Filter Results
:
(43)
Show Results For
-
All HBS Web
(110)
- Faculty Publications (43)
Show Results For
-
All HBS Web
(110)
- Faculty Publications (43)
Page 1 of
43
Results
→
- March 2024
- Teaching Note
SolarWinds Confronts SUNBURST
By: Frank Nagle and David Lane
Teaching Note for HBS Case Nos. 723-357 & 723-368.
View Details
- February 2024
- Case
Johnson Security Bureau: Building Multigenerational Success
By: Henry McGee, Annelena Lobb and David Muoser
Johnson Security Bureau, the oldest Black-owned security firm in the state of New York, wanted to scale its business. CEO Jessica Johnson-Cope considered whether to expand JSB through partnerships with security firms in other states, through a new focus on...
View Details
- December 2023
- Case
TikTok: The Algorithm Will See You Now
By: Shikhar Ghosh and Shweta Bagai
In a world where attention is a scarce commodity, this case explores the meteoric rise of TikTok—an app that transformed from a niche platform for teens into the most visited domain by 2021—surpassing even Google. Its algorithm was a sophisticated mechanism for...
View Details
Keywords:
Social Media;
Applications and Software;
Disruptive Innovation;
Business and Government Relations;
International Relations;
Cybersecurity;
Culture;
Technology Industry;
China;
United States;
India
Ghosh, Shikhar, and Shweta Bagai. "TikTok: The Algorithm Will See You Now." Harvard Business School Case 824-125, December 2023.
- 2023
- Article
MoPe: Model Perturbation-based Privacy Attacks on Language Models
By: Marvin Li, Jason Wang, Jeffrey Wang and Seth Neel
Recent work has shown that Large Language Models (LLMs) can unintentionally leak sensitive information present in their training data. In this paper, we present Model Perturbations (MoPe), a new method to identify with high confidence if a given text is in the training...
View Details
Li, Marvin, Jason Wang, Jeffrey Wang, and Seth Neel. "MoPe: Model Perturbation-based Privacy Attacks on Language Models." Proceedings of the Conference on Empirical Methods in Natural Language Processing (2023): 13647–13660.
- November 2023
- Article
Federated Electronic Health Records for the European Health Data Space
By: René Raab, Arne Küderle, Anastasiya Zakreuskaya, Ariel Dora Stern, Jochen Klucken, Georgios Kaissis, Daniel Rueckert, Susanne Boll, Roland Eils, Harald Wagener and Bjoern Eskofier
The European Commission's draft for the European Health Data Space (EHDS) aims to empower citizens to access their personal health data and share it with physicians and other health-care providers. It further defines procedures for the secondary use of electronic...
View Details
Keywords:
Analytics and Data Science;
Cybersecurity;
Information Management;
Knowledge Sharing;
Knowledge Use and Leverage;
Health Industry
Raab, René, Arne Küderle, Anastasiya Zakreuskaya, Ariel Dora Stern, Jochen Klucken, Georgios Kaissis, Daniel Rueckert, Susanne Boll, Roland Eils, Harald Wagener, and Bjoern Eskofier. "Federated Electronic Health Records for the European Health Data Space." Lancet Digital Health 5, no. 11 (November 2023): e840–e847.
- October 2023 (Revised March 2024)
- Case
Fortinet: Cybersecurity Pioneer Ken Xie Considers the Long Game
By: Tsedal Neeley, Jeff Huizinga and Emily Grandjean
Ken Xie, cofounder of cybersecurity giant Fortinet, faced a critical decision that would validate his leadership. Fortinet became the industry’s second-largest pureplay cybersecurity firm by developing differentiated hardware and investing in R&D. However, after a...
View Details
Keywords:
Leadership Development;
Leadership Style;
Marketing Strategy;
Information Technology Industry;
United States;
Sunnyvale
Neeley, Tsedal, Jeff Huizinga, and Emily Grandjean. "Fortinet: Cybersecurity Pioneer Ken Xie Considers the Long Game." Harvard Business School Case 424-016, October 2023. (Revised March 2024.)
