From the Editor-in-Chief
Welcome to the August 2013 issue of the Technology Innovation Management Review. This is the second of two issues covering the editorial theme of Cybersecurity, and I am pleased to introduce our guest editor, Tony Bailetti, Director of Carleton University's Technology Innovation Management program (TIM) in Ottawa, Canada.
In September and October, we will present two issues on Managing Innovation for Tangible Performance, for which the guest editor is Sorin Cohn, President of BD Cohnsulting Inc. Dr. Cohn also presented the April TIM Lecture on "Enhancing Competitive Position Through Innovation Beyond R&D".
In November, we welcome back Seppo Leminen, Principal Lecturer at the Laurea University of Applied Sciences, Finland, and Mika Westerlund, Assistant Professor at Carleton University’s Sprott School of Business, as guest editors to reprise the theme of Living Labs. Living Labs are physical or virtual environments that bring together “firms, public agencies, universities, institutes, and users all collaborating for creation, prototyping, validating, and testing of new technologies, services, products and systems in real-life contexts” (Westerlund and Leminen, 2011). Leminen and Westerlund were the guest editors when we covered this theme in our September 2012 issue, and we are looking forward to exploring this theme in even greater depth.
I am also pleased to announce the publication of the TIM program's second ebook: Business Models for Entrepreneurs and Startups: Best of TIM Review. This book features 16 of the most insightful, most relevant, and most popular articles published in the TIM Review on the topic of business models. The articles were selected and introduced by Dr. Steven Muegge, an Assistant Professor in the Technology Innovation Management Program at Carleton University, and Claude Haw, President of Venture Coaches. The foreword was written by Sir Terence Matthews, Founder and Chairman of the Board, Mitel Networks Corporation.
We hope you enjoy this issue of the TIM Review and will share your comments online. Please contact us with article topics and submissions, suggestions for future themes, and any other feedback.
From the Guest Editor
It is my pleasure to be the guest editor for the July and August issues of the TIM Review, in which we explore the theme of Cybersecurity. These two issues of the journal include 15 contributions from 31 authors, 13 of which are with universities and research institutes; 11 are with industry; and 7 are with the government.
The August issue of the TIM Review includes eight articles. These articles provide: i) an approach to make Canada a global leader in cybersecurity; ii) methods to identify vulnerabilities and countermeasures in networked cyber-physical systems, deliver risk management for enterprises, and analyze all potential pathways of exposure to risk; iii) a research agenda for information system security engineering; iv) overviews of multifactor authentication mechanisms and self-protecting systems; and v) a model to help security providers position their service offers.
Tony Bailetti and David Hudson are at Carleton University; Renaud Levesque is Director General and Dan Craigen and D’Arcy Walsh are Science Advisors at the Communications Security Establishment Canada (CSEC); and Stuart McKeen is with the Ontario Ministry of Research and Innovation. Their article describes an engine designed to make Canada a global leader in cybersecurity.
Jeff Hughes, President of Tenet 3 and George Cybenko, the Dorothy and Walter Gramm Professor of Engineering at Dartmouth College, describe a threat-driven quantitative methodology for identifying vulnerabilities and countermeasures in networked cyber-physical systems. Risk/benefit assessment is performed using a multidisciplinary approach called QuERIES.
Brian Ritchot is a Senior Information Security Consultant with Seccuris Inc. He specializes in the implementation and delivery of intrusion-detection solutions, vulnerability assessment, network analysis, and security architecture. His article provides a business-focused approach to developing and delivering enterprise security architecture for the purpose of providing a sensible and balanced approach to risk management.
Philip O’Neill is Chief Scientist at Deep Logic Solutions Inc. In his article, he presents the strongest-path method of analyzing all potential pathways of exposure to risk – no matter how indirect or circuitous they may be. The network model of infrastructure and operations makes direct use of expert knowledge about entities and dependency relationships without the need for any simulation or any other models.
Rich Goyette and Yan Robichaud are Senior Security Architects at Communications Security Establishment Canada and François Marinier is an independent information technology security analyst. They present a research agenda designed to move information system security engineering toward a mature engineering discipline. They propose that a threat model that is actionable from the perspectives of risk management and security engineering and a practical and relevant security-measurement framework be developed as a first step.
Jim Reno, a Distinguished Engineer and Chief Architect for Security at CA Technologies, describes the different mechanisms used to implement multifactor authentication. The article highlights that the selection of a multifactor authentication mechanisms affects both security as well as the overall user experience.
Mahsa Emami-Taba is a doctoral student at the University of Waterloo; Mehdi Amoui is a Postdoctoral Fellow working on a joint research project that includes Blackberry Inc. and the University of Waterloo; and Ladan Tahvildari is an Associate Professor in the Department of Electrical and Computer Engineering at the University of Waterloo. They provide an overview of self-protecting systems and highlight the importance of creating a holistic decision-making strategy in cybersecurity.
Arto Rajala, a Senior Researcher in the School of Business at Aalto University in Finland; Mika Westerlund, an Assistant Professor at Carleton University’s Sprott School of Business; Mervi Murtonen, a senior scientist at VTT Technical Research Centre of Finland; and Kim Starck, a Sales and Security Director at Stanley Security Finland propose a model to help security providers position their service offers. Their 4C model focuses on the conceptualization, calculation, communication, and co-creation of value.
We thank you for reading the journal and urge you to support initiatives to make Canada a leader in cybersecurity worldwide. A nationwide effort to make Canada a global leader in cyberspace offers significant benefits to the users of cyberspace worldwide as well as many opportunities for scholarly inquiry and innovative industrial initiatives.
We hope that you, your colleagues, and your organizations benefit from reading the July and August 2013 issues of the TIM Review.
Keywords: Canada, cyberattacks, cybersecurity, cyberthreats, information technology, network security, research, risk assessment