What are the real costs of cybersecurity implementation? Spoiler alert: it’s far more complex than it appears on the surface. Cybersecurity is a people and process problem, not a technology problem. Most of implementation costs come in the form of time, effort and coordination throughout the organization. In this episode, we reach back to classroom for a refresher on how to conduct effective risk analyses. Risk analyses –or risk assessments– are critical tools for guiding smart cybersecurity investments and decisions. They’re the best tool for successfully navigating the intersection of the business and cybersecurity. Whether you’re a compliance professional, business leader or just curious about how cybersecurity aligns with real-world business needs, this episode is full of insights to help you think more strategically. A few highlights:

• Why the cost of cybersecurity is hard to measure – but why it’s necessary
• Why many organizations struggle to properly conduct risk analyses
• How risk analyses help bridge the gap between business goals and cybersecurity priorities
• The importance of gaining executive buy-in for cybersecurity initiatives
• How to conduct a risk analysis

Today’s guests are Dr. T. Selwyn Ellis and Dr. Jae Ung (Jake) Lee. Dr. Ellis is the Balsley-Whitmore Endowed Professor in the College of Business at Louisiana Tech University. He is the Chair of the Department of Computer Information Systems and the Director for the Center for Information Assurance. He earned a Bachelor of Science with a double major in Mathematics and Computer Science, as well as an MBA from Mississippi College and DBA in Quantitative Analysis and Management Information Systems from Louisiana Tech University. He has published over forty articles in various academic journals including Communication of the ACM, IEEE Transactions on Professional Communication, and European Journal of Information Systems. His research is mainly in data analytics and behavioral aspects of information technology.

Dr. Lee is an Associate Professor of Computer Information Systems in the College of Business, Louisiana Tech University. He earned a Ph.D. in Management Science and Systems from the State University of New York at Buffalo. His research interests include information security and privacy, emergency response, cloud computing, and telework. His research has appeared in European Journal of Information Systems, Information Systems Frontiers, and the International Journal of Information Management, among others.