- 2023
- Working Paper
Black-box Training Data Identification in GANs via Detector Networks
By: Lukman Olagoke, Salil Vadhan and Seth Neel
Since their inception Generative Adversarial Networks (GANs) have been popular generative models across images, audio, video, and tabular data. In this paper we study whether given access to a trained GAN, as well as fresh samples from the underlying distribution, if...
View Details
Olagoke, Lukman, Salil Vadhan, and Seth Neel. "Black-box Training Data Identification in GANs via Detector Networks." Working Paper, October 2023.
- September 2023 (Revised October 2023)
- Case
CyberArk: Fearlessly Forward in a Digital World
By: David B. Yoffie and Daniela Beyersdorfer
CyberArk was a leader in privileged access management and was an emerging leader in security identity. This case explores strategies in cybersecurity and whether big bets are needed to become a global leader.
View Details
- 24 Apr 2023 - 27 Apr 2023
- Conference Presentation
Diversity, Equity, & Inclusion: The Paradoxical Effect & Impact on Security
By: J. Carlos Vega, Hise O. Gibson, Nicole Gilmore and Larry Whiteside Jr.
Diversity, Equity, & Inclusion (DEI) is necessary to create the world class teams we need to defend against advanced threats and adversaries; however, the approach that most take often fails spectacularly. The panel challenges the current practices, the failings, and...
View Details
"Diversity, Equity, & Inclusion: The Paradoxical Effect & Impact on Security." Paper presented at the RSA Conference, San Francisco, CA, USA, April 24–27, 2023.
- March 2023 (Revised June 2023)
- Teaching Note
Ransomware Attack at Springhill Medical Center
By: Suraj Srinivasan and Li-Kuan (Jason) Ni
Teaching Note for HBS Case No. 123-065. In July, 2019, Springhill Medical Center (“SMC”) in Mobile, Alabama fell prey to a malicious ransomware attack that crippled the hospital’s internal network systems and public-facing web page. While the hospital rushed to...
View Details
Keywords:
Disruption;
Communication;
Communication Strategy;
Decision Making;
Decision Choices and Conditions;
Judgments;
Corporate Accountability;
Corporate Disclosure;
Corporate Governance;
Governance Controls;
Policy;
Employees;
News;
Cybersecurity;
Digital Strategy;
Information Infrastructure;
Information Management;
Internet and the Web;
Crisis Management;
Business or Company Management;
Resource Allocation;
Risk Management;
Negotiation Tactics;
Failure;
Business and Stakeholder Relations;
Attitudes;
Behavior;
Perception;
Reputation;
Trust;
Public Opinion;
Social Issues;
Health Industry;
Alabama;
United States
- March 2023
- Teaching Note
Ransomware Attack at Colonial Pipeline Company
By: Suraj Srinivasan and Li-Kuan Ni
Teaching Note for HBS Case No. 123-069. On the morning of May 7, 2021, Colonial Pipeline Company became aware that the company had been the victim of a malicious ransomware attack that had stolen and locked up company data. The extortionists demanded 75 bitcoins (worth...
View Details
Keywords:
Disruption;
Communication;
Communication Strategy;
Decision Making;
Decision Choices and Conditions;
Judgments;
Corporate Accountability;
Corporate Disclosure;
Corporate Governance;
Governance Controls;
Policy;
Employees;
News;
Cybersecurity;
Digital Strategy;
Information Infrastructure;
Information Management;
Internet and the Web;
Crisis Management;
Business or Company Management;
Resource Allocation;
Risk Management;
Negotiation Tactics;
Failure;
Business and Stakeholder Relations;
Attitudes;
Behavior;
Perception;
Reputation;
Trust;
Public Opinion;
Social Issues;
Infrastructure;
Distribution Industry;
United States;
Alabama
- March 2023
- Case
Ransomware Attack at Colonial Pipeline Company
By: Suraj Srinivasan and Li-Kuan Ni
On the morning of May 7, 2021, Colonial Pipeline Company became aware that the company had been the victim of a malicious ransomware attack that had stolen and locked up company data. The extortionists demanded 75 bitcoins (worth about $4.4 million at the time) in...
