Dr. Anat Zeelim-Hovav Korea University Business School Seoul, South Korea [email protected] biz2.korea.ac.kr/~anat ____________________________________________________________ Education A. Claremont Graduate University. 1. Management Information Systems, PhD, May 2000. 2. Dissertation topic: Managing Academic Electronic Publishing: A Case Study of Electronic Journals in Information Sciences. March 2000. B. Loyola Marymount University. Computer Science and Engineering. Master of Science. 1986. C. Tel-Aviv University. Dual degree in Mathematics and Computer Science. Bachelors of Science. 1980. . Employment History Academic Korea University Business School Full Professor 2012-present Associate Professor 2006/7-2012 Assistant Professor 2005-2006 Temple University Assistant Professor. Fall 2000 to Summer 2005 University of Southern California Assistant Professor of Clinical. Fall 1999 to Spring 2000 California State Polytechnic University, Pomona Lecturer. Winter 1999 to Summer 1999 La Verne University Instructor. Spring 1997 to Spring 1999 Montgomery County Community College, Blue Bell Instructor. Fall 1995 Temple University Teaching Assistant. Spring 1995, Fall 1995 Teaching Experience Introduction to Information Security Management. An undergraduate course designed to introduce the basic concepts of information security management. The course covers topics such as technical vulnerabilities, risk, internal misuse, technical and managerial countermeasures, standards, and best practices. The course approach information security from a socio-technical standpoint and combines hands-on practice with management and business principles. Managing Information Systems Security. This course was designed for graduate students majoring in information security and policy. The goal of the course is to familiarize students with topic such as identifying and prioritizing threats to information assets, defining an information security strategy and architecture, planning for and responding to intruders, and presenting a disaster recovery plan. The course also discusses legal and public relations implications of security and privacy issues, successful training and awareness programs, return on security investments and risk assessment. Organizational Theory and Information Systems. This is a graduate seminar in MIS. The course covers the fundamental organizational and behavioral theories used in Information Systems research. Students are expected to appreciate the practical applications of these theories to the management of Information Systems and Technology. In additions, students are encouraged to discover additional venues for practical research and theoretical development. Electronic Commerce Site Design. The class covers topics such as, e-business drivers and inhibitors, Web infrastructure and development tools, elements of good web design and usability analysis, security and secure electronic payments, web performance and special topics (such as section 508). Students are required to implement a fully working interactive Web site. Guidelines for the final project are included in Teaching Portfolio Section). All projects are implemented using Active Server Pages. Interactive Site Design. The objective of the course is to familiarize the students with the basic and advanced components of Web development The course covers topics such as distributed development, web site performance, advance security techniques and wireless Web development. The students are required to implement a prototype of a Web site. The technology (or infrastructure) selected is at the discretion of each team. Projects are implemented using the department’s Biz Tech server lab. Project in Information Systems. This course is the culmination of the MS in MIS degree. Students are expected to carry out an Information Systems project from analysis and design to implementation. The objectives of the course are to: (1) consolidate and integrate the knowledge acquired throughout the students graduate degree (2) apply classroom theory, concepts and principles to real-life 2 situations, and (3) expose the students to the most common "pitfalls" of MIS project implementations and ways to avoid and/or overcome them. In