices %A George Tanev %A Peyo Tzolov %A Rollins Apiafi %K cybersecurity %K ecosystem %K market differentiation %K networked medical devices %K value proposition %X Cybersecurity for networked medical devices has been usually “bolted on” by manufacturers at the end of the design cycle, rather than integrated as a key factor of the product development and value creation process. The recently released cybersecurity guidelines by the United States Food and Drug Administration (FDA) offer an opportunity for manufacturers to find a way of positioning cybersecurity as part of front-end design, value creation, and market differentiation. However, the technological architecture and the functionality of such devices require an ecosystem approach to the value creation process. Thus, the present article adopts an ecosystem approach to including cybersecurity as part of their value proposition. It extends the value blueprint approach suggested by Ron Adner to include an additional dimension that offers the opportunity to define: the potential locations of cybersecurity issues within the ecosystem, the specific nature of these issues, the players that should be responsible for addressing them, as well as a way to articulate the added cybersecurity value as a competitive differentiator to potential customers. The value of the additional blueprint dimension is demonstrated through a case study of a representative networked medical device – a connected insulin pump and continuous glucose monitor. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 17-25 %8 06/2015 %G eng %U http://timreview.ca/article/903 %N 6 %1 Carleton University George Tanev is a Master of Applied Science candidate in the Technology Innovation Management program at Carleton University in Ottawa, Canada. He holds a Master of Science in Engineering degree in Medicine and Technology from the Technical University of Denmark and a Bachelor’s degree in Biomedical and Electrical Engineering from Carleton University. George has industry and research experience in the development of portable medical device products. He also has interests in technology-based entrepreneurship, biomedical signal processing, medical device research and development, medical device regulatory affairs, and medical device cybersecurity. %2 Carleton University Peyo Tzolov is a software engineer with a keen interest in entrepreneurship. He holds a Bachelor’s degree in Communications Engineering from Carleton University in Ottawa, Canada, and is currently a Master of Applied Science candidate in the Technology Innovation Management program, also at Carleton University. Peyo has several years of experience as a software engineer working on highly scalable and distributed systems. He is very interested in technology, particularly in the security concerns arising from the rapid evolution and adoption of technology. %3 Carleton University Tamunoiyowuna Rollins Apiafi is a Master of Applied Science candidate in the Technology Innovation Management program at Carleton University in Ottawa, Canada. He holds a Bachelor's degree in Industrial Chemistry from the University of Port Harcourt, Nigeria. Rollins is one of the co-founders of insight lenz, which specializes in wearable medical technologies that monitors the wearer's eyes to track the state of their health. Rollins is interested in medical device cybersecurity, medical device regulatory bodies, and networked portable medical device research and development. %R http://doi.org/10.22215/timreview/903 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Assessing Scientific Contributions: A Proposed Framework and Its Application to Cybersecurity %A Dan Craigen %K assessing science %K cybersecurity %K science of cybersecurity %K scientific contributions %K scientific progress %K societal contributions %X Through a synthesis of existing work on evaluating scientific theories and contributions, a framework for assessing scientific contributions is presented. By way of example, the framework is then applied to two contributions to the science of cybersecurity. The science of cybersecurity is slowly emerging. As the science and its theories emerge, it is important to extract the key contributions that characterize actual progress in our understanding of cybersecurity. Researchers and funding agencies will be interested in the assessment framework as a means of assessing scientific contributions to cybersecurity. In a nascent research area such as the science of cybersecurity, this article may contribute to a focused research program to accelerate the growth of the science. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 5-13 %8 11/2014 %G eng %U http://timreview.ca/article/844 %N 11 %1 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees in Mathematics from Carleton University in Ottawa, Canada. %R http://doi.org/10.22215/timreview/844 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Assessing the Intentions and Timing of Malware %A Brent Maheux %K cybersecurity %K malware %K optimal timing %K persistence %K stealth %X Malware has become a significant, complex, and widespread problem within the computer industry. It represents one of the most prevalent threats to cybersecurity and is increasingly able to circumvent current detection and mitigation techniques. To help better understand when a malware attack might happen, this article proposes an intention-based classification of malware and merges it with an optimal timing model to help predict the timing of malware based on its classification. The classification model is based on an examination of eight malware samples, and it identifies four malware classifications and commonalities based on the dimensions of persistence and stealth. The goal of the article is to provide a better understanding of when cyber-conflict will happen, and to help defenders better mitigate the potential damage. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 34-40 %8 11/2014 %G eng %U http://timreview.ca/article/848 %N 11 %1 Carleton University Brent Maheux is a Senior Software Specialist for the Canadian Government. He holds an MEng degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and a BCS degree in Computer Science from Dalhousie University in Halifax, Canada. He has over 7 years working experience within the public and private sector specializing in product design and implementation. %R http://doi.org/10.22215/timreview/848 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Cyber-Attack Attributes %A Mehdi Kadivar %K attack characteristics %K attributes %K cyber-attack %K cybersecurity %X Cyber-attacks threaten our ability to use the Internet safely, productively, and creatively worldwide and are at the core of many security concerns. The concept of cyber-attacks, however, remains underdeveloped in the academic literature. To advance theory, design and operate databases to support scholarly research, perform empirical observations, and compare different types of cyber-attacks, it is necessary to first clarify the attributes of the “concept of cyber-attack”. In this article, attributes of cyber-attacks are identified by examining definitions of cyber-attacks from the literature and information on ten high-profile attacks. Although the article will be of interest to a broad community, it will be of particular interest to senior executives, government contractors, and researchers interested in contributing to the development of an interdisciplinary and global theory of cybersecurity. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 22-27 %8 11/2014 %G eng %U http://timreview.ca/article/846 %N 11 %1 Carleton University Mehdi Kadivar is completing his MASc in Technology Innovation Management at Carleton University in Ottawa, Canada. He holds a Bachelor of Science degree in Business Administration from the American University of Sharjah, Iran. Previously, he worked as a system maintenance expert at the Petrochemical Industries Design and Engineering company and as an intern at the Emirates National Bank of Dubai. %R http://doi.org/10.22215/timreview/846 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Cybersecurity Startups: The Importance of Early and Rapid Globalization %A Tony Bailetti %A Erik Zijdemans %K born global %K cybersecurity %K globalization %K startups %X Corporations and government agencies worldwide seek to ensure that their networks are safe from cyber-attacks, and startups are being launched to take advantage of this expanded market for cybersecurity products, services, and solutions. The cybersecurity market is inherently global; therefore, cybersecurity startups must globalize to survive. With this article, we fill a gap in the literature by identifying the factors that make a technology startup valuable to specific stakeholders (e.g., investors, customers, employees) and by providing a tool and illustrating a process to describe, design, challenge, and invent the actions that should be performed to globalize a cybersecurity startup early and rapidly for the purpose of increasing its value. The development of the tool builds on recent advances in the resource-based literature, the review of the literature on born-global firms and business model discovery processes, and the experience gained operating the Lead to Win ecosystem. This article will be of interest to entrepreneurs and their venture teams, investors, business development agencies, advisors, and mentors of cybersecurity startups as well as researchers who develop tools and approaches that are relevant to technology entrepreneurs. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 14-21 %8 11/2014 %G eng %U http://timreview.ca/article/845 %N 11 %1 Carleton University Tony Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program in Ottawa, Canada. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and the early and rapid globalization of technology ventures. %2 University of Southern Denmark Erik Alexander Zijdemans is a Master’s degree candidate in Product Development and Innovation with a focus on Global Supply Chain Development at the University of Southern Denmark in Odense. He holds a BEng in Business Engineering from Hogeschool Utrecht, The Netherlands. Currently, he is conducting his research on the role of business development agencies in the support of early globalization in technology startups at Carleton University in Ottawa, Canada. %R http://doi.org/10.22215/timreview/845 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Defining Cybersecurity %A Dan Craigen %A Nadia Diakun-Thibault %A Randy Purse %K cybersecurity %K cyberspace %K definition %K interdisciplinary %K security %X Cybersecurity is a broadly used term, whose definitions are highly variable, often subjective, and at times, uninformative. The absence of a concise, broadly acceptable definition that captures the multidimensionality of cybersecurity impedes technological and scientific advances by reinforcing the predominantly technical view of cybersecurity while separating disciplines that should be acting in concert to resolve complex cybersecurity challenges. In conjunction with an in-depth literature review, we led multiple discussions on cybersecurity with a diverse group of practitioners, academics, and graduate students to examine multiple perspectives of what should be included in a definition of cybersecurity. In this article, we propose a resulting new definition: "Cybersecurity is the organization and collection of resources, processes, and structures used to protect cyberspace and cyberspace-enabled systems from occurrences that misalign de jure from de facto property rights." Articulating a concise, inclusive, meaningful, and unifying definition will enable an enhanced and enriched focus on interdisciplinary cybersecurity dialectics and thereby will influence the approaches of academia, industry, and government and non-governmental organizations to cybersecurity challenges. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 13-21 %8 10/2014 %G eng %U http://timreview.ca/article/835 %N 10 %1 Communications Security Establishment Dan Craigen is a Science Advisor at the Communications Security Establishment in Canada. Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH and MSc degrees in Mathematics from Carleton University in Ottawa, Canada. %2 Communications Security Establishment Nadia Diakun-Thibault is Senior Science and Analytics Advisor at the Communications Security Establishment in Canada. She holds a Master's degree in Public Administration from Queen's University in Kingston, Canada, and an ABD (PhD) degree in Slavic Languages and Literatures from the University of Toronto, Canada. She has served as Parliamentary Advisor to Members of Parliament and held an Order-in-Council appointment to the Province of Ontario's Advocacy Commission. Her research interests include neurophilosophy, semiotics, linguistics, and public policy. She is also an adjunct faculty member in the Department of Computer Science and Engineering at North Carolina State University in the United States. %3 Communications Security Establishment Randy Purse is the Senior Learning Advisor at the Information Technology Security Learning Centre at the Communications Security Establishment in Canada. A former officer in the Canadian Forces, he is an experienced security practitioner and learning specialist. His research interests include the human dimensions of security and collective and transformative learning in the workplace. He has a Master’s of Education in Information Technology from Memorial University of Newfoundland in St. John's, Canada, and he is a PhD candidate specializing in Adult and Workplace Learning in the Faculty of Education at the University of Ottawa, Canada. %R http://doi.org/10.22215/timreview/835 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Editorial: Cybersecurity (November 2014) %A Chris McPhee %A Tony Bailetti %K crimeware %K cyber-attacks %K cybersecurity %K globalization %K malware %K safety %K science of cybersecurity %K scientific contributions %K startups %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 3-4 %8 11/2014 %G eng %U http://timreview.ca/article/843 %N 11 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa and BScH and MSc degrees in Biology from Queen's University in Kingston. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %R http://doi.org/10.22215/timreview/843 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Editorial: Cybersecurity (October 2014) %A Chris McPhee %A Tony Bailetti %K cyberattacks %K cybersecurity %K cyberthreats %K information technology %K network security %K research %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 3-4 %8 10/2014 %G eng %U http://timreview.ca/article/833 %N 10 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa and BScH and MSc degrees in Biology from Queen's University in Kingston. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %R http://doi.org/10.22215/timreview/833 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Effective Digital Channel Marketing for Cybersecurity Solutions %A Mika Westerlund %A Risto Rajala %K cybersecurity %K digital channel marketing %K marketing %K retailer %K sales %K supplier %K value-added reseller %K VAR %X Smaller organizations are prime targets for hackers and malware, because these businesses lack cybersecurity plans and the resources to survive a serious security incident. To exploit this market opportunity, cybersecurity solution providers need to leverage the power of downstream channel members. We investigate how a supplier's digital channel marketing can encourage value-added resellers to sell that supplier’s cybersecurity solutions. Our analysis of survey data from 109 value-added resellers of a multinational supplier shows that resellers are more committed to stock and sell cybersecurity products and services if the supplier’s digital channel marketing provides tools that help them sell the solutions to end customers. This support is likely needed because cybersecurity offerings are technologically complex and systemic by nature, as supported by the finding that value-added resellers pay little attention to supplier’s campaigns and price discounts. Thus, cybersecurity suppliers should maintain trusted and informative relationships with their resellers and provide them with hands-on sales tools, because a reseller's commitment to selling cybersecurity solutions is linked with their ability to understand the offering and with the extent of their supplier relationship. These findings are in line with previous literature on the challenges perceived by salespeople in selling novel and complex technology. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 22-32 %8 10/2014 %G eng %U http://timreview.ca/article/836 %N 10 %1 Carleton University Mika Westerlund, D. Sc. (Econ.), is an Assistant Professor at Carleton University’s Sprott School of Business in Ottawa, Canada. He previously held positions as a Postdoctoral Scholar in the Haas School of Business at the University of California Berkeley, in the United States, and in the School of Economics at Aalto University in Helsinki, Finland. Mika earned his first doctoral degree in Marketing from the Helsinki School of Economics in Finland. He is also a PhD student at Aalto University in the Department of Industrial Engineering and Management. His current research interests include user innovation, industrial ecology, business strategy, and management models in high-tech and service-intensive industries. %2 Aalto University Risto Rajala, D.Sc. (Econ), is an Assistant Professor in the Department of Industrial Engineering and Management at Aalto University in Helsinki, Finland. Dr. Rajala holds a PhD in Information Systems Science from the Aalto University School of Business. His recent research concerns the management of complex service systems, development of digital services, service innovation, and business model performance. Rajala’s specialties include management of industrial services, collaborative service innovation, knowledge management, and design of digital services. %R http://doi.org/10.22215/timreview/836 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T The Online World of the Future: Safe, Productive, and Creative %A Tony Bailetti %A Renaud Levesque %A D’Arcy Walsh %K bisociation %K cybersecurity %K excludability %K future vision %K Industrial Internet %K Internet %K Internet of Everything %K Internet of Things %K online %K productivity %K rivalry %K safety %K security %X A safer online world is required to attain higher levels of productivity and creativity. We offer a view of a future state of the online world that places safety, productivity, and creativity above all else. The online world envisaged for 2030 is safe (i.e., users communicate with accuracy and enduring confidence), productive (i.e., users make timely decisions that have an ongoing global effect), and creative (i.e., users can connect seemingly unrelated information online). The proposed view differs from other views of the future online world that are anchored around technology solutions, confrontation, deception, and personal or commercial gain. The following seven conditions characterize the proposed view of the online world: i) global-scale autonomous learning systems; ii) humans co-working with machines; iii) human factors that are authentic and transferrable; iv) global scale whole-brain communities; v) foundational knowledge that is authentic and transferrable; vi) timely productive communication; and vii) continuous technological adaptation. These conditions are expected to enable new social-behavioural, socio-technical, and organizational interaction models. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 5-12 %8 10/2014 %G eng %U http://timreview.ca/article/834 %N 10 %1 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %2 Communications Security Establishment Renaud Levesque is the Director General of Core Systems at the Communications Security Establishment (CSE) in Ottawa, Canada, where he is responsible for R&D and systems development. He has significant experience in the delivery of capability and organizational change in highly technical environments. His career began at CSE in 1986 as a Systems Engineer, responsible for the development and deployment of numerous systems, including the CSE IP corporate network in 1991. In 2000 Renaud went to work in the private sector as Head of Speech Technologies at Locus Dialogue, and later at Infospace Inc., where he became Director of Speech Solutions Engineering. He rejoined CSE in 2003, where he assumed the lead role in the IT R&D section. Subsequently, as a Director General, he focused efforts towards the emergence of CSE's Joint Research Office and The Tutte Institute for Mathematics and Computing. Renaud holds a Bachelor of Engineering from l’École Polytechnique, Université de Montréal, Canada. %3 Communications Security Establishment D’Arcy Walsh is a Science Advisor at the Communications Security Establishment (CSE) in Ottawa, Canada. His research interests include software-engineering methods and techniques that support the development and deployment of dynamic systems, including dynamic languages, dynamic configuration, context-aware systems, and autonomic and autonomous systems. He received his BAH from Queen’s University in Kingston, Canada, and he received his BCS, his MCS, and his PhD in Computer Science from Carleton University in Ottawa, Canada. %R http://doi.org/10.22215/timreview/834 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Q&A. What Motivates Cyber-Attackers? %A Chen Han %A Rituja Dongre %K cyber-attack %K cybercrime %K cybersecurity %K hackers %K motivation %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 40-42 %8 10/2014 %G eng %U http://timreview.ca/article/838 %N 10 %1 Carleton University Chen Han is a graduate student in the Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada. She has more than 8 years working experience in product design, User interface design and project management. She built and led an independent technical team that provides overall solutions and outsourcing services for various clients including world's top media, Internet startups, and multinational firms. Currently, she is working with founder team of Pricebeater, a global startup offering tools for online shopping in North America. %2 Carleton University Rituja Dongre is a graduate student in Technology Innovation Management (TIM) program at Carleton University in Ottawa, Canada. She holds a Bachelor's Degree in Electronic and Telecommunication from the Nagpur University, India, and has worked as an Associate Consultant in Capgemini India. %R http://doi.org/10.22215/timreview/838 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T Safety in the Online World of the Future %A Nadeem Douba %A Björn Rütten %A David Scheidl %A Paul Soble %A D’Arcy Walsh %K cybersecurity %K prospect theory %K risk-based decision making %K safety %K security %K weak transdisciplinary %X In this article, we address what it means to be safe in the online world of the future by advocating the perspective whereby improving safety will improve resilience in cyberspace. We adopt a specific approach towards transdisciplinarity; present a weakly transdisciplinary model of the safety context and an initial position about what existing disciplines are most relevant; and link prospect theory to risk-based decision making as one example that could lead to a new paradigm for safety. By treating safety as a transdisciplinary challenge, there is an opportunity to enable the participants of the online world to become more productive and creative than ever before. The beneficiary of this increased productivity and creativity will ultimately be the public. The perspective of this article is of interest to senior decision makers, policy makers, managers, educators, strategists, futurists, scientists, technologists, and others interested in shaping the online world of the future. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 41-48 %8 11/2014 %G eng %U http://timreview.ca/article/849 %N 11 %1 Red Canari Nadeem Douba is the founding principal of Red Canari, an information security consulting firm that specializes in the areas of information technology and cybersecurity. With over 15 years experience, Nadeem provides consulting and training services for organizations within the public and private sector. He has also presented at some of the world's largest security conferences and is the author of many well-known open source security tools, including one used by the Internet Archive project. His primary research interests include open source intelligence, application and operating system security, and big data. He received his BEng in Systems and Computer Engineering from Carleton University in Ottawa, Canada. %2 The Conference Board of Canada Björn Rütten is the Senior Research Associate for National Security and Public Safety with The Conference Board of Canada. Bjorn leads the Conference Board’s research projects in the area of national security and public safety and is responsible for the development and execution of the research plan of the Centre for National Security. He also contributes to other security-related network and research initiatives, such as those of the Centre for the North. %3 Carleton University David Scheidl is a recent graduate from the Global Politics program at Carleton University in Ottawa, Canada. During his studies, he focused on security intelligence and geopolitics, with special emphasis on Western security agencies in both the cybersecurity and real-world intelligence fields. He has extensive background in military communications, having served in the Army Signals Reserve since 2009. %4 Communications Security Establishment Paul Soble is a Science Advisor at the Communications Security Establishment (CSE) in Ottawa, Canada. Over the past three decades, he has held a variety of positions at CSE in the areas of enterprise architecture, visualization and data mining, speech and text natural language processing, adaptive antenna arrays, and systems development. He received his BSc and MSc degrees in Electrical Engineering from University of Manitoba in Winnipeg, Canada, and he is a licensed professional engineer in the province of Ontario. %# Communications Security Establishment D’Arcy Walsh is a Science Advisor at the Communications Security Establishment (CSE) in Ottawa, Canada. His research interests include software-engineering methods and techniques that support the development and deployment of dynamic systems, including dynamic languages, dynamic configuration, context-aware systems, and autonomic and autonomous systems. He received his BAH from Queen’s University in Kingston, Canada, and he received his BCS, his MCS, and his PhD in Computer Science from Carleton University in Ottawa, Canada. %R http://doi.org/10.22215/timreview/849 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T TIM Lecture Series – Cybersecurity Metrics and Simulation %A George Cybenko %K cybersecurity %K metrics %K modelling %K simulation %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 43-45 %8 10/2014 %G eng %U http://timreview.ca/article/839 %N 10 %1 Dartmouth College George Cybenko is the Dorothy and Walter Gramm Professor of Engineering at Dartmouth College in New Hampshire, United States. He has made multiple research contributions in signal processing, neural computing, information security, and computational behavioural analysis. He was the Founding Editor-in-Chief of both IEEE/AIP Computing in Science and Engineering and IEEE Security & Privacy. He has served on the Defense Science Board (2008–2009), on the US Air Force Scientific Advisory Board (2012–2015), and on review and advisory panels for DARPA, IDA, and Lawrence Livermore National Laboratory. Cybenko is a Fellow of the IEEE and received his BS (Toronto) and PhD (Princeton) degrees in Mathematics. %R http://doi.org/10.22215/timreview/839 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T TIM Lecture Series – The Business of Cybersecurity %A David Grau %A Charles Kennedy %K analytics %K banking %K cybersecurity %K hacking %K incident response %K information security %K intelligence %K targets %K threats %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 53-57 %8 04/2014 %G eng %U http://timreview.ca/article/785 %N 4 %1 TD Bank Group David Grau is Vice President and Head of Threat Response, Intelligence, and Defensive Technologies at TD Bank Group. David has more than 20 years of professional information security experience and leads a multi-national team of information security specialists, with a global responsibility for providing TD Bank Group's Security Incident Response, Threat Intelligence, and Defensive Technologies programs. %2 TD Bank Group Chuck Kennedy is the VP for Credit Card Technology for North American Credit Card for TD Bank Group. He is responsible for technology service delivery, project management, and technology innovation for the credit card businesses for TD. Chuck has been a member of the CIO Association of Canada and has served on the Canadian Banker’s Association’s (CBA), Canadian Financial Institution – Computer Incident Response Team (CFI-CIRT). Chuck holds the CRISC designation (Certified In Risk and Systems Control) and was educated in the United States, Europe, and Canada. He holds a BA in Political Science (Business minor) from the University of Calgary and an MSc in Information Technology (Information Assurance) from the University of Maryland – University College. His graduate work involved the study of geo-spatial intrusion detection and its integration with complex event processing. %R http://doi.org/10.22215/timreview/785 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T TIM Lecture Series – The Laboratory for Analytic Sciences: Developing the Art and Science of Analysis %A J. David Harris %K analysis %K analytics %K big data %K collaboration %K cybersecurity %K framework %K innovation %K instrumentation %K monitoring %K prediction %K strategy %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 52-54 %8 07/2014 %G eng %U http://timreview.ca/article/813 %N 7 %1 Laboratory for Analytic Sciences J. David Harris is the inaugural Director of the Laboratory for Analytic Sciences in Raleigh, North Carolina, where the aim is to develop a science of analysis and analytic methodology. During nearly 25 years service with the U. S. Department of Defense, David has worked in a variety of technical and leadership positions in areas of research and development, technology transfer, and operations. %R http://doi.org/10.22215/timreview/813 %0 Journal Article %J Technology Innovation Management Review %D 2014 %T TIM Lecture Series – Web Infections and Protections: Theory and Practice %A Arnold Kwong %K attack vectors %K countermeasures %K cybersecurity %K infections %K Internet %K privacy %K security %K targets %K threat vectors %K threats %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 4 %P 35- %8 03/2014 %G eng %U http://timreview.ca/article/774 %N 3 %1 Extratelligence Arnold Kwong has over thirty years experience in management, manufacturing, and technology applications. His operational expertise and cross-disciplinary outlook have been applied in planning, analysis, implementation, and problem-solving settings. A strong operational emphasis on quality and risk management comes from extensive practical work. Ongoing technical expertise, with ongoing research and application publications, focus on telecommunications, security models, mobile financial applications security, complex systems integration and deployment, software modeling of enterprises, real-time data collection, and advancements in computer science. His technical experiences include a core of multivendor complex systems analysis; data base/storage/data communications relationships; software design, development, and evaluation; and hardware/software architectural design and implementation issues. Areas of specific management expertise include complex product development and management, technological risk management, and regulatory compliance for organizations in both the public and private service and manufacturing sectors. Areas of specific technical experience include application architectures; system architectures; applications and Internet security; storage/data base administration, management, and enterprise modeling; networking and data communications; and computer science research. %R http://doi.org/10.22215/timreview/774 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Cybersecurity Futures: How Can We Regulate Emergent Risks? %A Benoit Dupont %K cybersecurity %K cybersecurity policies %K digital ecosystem %K emerging risks %K forecasting %K regulation %K technological trends %X This article reviews nine socio-technical trends that are likely to shape the cybersecurity environment over the next decade. These nine trends have reached various levels of maturity, and some – such as quantum computing – are still theoretically contentious. These trends are: cloud computing; big data; the Internet of Things; the mobile Internet; brain–computer interfaces; near field communication payment systems; mobile robots; quantum computing; and the militarization of the Internet. What these nine trends have in common is that they will be instrumental in generating new opportunities for offending, which will result from an exponential increase in the quantity of data, number of connection points to the Internet, and velocity of data flows that irrigate the digital ecosystem. As a result, more opportunities for malicious exploitation will be available to attackers, “security by design” will be harder to achieve in such a fluid and dynamic environment, and the performance of control mechanisms is likely to erode significantly. Technical solutions to address these challenges are already being developed by computer scientists. This article focuses on a different and complementary approach, finding inspiration in the work of regulatory scholars who have framed promising theories such as regulatory pluralism and responsive regulation to explore options for the necessary institutional adaptation to these future changes. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 6-11 %8 07/2013 %G eng %U http://timreview.ca/article/700 %N 7 %1 Université de Montréal Benoit Dupont is the Canada Research Chair in Security and Technology at the Université de Montréal, where he is Professor of Criminology and Director of the International Centre for Comparative Criminology. Professor Dupont researches the coevolution of crime and technology, focusing on offences such as identity theft, bank fraud, computer hacking, and telecommunications fraud. His political science background also leads him to examine emerging cybersecurity policies and what forms of regulation can be developed to address the new risk landscape. %R http://doi.org/10.22215/timreview/700 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Developing an Innovation Engine to Make Canada a Global Leader in Cybersecurity %A Tony Bailetti %A Dan Craigen %A David Hudson %A Renaud Levesque %A Stuart McKeen %A D’Arcy Walsh %K business ecosystem %K cybersecurity %K innovation engine %K innovation in commercialization %K innovation in research and development %X An engine designed to convert innovation into a country’s global leadership position in a specific product market is examined in this article, using Canada and cybersecurity as an example. Five entities are core to the innovation engine: an ecosystem, a project community, an external community, a platform, and a corporation. The ecosystem is the focus of innovation in firm-specific factors that determine outcomes in global competition; the project community is the focus of innovation in research and development; and the external community is the focus of innovation in resources produced and used by economic actors that operate outside of the focal product market. Strategic intent, governance, resource flows, and organizational agreements bind the five entities together. Operating the innovation engine in Canada is expected to improve the level and quality of prosperity, security, and capacity of Canadians, increase the number of Canadian-based companies that successfully compete globally in cybersecurity product markets, and better protect Canada’s critical infrastructure. Researchers interested in learning how to create, implement, improve, and grow innovation engines will find this article interesting. The article will also be of interest to senior management teams in industry and government, chief information and technology officers, social and policy analysts, academics, and individual citizens who wish to learn how to secure cyberspace. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 5-14 %8 08/2013 %G eng %U http://timreview.ca/article/711 %N 8 %1 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %2 Communications Security Establishment Canada Dan Craigen is a Science Advisor at the Communications Security Establishment Canada (CSEC). Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH in Math and his MSc in Math from Carleton University in Ottawa, Canada. %3 Carleton University David Hudson has recently completed his doctoral studies at Carleton University’s Sprott School of Business in Ottawa, Canada. He is a lecturer in information technology innovation in the MBA program at Sprott, a Director of the Lead to Win entrepreneurship program, and Chair of the Ontario Centres of Excellence advisory board for the Information, Communication, and Digital Media sector. David also consults with Fortune 500 firms on innovation management. Previously, he was the Vice President for advanced research and development at a large technology firm and has had an extensive career in technology development and product line management. David received Bachelor's and Master's degrees in Systems Design Engineering from the University of Waterloo, Canada. %4 Communications Security Establishment Canada Renaud Levesque is the Director General of Core Systems at the Communications Security Establishment Canada (CSEC), where he is responsible for R&D and systems development. He has significant experience in the delivery of capability and organizational change in highly technical environments. His career began at CSEC in 1986 as a Systems Engineer, responsible for the development and deployment of numerous systems, including the CSEC IP corporate network in 1991. In 2000 Renaud went to work in the private sector as Head of Speech Technologies at Locus Dialogue, and later at Infospace Inc., where he became Director of Speech Solutions Engineering. He rejoined CSEC in 2003, where he assumed the lead role in the IT R&D section. Subsequently, as a Director General, he focused efforts towards the emergence of CSEC's Joint Research Office and The Tutte Institute for Mathematics and Computing. Renaud holds a Bachelor of Engineering from l’École Polytechnique, Université de Montréal, Canada. %# Ontario Ministry of Research and Innovation Stuart McKeen works for the Ontario Ministry of Research and Innovation (MRI), where he just finished serving a three-year secondment with the Federal Economic Development Agency for Southern Ontario (FedDev). At FedDev, he was both the Agency’s Manager of Innovation and the Manager of Entrepreneurship, Internship, and Youth Programs. He has worked in six different ministries of the Ontario Government over the past 30 years. In 2008, he was awarded the Amethyst Award, the Province of Ontario’s highest employee recognition award for his pioneering work on prospecting and developing large-scale international research consortiums that have brought jobs and investment to Ontario. Stuart holds a BScH degree in Zoology from the University of Western Ontario, Canada and a BA degree in Economics from the University of Toronto, Canada. %$ Communications Security Establishment Canada D’Arcy Walsh is a Science Advisor at the Communications Security Establishment Canada (CSEC). His research interests include software-engineering methods and techniques that support the development and deployment of dynamic systems, including dynamic languages, dynamic configuration, context-aware systems, and autonomic and autonomous systems. He received his BAH from Queen’s University in Kingston, Canada, and he received his BCS, his MCS, and his PhD in Computer Science from Carleton University in Ottawa, Canada. %R http://doi.org/10.22215/timreview/711 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Editorial: Cybersecurity (August 2013) %A Chris McPhee %A Tony Bailetti %K Canada %K cyberattacks %K cybersecurity %K cyberthreats %K information technology %K network security %K research %K risk assessment %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 3-4 %8 08/2013 %G eng %U http://timreview.ca/article/710 %N 8 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa and BScH and MSc degrees in Biology from Queen's University in Kingston. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %R http://doi.org/10.22215/timreview/710 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Editorial: Cybersecurity (July 2013) %A Chris McPhee %A Tony Bailetti %K Canada %K cyberattacks %K cybersecurity %K cyberthreats %K information technology %K network security %K research %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 3-5 %8 07/2013 %G eng %U http://timreview.ca/article/699 %N 7 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa and BScH and MSc degrees in Biology from Queen's University in Kingston. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %R http://doi.org/10.22215/timreview/699 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T An Enterprise Security Program and Architecture to Support Business Drivers %A Brian Ritchot %K cybersecurity %K cyberthreats %K information assurance %K information risk %K information security %K risk %K security architecture %X This article presents a business-focused approach to developing and delivering enterprise security architecture that is focused on enabling business objectives while providing a sensible and balanced approach to risk management. A balanced approach to enterprise security architecture can create the important linkages between the goals and objectives of a business, and it provides appropriate measures to protect the most critical assets within an organization while accepting risk where appropriate. Through a discussion of information assurance, this article makes a case for leveraging enterprise security architectures to meet an organizations' need for information assurance. The approach is derived from the Sherwood Applied Business Security Architecture (SABSA) methodology, as put into practice by Seccuris Inc., an information assurance integrator. An understanding of Seccuris’ approach will illustrate the importance of aligning security activities with high-level business objectives while creating increased awareness of the duality of risk. This business-driven approach to enterprise security architecture can help organizations change the perception of IT security, positioning it as a tool to enable and assure business success, rather than be perceived as an obstacle to be avoided. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 25-33 %8 08/2013 %G eng %U http://timreview.ca/article/713 %N 8 %1 Seccuris Brian Ritchot is a Senior Information Security Consultant with Seccuris Inc, specializing in the implementation and delivery of intrusion-detection solutions, vulnerability assessment, network analysis, and security architecture. With 11 years of prior experience in the federal government, Brian has developed skills and expertise to support the detection, discovery, and mitigation of cyberthreat activity. Brian has led and managed several high-profile teams and projects to deliver operational security solutions that monitor and protect systems of importance to the Government of Canada. Brian now focuses his time in the private sector, helping a variety of customers across the critical infrastructure sector with their IT security needs. These activities span enterprise security architecture development, incident response and handling, vulnerability assessments, forensic investigations, and specialized IT security expertise to mitigate sophisticated cyberintrusions. %R http://doi.org/10.22215/timreview/713 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Keystone Business Models for Network Security Processors %A Arthur Low %A Steven Muegge %K business ecosystems %K business model innovation %K commercialization %K cybersecurity %K platforms %K semiconductors %K technology entrepreneurship %X Network security processors are critical components of high-performance systems built for cybersecurity. Development of a network security processor requires multi-domain experience in semiconductors and complex software security applications, and multiple iterations of both software and hardware implementations. Limited by the business models in use today, such an arduous task can be undertaken only by large incumbent companies and government organizations. Neither the “fabless semiconductor” models nor the silicon intellectual-property licensing (“IP-licensing”) models allow small technology companies to successfully compete. This article describes an alternative approach that produces an ongoing stream of novel network security processors for niche markets through continuous innovation by both large and small companies. This approach, referred to here as the "business ecosystem model for network security processors", includes a flexible and reconfigurable technology platform, a “keystone” business model for the company that maintains the platform architecture, and an extended ecosystem of companies that both contribute and share in the value created by innovation. New opportunities for business model innovation by participating companies are made possible by the ecosystem model. This ecosystem model builds on: i) the lessons learned from the experience of the first author as a senior integrated circuit architect for providers of public-key cryptography solutions and as the owner of a semiconductor startup, and ii) the latest scholarly research on technology entrepreneurship, business models, platforms, and business ecosystems. This article will be of interest to all technology entrepreneurs, but it will be of particular interest to owners of small companies that provide security solutions and to specialized security professionals seeking to launch their own companies. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 25-33 %8 07/2013 %G eng %U http://timreview.ca/article/703 %N 7 %1 Crack Semiconductor Arthur Low is the founder and Chief Executive Officer of Crack Semiconductor, a supplier of high-performance cryptographic silicon IP used in some of the most demanding security applications. Arthur has a number of patents in the field of hardware cryptography. He has worked for a number of IC startups as a Senior IC designer and Architect and gained much of his fundamental IC design experience with Bell-Northern Research in the early 1990s and with IBM Microelectronics in the late 1990s. Arthur has a BSc degree in Electrical Engineering from the University of Alberta in Edmonton, Canada, and is completing his MSc degree in Technology Innovation Management in the Department of Systems and Computer Engineering at Carleton University in Ottawa, Canada. %2 Carleton University Steven Muegge is an Assistant Professor at the Sprott School of Business at Carleton University in Ottawa, Canada, where he teaches within the Technology Innovation Management (TIM) program. His research interests include open and distributed innovation, technology entrepreneurship, product development, and commercialization of technological innovation. %R http://doi.org/10.22215/timreview/703 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Managing Cybersecurity Research and Experimental Development: The REVO Approach %A Dan Craigen %A Drew Vandeth %A D’Arcy Walsh %K cybersecurity %K experimental development %K performance indicators %K research %K research program lifecycle %K research-activity descriptions %K research-requirement statements %K strategic research contexts %X We present a systematic approach for managing a research and experimental development cybersecurity program that must be responsive to continuously evolving cybersecurity, and other, operational concerns. The approach will be of interest to research-program managers, academe, corporate leads, government leads, chief information officers, chief technology officers, and social and technology policy analysts. The approach is compatible with international standards and procedures published by the Organisation for Economic Co-operation and Development (OECD) and the Treasury Board of Canada Secretariat (TBS). The key benefits of the approach are the following: i) the breadth of the overall (cybersecurity) space is described; ii) depth statements about specific (cybersecurity) challenges are articulated and mapped to the breadth of the problem; iii) specific (cybersecurity) initiatives that have been resourced through funding or personnel are tracked and linked to specific challenges; and iv) progress is assessed through key performance indicators. Although we present examples from cybersecurity, the method may be transferred to other domains. We have found the approach to be rigorous yet adaptive to change; it challenges an organization to be explicit about the nature of its research and experimental development in a manner that fosters alignment with evolving business priorities, knowledge transfer, and partner engagement. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 34-41 %8 07/2013 %G eng %U http://timreview.ca/article/705 %N 7 %1 Communications Security Establishment Canada Dan Craigen is a Science Advisor at the Communications Security Establishment Canada (CSEC). Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH in Math and his MSc in Math from Carleton University in Ottawa, Canada. %2 IBM Systems Research Drew Vandeth is the Senior Research Strategist for the National Security Community and a Senior Researcher at IBM Systems Research. He is the founder of the Tutte Institute for Mathematics and Computing (TIMC) and was its first Deputy Director. His research interests include theoretical and computational number theory, contextual and cognitive computing, high performance computing architectures, autonomic and autonomous analytical systems, and research management. Dr. Vandeth holds a PhD in Number Theory from Macquarie University in Sydney, Australia, an MMath in Number Theory from the University of Waterloo, Canada, and a BMath (Hons) in Pure Mathematics, also from the University of Waterloo. %3 Communications Security Establishment Canada D’Arcy Walsh is a Science Advisor at the Communications Security Establishment Canada (CSEC). His research interests include software-engineering methods and techniques that support the development and deployment of dynamic systems, including dynamic languages, dynamic configuration, context-aware systems, and autonomic and autonomous systems. He received his BAH from Queen’s University in Kingston, Canada, and he received his BCS, his MCS, and his PhD in Computer Science from Carleton University in Ottawa, Canada. %R http://doi.org/10.22215/timreview/705 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Peer-to-Peer Enclaves for Improving Network Defence %A David W. Archer %A Adam Wick %K cyber countermeasures %K cybersecurity %K dynamic cyberdefence %K enclave computing %K network defence %K peer-to-peer %X Information about cyberthreats within networks spreads slowly relative to the speed at which those threats spread. Typical "threat feeds" that are commercially available also disseminate information slowly relative to the propagation speed of attacks, and they often convey irrelevant information about imminent threats. As a result, hosts sharing a network may miss opportunities to improve their defence postures against imminent attack because needed information arrives too late or is lost in irrelevant noise. We envision timely, relevant peer-to-peer sharing of threat information – based on current technologies – as a solution to these problems and as a useful design pattern for defensive cyberwarfare. In our setting, network nodes form communities that we call enclaves, where each node defends itself while sharing information on imminent threats with peers that have similar threat exposure. In this article, we present our vision for this solution. We sketch the architecture of a typical node in such a network and how it might interact with a framework for sharing threat information; we explain why certain defensive countermeasures may work better in our setting; we discuss current tools that could be used as components in our vision; and we describe opportunities for future research and development. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 19-24 %8 07/2013 %G eng %U http://timreview.ca/article/701 %N 7 %1 Galois, Inc. David Archer is a Research Program Lead at Galois, Inc., where he directs research into high-assurance methods for large-scale cyberconflict. He holds a PhD in Computer Science from Portland State University in the United States as well as an MS in Electrical Engineering from the University of Illinois at Urbana-Champaign. Dr. Archer’s research interests also include efficient methods for computing on encrypted data, and information integration, assurance, and provenance. At Intel Corporation, Dr. Archer was instrumental in the development of the communication network for the ASCI Red TeraFLOPS system at Sandia, and in the development of multiple generations of high-performance server and workstation memory and I/O systems. %2 Galois, Inc. Adam Wick directs the Systems and Networking Group at Galois, Inc., where he has worked with DARPA to create advanced network-defence techniques, including CyberChaff and Ditto. He holds a PhD in Computer Science from the University of Utah in the United States, as well as a BS in Computer Science from Indiana University Bloomington. Dr. Wick also has been collaborating with SRI, LG, and others to build secure mobile devices for the United States Marine Corps. Prior to this work, he developed the HaLVM, a lightweight machine for running custom, single-purpose applications in the cloud. In all of this work, he maintains a focus on using next-generation operating system and networking technology to create practical tools for critical systems. %R http://doi.org/10.22215/timreview/701 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Protecting Critical Infrastructure by Identifying Pathways of Exposure to Risk %A Philip O’Neill %K critical infrastructure %K cybersecurity %K directed graph %K modelling %K path analysis %K risk analysis %K simulation %K strongest-path method %X Increasingly, our critical infrastructure is managed and controlled by computers and the information networks that connect them. Cyber-terrorists and other malicious actors understand the economic and social impact that a successful attack on these systems could have. While it is imperative that we defend against such attacks, it is equally imperative that we realize how best to react to them. This article presents the strongest-path method of analyzing all potential pathways of exposure to risk – no matter how indirect or circuitous they may be – in a network model of infrastructure and operations. The method makes direct use of expert knowledge about entities and dependency relationships without the need for any simulation or any other models. By using path analysis in a directed graph model of critical infrastructure, planners can model and assess the effects of a potential attack and develop resilient responses. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 34-40 %8 08/2013 %G eng %U http://timreview.ca/article/714 %N 8 %1 Deep Logic Solutions Philip O'Neill is Chief Scientist at Deep Logic Solutions Inc. He holds a PhD in Combinatorics and Optimization from the University of Waterloo, Canada. He is a specialist in operational research and risk analysis, and has additional expertise in mathematical modelling, quantitative analysis, algorithms, and decision support. His career has included 17 years of practice in the Operational Research Division of the Department of National Defence (DND); he has served as chairman of the NATO Panel 7 Specialist Team on the Evaluation of Readiness and Sustainment Policy; and he was chosen by the DND to model dependency relationships among infrastructures in Canada as part of risk analysis for the millennium turnover. Since 2001, he has designed and managed the software development of RiskOutLook, an analytical tool for risk analysis that identifies and quantifies risks that result from dependency relationships. %R http://doi.org/10.22215/timreview/714 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Q&A. Should Startups Care about Application Security? %A Sherif Koussa %K application security %K architecture %K checklists %K code reviews %K cybersecurity %K design %K detection %K prevention %K software security %K startups %K training %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 50-52 %8 07/2013 %G eng %U http://timreview.ca/article/706 %N 7 %1 Software Secured Sherif Koussa is Principal Application Security Consultant and founder of Software Secured, an application security firm. He has spent 14 years in the software development industry, with the last six years focused on testing application security, assessing security, and teaching developers to write secure code. He worked on the OWASP security teaching tool WebGoat 5.0, helped SANS launch their GSSP-JAVA and GSSP-NET programs, and wrote the blueprints of the Dev-544 and Dev-541 courses. In addition, he authored courseware for SANS SEC-540: VOIP Security. Sherif leads both the OWASP Ottawa Chapter and the Static Analysis Code Evaluation Criteria for WASC. He has performed security code reviews for three of the five largest banks in the United States. Before starting Software Secured, Sherif worked on architecting, designing, implementing, and leading large-scale software projects for Fortune 500 companies, including United Technologies, and other leading organizations such as Nortel Networks, March Healthcare, Carrier, Otis Elevators, and NEC Unified Communications. %R http://doi.org/10.22215/timreview/706 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T A Research Agenda for Security Engineering %A Rich Goyette %A Yan Robichaud %A François Marinier %K cybersecurity %K information system security engineering %K research %K risk management %K security engineering %K security measurement %K threat modelling %X Despite nearly 30 years of research and application, the practice of information system security engineering has not yet begun to exhibit the traits of a rigorous scientific discipline. As cyberadversaries have become more mature, sophisticated, and disciplined in their tradecraft, the science of security engineering has not kept pace. The evidence of the erosion of our digital security – upon which society is increasingly dependent – appears in the news almost daily. In this article, we outline a research agenda designed to begin addressing this deficit and to move information system security engineering toward a mature engineering discipline. Our experience suggests that there are two key areas in which this movement should begin. First, a threat model that is actionable from the perspectives of risk management and security engineering should be developed. Second, a practical and relevant security-measurement framework should be developed to adequately inform security-engineering and risk-management processes. Advances in these areas will particularly benefit business/government risk assessors as well as security engineers performing security design work, leading to more accurate, meaningful, and quantitative risk analyses and more consistent and coherent security design decisions. Threat modelling and security measurement are challenging activities to get right – especially when they need to be applied in a general context. However, these are decisive starting points because they constitute the foundation of a scientific security-engineering practice. Addressing these challenges will require stronger and more coherent integration between the sub-disciplines of risk assessment and security engineering, including new tools to facilitate that integration. More generally, changes will be required in the way security engineering is both taught and practiced to take into account the holistic approach necessary from a mature, scientific discipline. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 41-50 %8 08/2013 %G eng %U http://timreview.ca/article/715 %N 8 %1 Communications Security Establishment Canada Richard Goyette is Senior Security Architect at Communications Security Establishment Canada. Richard has a BEng and MEng in Electrical Engineering, both from the Royal Military College of Canada in Kingston, Canada. Richard spent 22 years as a Signals officer in the Canadian Forces, where he was involved with a multitude of projects in the areas of intelligence, security, and command and control. He is currently employed in the area of architecture and technology assurance developing security guidance for the wider Government of Canada. %2 Communications Security Establishment Canada Yan Robichaud is a Senior Security Architect at Communications Security Establishment Canada. Yan has a BASc degree in Computer Engineering and MSc degree in Electrical Engineering, both from Université Laval, Québec City, Canada. He provides advice and guidance related to security architecture and engineering, threat assessment, and risk management to Government of Canada departments and agencies. He is involved in key government IT initiatives, such as large IT consolidation projects, enterprise security architecture, and the security of space-based systems. Yan is also involved in the development of IT security courses and leads the production of publications about IT-security guidance, such as "ITSG-33 IT Security Risk Management: A Lifecycle Approach". %3 François Marinier is an independent IT security analyst with experience in all facets of IT-security risk management. François started his career working in computer operations and mainframe application support. He eventually migrated to IT security, where he acquired knowledge and experience in the development and application of processes for IT-security risk management. He has also worked as an analyst, supporting large IT-infrastructure initiatives, in both the public and private sectors. For the last three years, François has dedicated his work almost exclusively to the development of ITSG-33, the next generation of guidelines for IT security risk management for the Government of Canada. %R http://doi.org/10.22215/timreview/715 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T On the Road to Holistic Decision Making in Adaptive Security %A Mahsa Emami-Taba %A Mehdi Amoui %A Ladan Tahvildari %K adaptive security %K architecture %K automation %K cyberattacks %K cybersecurity %K game theory %K holistic decision making %K self-adaptive software %K self-protecting software %X Security is a critical concern in today's software systems. Besides the interconnectivity and dynamic nature of network systems, the increasing complexity in modern software systems amplifies the complexity of IT security. This fact leaves attackers one step ahead in exploiting vulnerabilities and introducing new cyberattacks. The demand for new methodologies in addressing cybersecurity is emphasized by both private and national corporations. A practical solution to dynamically manage the high complexity of IT security is adaptive security, which facilitates analysis of the system's behaviour and hence the prevention of malicious attacks in complex systems. Systems that feature adaptive security detect and mitigate security threats at runtime with little or no administrator involvement. In these systems, decisions at runtime are balanced according to quality and performance goals. This article describes the necessity of holistic decision making in such systems and paves the road to future research. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 59-64 %8 08/2013 %G eng %U http://timreview.ca/article/717 %N 8 %1 University of Waterloo Mahsa Emami-Taba received her BEng degree in Computer Engineering from Shahid Beheshty University, Iran, in 2005. She received her MMath degree in Computer Science from the University of Waterloo, Canada, in 2009. After completing her studies, she worked as a software designer and developer. She is currently working toward a PhD degree in the Department of Electrical and Computer Engineering at the University of Waterloo. Her research interests include self-adaptive software systems, adaptive security, and nature-inspired adaptive software. %2 University of Waterloo Mehdi Amoui is a Postdoctoral Fellow at the University of Waterloo, Canada. He currently works as a researcher/consultant on a joint research project with the Software Verification and Validation team at Blackberry Inc., Canada. In 2002, he received his PhD from the University of Waterloo on the topic of an evolving software system for self-adaptation, and in 2006, he received an MASc degree in Artificial Intelligence and Robotics from the University of Tehran. His main research interests include self-adaptive software systems, search-based software engineering, software evolution, and software quality. %3 University of Waterloo Ladan Tahvildari is an Associate Professor in the Department of Electrical and Computer Engineering at the University of Waterloo, Canada, and she is the founder of the Software Technologies Applied Research (STAR) Laboratory. Together with her research team, she investigates methods, models, architectures, and techniques to develop higher-quality software systems in a cost-effective manner. Her research accomplishments have been recognized by various awards, including the prestigious Ontario Early Researcher Award, which recognized her work in self-adaptive software. She is a Senior Member of the IEEE, a member of the ACM, and a Professional Engineer (PEng). %R http://doi.org/10.22215/timreview/717 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Securing Canada’s Information-Technology Infrastructure: Context, Principles, and Focus Areas of Cybersecurity Research %A Dan Craigen %A D’Arcy Walsh %A David Whyte %K Canada %K cyberdefence %K cyberinfrastructure %K cybersecurity %K entrepreneurship %K experimental development program %K information-technology infrastructure %K management %K research %X This article addresses the challenges of cybersecurity and ultimately the provision of a stable and resilient information-technology infrastructure for Canada and, more broadly, the world. We describe the context of current cybersecurity challenges by synthesizing key source material whose importance was informed by our own real-world experiences. Furthermore, we present a checklist of guiding principles to a unified response, complete with a set of action-oriented research topics that are linked to known operational limitations. The focus areas are used to drive the formulation of a unified and relevant research and experimental development program, thereby moving us towards a stable and resilient cyberinfrastructure. When cybersecurity is viewed as an inherently interdisciplinary problem of societal concern, we expect that fundamentally new research perspectives will emerge in direct response to domain-specific protection requirements for information-technology infrastructure. Purely technical responses to cybersecurity challenges will be inadequate because human factors are an inherent aspect of the problem. This article will interest managers and entrepreneurs. Senior management teams can assess new technical developments and product releases to fortify their current security solutions, while entrepreneurs can harness new opportunities to commercialize novel technology to solve a high-impact cybersecurity problem.. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 12-18 %8 07/2013 %G eng %U http://timreview.ca/article/704 %N 7 %1 Communications Security Establishment Canada Dan Craigen is a Science Advisor at the Communications Security Establishment Canada (CSEC). Previously, he was President of ORA Canada, a company that focused on High Assurance/Formal Methods and distributed its technology to over 60 countries. His research interests include formal methods, the science of cybersecurity, and technology transfer. He was the chair of two NATO research task groups pertaining to validation, verification, and certification of embedded systems and high-assurance technologies. He received his BScH in Math and his MSc in Math from Carleton University in Ottawa, Canada. %2 Communications Security Establishment Canada D’Arcy Walsh is a Science Advisor at the Communications Security Establishment Canada (CSEC). His research interests include software-engineering methods and techniques that support the development and deployment of dynamic systems, including dynamic languages, dynamic configuration, context-aware systems, and autonomic and autonomous systems. He received his BAH from Queen’s University in Kingston, Canada, and he received his BCS, his MCS, and his PhD in Computer Science from Carleton University in Ottawa, Canada. %3 Communications Security Establishment Canada David Whyte is the Technical Director for the Cyber Defence Branch at the Communications Security Establishment Canada (CSEC). He is CSEC's technical lead responsible for overseeing the implementation of the next-generation cyberthreat-detection services for the Government of Canada. He has held many positions over the last 16 years within CSEC that span both the Signals Intelligence and Information Technology Security mission lines. David holds a PhD in Computer Science from Carleton University in Ottawa, Canada. The main focus of his research is on the development of network-based behavioural analysis techniques for the detection of rapidly propagating malware. %R http://doi.org/10.22215/timreview/704 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Security Challenges in Smart-Grid Metering and Control Systems %A Xinxin Fan %A Guang Gong %K authentication %K cybersecurity %K encryption %K privacy %K smart grid %X The smart grid is a next-generation power system that is increasingly attracting the attention of government, industry, and academia. It is an upgraded electricity network that depends on two-way digital communications between supplier and consumer that in turn give support to intelligent metering and monitoring systems. Considering that energy utilities play an increasingly important role in our daily life, smart-grid technology introduces new security challenges that must be addressed. Deploying a smart grid without adequate security might result in serious consequences such as grid instability, utility fraud, and loss of user information and energy-consumption data. Due to the heterogeneous communication architecture of smart grids, it is quite a challenge to design sophisticated and robust security mechanisms that can be easily deployed to protect communications among different layers of the smart grid-infrastructure. In this article, we focus on the communication-security aspect of a smart-grid metering and control system from the perspective of cryptographic techniques, and we discuss different mechanisms to enhance cybersecurity of the emerging smart grid. We aim to provide a comprehensive vulnerability analysis as well as novel insights on the cybersecurity of a smart grid. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 42-49 %8 07/2013 %G eng %U http://timreview.ca/article/702 %N 7 %1 University of Waterloo Xinxin Fan is a Research Associate in the Department of Electrical and Computer Engineering at the University of Waterloo, Canada. He holds a PhD degree in Electrical and Computer Engineering from the University of Waterloo, as well as a BSc degree in Applied Mathematics and an MEng degree in Information Systems and Telecommunication Engineering from Xidian University, China. His research interests range from fast and secure software and hardware implementations of cryptographic algorithms to the design and the analysis of security protocols for wireless and wireline networks. %2 University of Waterloo Guang Gong is a Professor in the Department of Electrical and Computer Engineering at the University of Waterloo, Canada, and she is the Managing Director of the Centre for Applied Cryptographic Research at University of Waterloo. She holds a BSc degree in Mathematics, an MSc degree in Applied Mathematics, and a PhD degree in Electrical Engineering from universities in China. Dr. Gong has also held a fellowship at the Fondazione Ugo Bordoni, in Rome, Italy, and was Associate Professor at the University of Electrical Science and Technology of China. Her research interests are in the areas of sequence design, cryptography, and communication security. %R http://doi.org/10.22215/timreview/702 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T TIM Lecture Series – Using Risk to Drive a Security Service %A Paul Card %K cybersecurity %K platforms %K risk management %K security %K services %K strategy %K uncertainty %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 42-45 %8 06/2013 %G eng %U http://timreview.ca/article/696 %N 6 %1 Seccuris Paul Card is Director of R&D at Seccuris. He has more than 10 years of experience working with domestic and international companies to advance technology, research, and development strategies. Prior to joining Seccuris, Paul was a Research Scientist at TR Labs, where he was responsible for the security research portfolio. He has worked with over 20 different ICT companies in research and development activities. Paul holds a PhD and MSc in Electrical and Computer Engineering from the University of Manitoba in Winnipeg, Canada. Paul is an Adjunct Professor of the University of Manitoba, and he is a member of the IEEE and the ACM. %R http://doi.org/10.22215/timreview/696