Publications and Presentations

As his way of contributing to improve the profession, Mike actively works with the Open Group as Chair of the Security Forum and the American Bar Association as a technical and economics contributor. 

Here are some of his publications regarding information security, information risk, and information risk management.

If you have any questions about the work going on here in either the Open Group Security Forum or the ABA’s Cyberspace Law Committee, please contact me.

Contact me

Book Chapters

Governing Cyber Risk Management in the Twenty-First Century:  A Forward Looking Strategy

Appears as Chapter 17 in the Director’s Technology Handbook, Tips and Strategies for Advising Corporate Directors, Candace Jones editor, 2021, Published by the American Bar Association Business Law Section, p117-125.

This chapter discusses how boards must choose a cyber risk management maturity and how the organization then must produce the right information needed to meet the needs of that maturity choice.

An Economic Survey Analysis of the Legal Literature Pertaining to the Privacy Implications of Radio Frequency Identification Technology

Appears as chapter 19 in RFIDs Near-Field Communications and Mobile Payments – a Guide for Lawyers, Sara Jane Hughes editor, 2013.  Published by the American Bar Association Cyberspace Law Committee, p479-496

This chapter surveyed legal scholarship on privacy and RFID and discovered a relationship between advocates’ views on assumptions held on market actors behavior and willingness to preemptively legislate privacy requirements.

The Security Rule

Appears as chapter 5 in A Guide to HIPAA and the Law, Stephen S. Wu, editor, 2007.   Published by the American Bar Association Science and Technology Law Section, p25-94.

This chapter (co-authored with Stephen Wu) looked at the security rule and how to comply with it technically.  The requirements “reasonable and appropriate” were explored.

Papers and Articles

Calculating Reserves for Cyber Risk:  Integrating Cyber Risk with Financial Risk

This white paper co-authored with Dr. Bob Mark discusses how a financial institution can quantify its cyber risk, a BASEL III Tier 1 risk, in economic terms so that capital can be reserved in compliance with regulatory requirements.  (2021)

Putting Open FAIR Risk Analysis Into Action:  A Cost-Benefit Analysis of Connecting Home Dialysis Machines Online to Hospitals in Norway

This white paper co-authored with Sushmitha Kasturi and Dr. Biljana Strageland presents an economic risk analysis of the Norwegian Regional Health Authority’s prohibition of connecting home dialysis machines online for privacy reasons. (2017)

Framework for Control over Electronic Chattel Paper – Compliance with UCC Section 9-105

Appears as an article co-authored with Mattias Hallendorf jointly published by the American Bar Association in its The Business Lawyer, Journal of the Section of Business Law, American Bar Association, February 2006, Vol 61, No. 2. and the Open Group as a White Paper.

This paper was produced as a joint project by the Working Group on Transferability of Electronic Financial Assets, a Joint Working Group of the Committee on Cyberspace Law and the Committee on the Uniform Commercial Code of the ABA Section of Business Law and the Open Group Security Forum.  The purpose of the paper was to present how a “single authoritative copy” of electronic chattel paper (for example an electronic car loan) could comply with the requirements of UCC Sec. 9-105.