addition, I have introduced project management principles to the class (following the Project Management Institute certification guidelines). Projects in Information Science. This course is the culmination of the undergraduate studies in MIS. Students complete their project design in a prior course (Systems Analysis and Design) and are expected to implement the system using material and knowledge acquired throughout their undergraduate studies. Information Systems Application in Organizations. This course provides an overview of the information systems that support the operational, administrative, and strategic needs of the organization. The course covers topics such as transaction processing, integration, decision support systems, enterprise systems, contact management, groupware, and portals. The course also focuses on the strategic role and effective acquisition, planning, management and use of information systems in enabling and changing business processes. Information Systems Perspectives. This is an intensive 1.5 credit introductory course for non-major graduate students. The goal of this course is to give students, who are or intend to be managers, an overview of the basic concepts underlying the development and implementation of information technologies and their impact on organizational decisions. Business Telecommunications. The objective of the course is to provide students with a framework for understanding how to integrate the knowledge of information networks with business opportunities. The undergraduate version of this course focuses on the infrastructure and technological bases of information networks, the structure of the networking industry, its regulatory agencies and policy setting organizations, and the impact of information networks on organizational structure and strategy. The graduate version of this course also covers the topics of acquisition, planning and management of information networks, and globalization. Computer Networking. This class is targeted towards undergraduate computer science students and focuses on the technical aspects of computer networks. The main focus of the class was on the physical and network layers of wired and wireless Wide Area Networks (WANs). Local Area Networks. This class was targeted towards undergraduate computer science students and focuses on the technical aspects of Local Area Networks (LANs). The theoretical portion of the class included topics such as hardware considerations and the physical layer of LANs, HUBs, switches, routers and gateways, IEEE802 standards, high speed LANs (ATM, GB Ethernet), LAN performance, and wireless LANs. The hands-on portion of the class involved the design and installation of a NT 4.0 based LAN using dual-server configuration. 3 Non-Academic TransScend 2000 (1998 – 1999) As an independent consultant, participated in the compilation of proposals in response to an RFP by the Los Angeles Unified School District. The first RFP was Y2K related. The district had to adapt their entire system to comply with the year 2000. The second RFP was for a conversion of a mainframe based Compensatory Education Funds system to a client/server based system. Reveal Inc (A subsidiary of Packard Bell Computers) (1992 – 1995) An independent consultant responsible for the design, implementation and user training of various systems such as: EDI, Integrated imaging and workflow control system, Bar code based Shop Floor control, Automated Payroll and Time and Attendance. San Mateo College District (1991 – 1992) Member of a three person team responsible for a five years master plan for the Information Technology of the district. Responsibilities included: Evaluation of operating procedures; Network requirements (both hardware and software); Database requirements; storage requirements and allocation; Software evaluation (Operating systems and utilities). Forecasting of future needs and a five years implementation plan. Children’s Hospital of Los Angeles (1989 – 1991) MIS director responsible for the: Direct supervision of Operations Manager and Programming Manager; Management of 30 IS employees; Contract negotiations with outside vendors; Departmental and payroll budgeting; Construction of a