Third-Party Cyber Risk & Corporate Responsibility

February 1, 2017

Judith H. Germano

Third parties are a significant source of cybersecurity vulnerabilities, yet there remains much work to be done in terms of how third-party risk is assessed and  controlled. This paper explains how properly understanding and addressing third-party cyber risk requires a proactive and comprehensive approach to enable parties on all sides to prevent harms and to prepare for and respond to incidents in a faster, better coordinated, less expensive and more effective manner.

Legal Code: In new seminar, law and engineering students solve cybersecurity challenges requiring both legal and technical know-how

January 23, 2017


In response to this changing security landscape, the Law School, in collaboration with NYU Tandon School of Engineering and other NYU schools and departments, launched a pioneered interdisciplinary research institute, the NYU Center for Cybersecurity (CCS). One of the first institutes of its kind at an academic institution, CCS allows NYU Law scholars to conduct cybersecurity research with computer scientists.

NYU’s law and engineering schools announce new MS in Cybersecurity Risk and Strategy Program for executives

February 14, 2017

NYU School of Law and NYU Tandon School of Engineering have announced the establishment of a Master of Science in Cybersecurity Risk and Strategy Program for executives (MS CRS). Offered jointly by the two schools, the one-year program will not simply confer a new degree, but a new category of degree—one built around the interdisciplinary training and perspective needed to address a new category of threat. Read more.

Proposed NY Cybersecurity Regulation: A Giant Leap Backward?

December 2, 2016


Judith Germano

Mid-November marked the end of the comment period for New York’s “first in nation” proposed cybersecurity legislation for financial institutions. As the hot topic of the day, many regulators and government officials have felt compelled to take a stand on cybersecurity. It seems counterintuitive to set out to protect constituents by inaction. But the wrong type of action, including through inflexible and far-reaching state required mandates, only adds to the growing clamor of distractions about how companies should best secure their systems.

ASPIRE scholars win first place in 2016 Cyber Security Case Study Competition

December 8, 2016

The Center for Cybersecurity is thrilled to announce that our scholars Kevin Kirby, Anthony Masi, and Fernando Maymi won the first place prize in the 2016 Lab Cyber Security Case Study competition, hosted by The Economist. Their winning proposal, Votebook, is a model for blockchain-supported elections that is secure, scalable, and consistent with current voter behavior and expectations of privacy. View their video proposal here, and their full paper here.

What Is Cyber Collateral Damage? And Why Does It Matter?

November 15, 2016


Zachary K. Goldman and Sasha Romanosky

What happens when the consequences of a cyberattack are not physical? What happens when a digital missile destroys or corrupts data in a manner that is not intended by the person launching a lawful cyberattack? Current legal and policy frameworks for assessing collateral damage do not squarely address the matter (or at least they do not do so publicly)—and that needs to change.