View Details
Keywords:
Disruption;
Communication;
Communication Strategy;
Decision Making;
Decision Choices and Conditions;
Judgments;
Corporate Accountability;
Corporate Disclosure;
Corporate Governance;
Governance Controls;
Policy;
Employees;
News;
Cybersecurity;
Digital Strategy;
Information Infrastructure;
Information Management;
Internet and the Web;
Crisis Management;
Business or Company Management;
Resource Allocation;
Risk Management;
Negotiation Tactics;
Failure;
Business and Stakeholder Relations;
Attitudes;
Behavior;
Perception;
Reputation;
Trust;
Public Opinion;
Social Issues;
Infrastructure;
Distribution Industry;
United States;
Alabama
Srinivasan, Suraj, and Li-Kuan Ni. "Ransomware Attack at Colonial Pipeline Company." Harvard Business School Case 123-069, March 2023.
- February 2023
- Case
Ransomware Attack at Springhill Medical Center
By: Suraj Srinivasan and Li-Kuan (Jason) Ni
In July, 2019, Springhill Medical Center (“SMC”) in Mobile, Alabama, fell prey to a malicious ransomware attack that crippled the hospital’s internal network systems and public-facing web page. While the hospital rushed to securely restore the network, medical...
View Details
Keywords:
Disruption;
Communication;
Communication Strategy;
Decision Making;
Decision Choices and Conditions;
Judgments;
Corporate Accountability;
Corporate Disclosure;
Corporate Governance;
Governance Controls;
Policy;
Employees;
News;
Cybersecurity;
Digital Strategy;
Information Infrastructure;
Information Management;
Internet and the Web;
Crisis Management;
Resource Allocation;
Risk Management;
Negotiation Tactics;
Failure;
Business and Stakeholder Relations;
Attitudes;
Behavior;
Perception;
Reputation;
Trust;
Public Opinion;
Social Issues;
Health Industry;
United States;
Alabama
Srinivasan, Suraj, and Li-Kuan (Jason) Ni. "Ransomware Attack at Springhill Medical Center." Harvard Business School Case 123-065, February 2023.
- October 2022 (Revised September 2023)
- Case
SolarWinds Confronts SUNBURST (A)
On December 12, 2020, SolarWinds learned that malware had been inserted in its software, potentially granting hackers access to thousands and thousands of its 300,000 customers. General Counsel Jason Bliss needed to orchestrate the company response without knowing how...
View Details
Keywords:
Cyberattacks;
Cybersecurity;
Corporate Disclosure;
Crisis Management;
Customer Focus and Relationships;
Legal Liability;
Information Technology Industry;
United States
Nagle, Frank, George A. Riedel, William R. Kerr, and David Lane. "SolarWinds Confronts SUNBURST (A)." Harvard Business School Case 723-357, October 2022. (Revised September 2023.)
- October 2022 (Revised September 2023)
- Supplement
SolarWinds Confronts SUNBURST (B)
Supplements the (A) case, describing actions taken by SolarWinds as well as by regulatory agencies in the aftermath of the immediate crisis. The case also includes reflections by SolarWinds managers on the choices they made with respect to disclosure, media relations,...
View Details
Keywords:
Cyberattacks;
Cybersecurity;
Corporate Disclosure;
Crisis Management;
Customer Focus and Relationships;
Legal Liability;
Governance Compliance;
Business and Government Relations;
Information Technology Industry;
United States
Nagle, Frank, George A. Riedel, William R. Kerr, and David Lane. "SolarWinds Confronts SUNBURST (B)." Harvard Business School Supplement 723-368, October 2022. (Revised September 2023.)
- October 2022
- Background Note
Note on Cyberattacks and Regulatory Regimes
Describes common types of cyberattacks on enterprises and their costs, as well as the fragmentary regulatory regimes through which U.S. states and regulatory agencies at the start of 2021 attempted to encourage disclosure of cyberattacks and to pursue enforcement...