new computer room; Acquisition and installation of 2 mainframe systems; Daily contact with corporate officers and department heads. Other Industry Experience (1980-1989). Other industry jobs include project manager and a database administrator for Riverside Community College; Consultant for security pacific bank, system analyst and a programmer at several mortgage companies, Los Angeles County’s purchasing department and the University of Southern California. Awards, Fellowships, Grants Grants E-Business in Healthcare: Virtual Communities and Meetings. With M. Mandviwalla, J. Zeitz, and R. Patnayakuni. Granted by Aventis Behring, LLC. For the amount of $30,500. June 2000 - December 2000. 4 A Model of Internet Standards Adoption. With Schuff, D. Granted by the Return of Overhead Research Incentive Grant Program (Internal Grant), Temple University, $6,975. May 2002- May 2003. State Farm Companies. With John D’Arcy in support of his doctoral dissertation titled “The Role of Individual Differences and Employment Context on the Effectiveness of IS Security Countermeasures.” For the amount of $13,000. June 2004 - June 2005. Green Finance. Granted by Korea University, funded by a Government Grant. December 2010, December 20122, December 2012. Research Study Leave. Spring 2004. Project topic: “Assessment of cyber-risk and the business value of Information Security breaches.” Research Study Leave. Fall 2009. Project topic: “Identity Management Systems and Secured Access Control.” Awards MIS Teacher of the Semester Award for Spring 2002 Advanta Center Award. Best Featured Article of 2003 in Risk Management and Insurance Review. Given by the American Risk and Insurance Association. August 10th, 2004. IBRE Distinguished Research Award. Korea University Business School October 10, 2007. IBRE Distinguished Research Award. Korea University Business School November 21, 2007. SK Distinguished Research Award. Korea University Business School November 21, 2007. IBRE Distinguished Research Award. Korea University Business School April 16, 2008. IBRE Distinguished Research Award. Korea University Business School April 17, 2010. IBRE Distinguished Research Award. Korea University Business School October 13, 2010. IBRE Distinguished Research Award. Korea University Business School October 12, 2011. 5 Service Contributions Senior Editor for Information Systems Management (ISM). Program chair for the Annual Information Security Conference. Co-chair for WISP 2012, Orlando Florida, December 2012 Local arrangements chair for the Association of Computing Machinery Special Interest Group on Computer Personnel Research (SIGCPR) conference held in Philadelphia in May 2003. Reviewer and technical advisor for Skopec, E. and Housel, T. "Global Telecommunications: The Business Perspective" (McGraw Hill: Boston, 2000). Research Contributions 1. Publication of research in refereed journals and books "Process Redesign in Education: The Case of Documents." Mandviwalla, M and Hovav, A. In Information and Process Integration in Enterprises: Rethinking Documents. Ed. Wakayama, T., Kannapan S., Khoong, C.M., Navathe, S., and Yates, J. Kluwer Academic Publishers. Norwell, Massachusetts. 1998 (pp. 321- 337). "Adapting Business Process Redesign Concepts to Higher Education." Mandviwalla, M and Hovav, Business Process Management Journal. 4(3), 1998 (pp. 186-203). “Using Scenarios to Understand the Frontiers of IS.” Gray, P. and Hovav, A. Information Systems Frontier. 1(1), July, 1999 (pp. 15-24). “Future Penetration of Academic Electronic Journals: Four Scenarios." Hovav, A. and Gray P. Information Systems Frontier. 4(2), July 2002 (pp. 229-244). “The impact of Denial-of-Service attack announcements on the Market Value of Firms.” Hovav, A. and D’Arcy, J. Risk Management and Insurance Review. 6(2), 2003. (pp. 97-121). Best featured article of 2003 award. “Managing Academic Electronic Journals.” Hovav, A. and Gray, P. Communications of ACM. 47(4), 2004. (pp. 79-82). “The Impact of Virus Attack Announcements on the Financial Value of Firms.” Hovav, A. and D’Arcy, J. Information Systems Security Journal. 13(3), July 2004 (pp. 58-66). 6 "A Model of Internet Standards Adoption: The Case of IPv6.” Hovav, A., Patnayakuni, R. and Schuff, D. Information Systems Journal (ISJ). 14(3), 2004. (pp.265-294). “The Changing Dynamics of the Internet: Adoption Patterns of the IPv6 Standard.” Hovav, A. and Schuff, D. Communications of AIS (CAIS). Volume 15, February 2005. (pp. 242-262). “Capital Market Reaction to Defective Information Technology Products: The Case of Computer Viruses.” Hovav, A. and D’Arcy, J. Computers & Security. Volume 24 (5). August 2005 (pp. 409-424). "Academic Publishing: Past, Present and Future." Hovav, A. and Gray, P. Advances in Computers, 67 (3), May 2006. pp. 131-175). “The IS Organization of the Future: Four Scenarios for 2020.” Gray, P. and Hovav, A. Information Systems Management 24 (2) pp. 113-120. “Towards a Best Fit between Organizational Security Countermeasures and Information System Misuse behaviors.” D’Arcy, J. and Hovav, A. Journal of Information Systems Security. Volume 3(2), 2007. (pp. 3-30). “Deterring Internal Information Systems Misuse.” D’Arcy, J. and Hovav, A. Communications of the ACM. Volume 50(10), October 2007, (pp. 113-117). “From Hindsight to Foresight: Applying Futures Research Techniques in Information Systems.” Gray, P. and Hovav, A. Communications of the AIS. Volume 22(12), February 2008, (pp. 211-234). “Socially Driven Life Cycle of Academic Scholarship: A Longitudinal Study of Six Electronic Journals.” Hovav, A. IEEE Transactions on Professional Communication. Volume 51(1), March 2008, (pp. 79-94). “An Integrative Framework for the Study of Information Security Research.” With D’Arcy, J. Chapter VI in the Handbook on Research in Information Assurance and Security. Ed. Jatinder N. D. Gupta and Sushil K. Sharma. Aug, 2008. “User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach.” With D’Arcy, J and Galletta, D. Information Systems Research 20(1), March 2009, (pp. 79-98) “Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures.” D’Arcy, J. and Hovav, A. Journal of Business Ethics. Volume 89 (supplement 1), May 2009, (pp. 59-71). 7 “Adoption Leadership and Early Planners: Comcast’s Internet Protocol Upgrade Strategy.” With Ciprian Popouciu. Communications of the ACM. 52(7), July 2009 (pp. 143-146). “Identity Management Systems and Secured Access Control.” With Ron Berger. Communications of the AIS, Volume 26, December 2009. “Determinants of Internet Standards Adoption: The Case of South Korea.” With Martin Hemmert and Yoo Jung Kim. Research Policy 40(2), March 2011 (pp. 253-262). “Applying an Extended Model of Deterrence across Cultures: An Investigation of Information Systems Misuse in the U.S. and South Korea.” With John D’Arcy. Information and Management. 49(2), March 2012 (pp. 99-110). “Strategic Value and Drivers behind Organizational Adoption of Enterprise DRM: The Korean Case.” With Jean-Henry Morin. Journal of Service Science Research. 4(1), June 2012. (pp. 143-168). “Green IT Investments and the Value of the Firm.” With JinYoung Han. Entrue Journal of Information Technology (EJIT). 11(2), June 2012. (pp. 181-196). 2. Publication of Proceedings of conferences and meetings "Redesigning the questioning, discussion, and document processes." Mandviwalla, M. and Hovav, A. In the proceedings of the ACM SIG Computer Personnel Research Conference. April 11-13, 1996. (pp. 326-337). Denver, Colorado. "Process Redesign in Education: The Case of Documents." Mandviwalla, M. and Hovav, A. In the proceedings of the International Working Conference on Information and Process Integration in Enterprises (IPIC). November 14-15, 1996. (Pp. 357-370). Boston, Massachusetts. "Academic Electronic Publishing: Scenarios for 2007." Hovav, A. and Gray P. In the proceedings of the Americas Conference on Information Systems. August 15- 17, 1997 (pp. 387-389). Indianapolis, Indiana. "The Professional Meeting." Mandviwalla, M. and Hovav, A. In the proceedings of the Americas Conference on Information Systems. August 15-17, 1997 (pp. 402-404). Indianapolis, Indiana. "Social Behavior in Professional Meetings: A Video Analysis of a Panel Discussion." Hovav, A. and Mandviwalla, M. In the proceedings of the ACM SIG 8 Computer Personnel Research Conference March 26-28, 1998. Boston, Massachusetts "Academic Electronic Publishing: A Framework." Hovav, A. and