View Details
Keywords:
Regulations;
Regulatory Agencies;
Cyberattacks;
Governance;
Corporate Disclosure;
Cybersecurity;
Information Industry;
Information Technology Industry;
Health Industry;
Financial Services Industry;
United States
Nagle, Frank, George A. Riedel, William R. Kerr, and David Lane. "Note on Cyberattacks and Regulatory Regimes." Harvard Business School Background Note 723-392, October 2022.
- August 2022
- Case
Atlanta Ransomware Attack (A)
By: Amit Goldenberg and Julian Zlatev
This case describes the March 2018 Ransomware attack on the information technology (IT) systems of the city of Atlanta and the response by Mayor Keisha Lance Bottoms and her administration. The case includes a brief background on Bottoms and her young administration at...
View Details
Keywords:
Crime and Corruption;
Decision Making;
Cost vs Benefits;
Decision Choices and Conditions;
Decisions;
Ethics;
Values and Beliefs;
Government and Politics;
Government Administration;
Information Technology;
Cybersecurity;
Information Management;
Leadership;
Management;
Crisis Management;
Management Teams;
Negotiation;
Risk and Uncertainty;
Social Psychology;
Perception;
Personal Characteristics;
Perspective;
Power and Influence;
Society;
Public Administration Industry;
United States;
Georgia (state, US);
Atlanta
Goldenberg, Amit, and Julian Zlatev. "Atlanta Ransomware Attack (A)." Harvard Business School Case 923-009, August 2022.
- August 2022
- Supplement
Atlanta Ransomware Attack (B)
By: Amit Goldenberg and Julian Zlatev
This case describes the March 2018 Ransomware attack on the information technology (IT) systems of the city of Atlanta and the response by Mayor Keisha Lance Bottoms and her administration. The case includes a brief background on Bottoms and her young administration at...
View Details
Keywords:
Crime and Corruption;
Decision Making;
Cost vs Benefits;
Decision Choices and Conditions;
Decisions;
Ethics;
Values and Beliefs;
Government and Politics;
Government Administration;
Information Technology;
Cybersecurity;
Information Management;
Leadership;
Management;
Crisis Management;
Management Teams;
Negotiation;
Risk and Uncertainty;
Social Psychology;
Perception;
Personal Characteristics;
Perspective;
Power and Influence;
Society;
Public Administration Industry;
United States;
Atlanta;
Georgia (state, US)
Goldenberg, Amit, and Julian Zlatev. "Atlanta Ransomware Attack (B)." Harvard Business School Supplement 923-010, August 2022.
- 2022
- Article
Data Poisoning Attacks on Off-Policy Evaluation Methods
By: Elita Lobo, Harvineet Singh, Marek Petrik, Cynthia Rudin and Himabindu Lakkaraju
Off-policy Evaluation (OPE) methods are a crucial tool for evaluating policies in high-stakes domains such as healthcare, where exploration is often infeasible, unethical, or expensive. However, the extent to which such methods can be trusted under adversarial threats...
View Details
Lobo, Elita, Harvineet Singh, Marek Petrik, Cynthia Rudin, and Himabindu Lakkaraju. "Data Poisoning Attacks on Off-Policy Evaluation Methods." Proceedings of the Conference on Uncertainty in Artificial Intelligence (UAI) 38th (2022): 1264–1274.
- May 2022
- Case
TikTok and National Security: Investment in an Age of Data Sovereignty?
By: Jeremy Friedman, Sarah Bauerle Danzman and David Lane
This case covers TikTok’s purchase of Musical.ly and the reaction of the United States government, including the review of the purchase by the Committee on Foreign Investment in the United States (CFIUS) and the reaction of the presidential administration of Donald...
View Details
Keywords:
Data Security;
Mergers and Acquisitions;
Cybersecurity;
Internet and the Web;
International Relations;
Laws and Statutes;
Globalized Firms and Management
Friedman, Jeremy, Sarah Bauerle Danzman, and David Lane. "TikTok and National Security: Investment in an Age of Data Sovereignty?" Harvard Business School Case 722-020, May 2022.