Gray P. In the proceedings of the Americas Conference on Information Systems. August 14-16, 1998. Atlanta, Georgia. "Managing Academic Electronic Publishing: Six Case Studies" Hovav, A. and Gray P. In the proceedings of the 9th European Conference on Information Systems. June 27-29, 2001 (pp. 468-473). Bled, Slovenia "Internet Technology Diffusion: Adoption of Ipv6" Hovav, A., Patnayakuni, R. and Schuff, D. In the proceedings of the 9th European Conference on Information Systems. June 27-29, 2001 (pp. 751-763). Bled, Slovenia. “The Impact of Virus Attack Announcements on the Financial Value of Firms.” Hovav, A. and D’Arcy, J. In the proceedings of the Second International Workshop on Security in Information Systems WOSIS-2004. April 13, 2004 – Porto, Portugal. "The Role of Individual Characteristics on the Effectiveness of IS Security Countermeasures." D’Arcy, J. and Hovav, A. In the proceedings of the Americas Conference on Information Systems. New York, NY. August 6-8, 2004. "Critical Success Factors for Trusted Computing: The Microsoft Initiative and Beyond." Hovav, A. In the proceedings of the 4th Security Conference. Las Vegas, Nevada. March 30-31, 2005. "Deterring Information Systems Misuse: The Impact of Three Security Countermeasures." D’Arcy, J. and Hovav. In the proceedings of the 4th Security Conference. Las Vegas, Nevada. March 30-31, 2005. "A Framework for the Study of Cyber Liability.” Hovav, A. In the Proceedings of KMIS. November 24-26, 2005. Jeju Island, Korea. “IS Security Research: An Analysis and Integrative Framework for Future Work.” D’Arcy, J and Hovav, A. In the proceedings of the Fifth Annual Security Conference, April 19-20. Las Vegas, Nevada. “Determinants of IP Version 6 Adoption.” Anat Hovav and Yoo-Jung Kim. In the proceedings of the International Multi-conference on Computing in the Global Information Technology. August 1 - August 3, 2006. Bucharest, Romania and in Xplore, IEEE Digital Library. “Does One Size Fit All? The Influences of Computer Self-Efficacy and Virtual Status on Security Countermeasure Effectiveness.” D’Arcy, J and Hovav, A. In 9 the Proceeding of the 2006 Annual International Workshop of AIS Special Interest Group on Network and Internet Security (WISA 2006), December 10th, 2006. Milwaukee, Wisconsin. “Classification of Security Breaches and their Impact on the Market Value of Firms.” Hovav, A., Francis K. Andoh-Baidoo and Gurpreet Dhllion. In the proceedings of the Sixth Annual Information Security Conference. April 10th-11th, 2007. Las Vegas. “An Expert System for the Evaluation of Information Security Programs: A Helping Hand for SMEs.” Tae-Nyeon Kim. And Hovav, A. In the proceedings of the Sixth Annual Information Security Conference. April 10th-11th, 2007. Las Vegas. "A Cross-Cultural Analysis of Security Countermeasures Effectiveness." Hovav, A., D’Arcy, J. and Lee, Kyoungho. Second Pre-ICIS Workshop on Information Security and Privacy (WISP2007), December 8th, 2007. Montreal, Canada. “The Extent to which an Information Security Breach Event Ripples through the Economy: A Stakeholder Analysis.” With Paul Gray. In the proceedings of the Seventh Annual Information Security Conference. June 1-3, 2008. Las Vegas, Nevada. “Strategic Value and Drivers behind Organizational Adoption of Enterprise DRM : Setting the Stage.” With Jean-Henry Morin. In the proceedings of the Seventh Annual Information Security Conference. June 1-3, 2008. Las Vegas, Nevada. “Managers, Do Not Panic: A Longitudinal Study of the TJX Information Security Breach.” Hovav, A., Gray, P. Third Pre-ICIS Workshop on Information Security and Privacy (WISP2008), December 12th, 2008. Paris, France. “Beyond Option Based Investment Decision: A project Management Approach to System Valuation.” With Jin Young Han. In the International Conference on Information Science and Applications (ICISA 2010), April 21-23, Seoul Korea. “Precision Agriculture in the Dairy Industry: The Case of the AfiMilk® System.” With Ron Berger. In the 16th Americas Conference on Information Systems (AMCIS 2010), August 12-15, Lima, Peru. “Knowledge Discovery from Satellite Images for Draught Monitoring in Food Insecure Areas.” With Getachew Berhan and Solomon Atnafu. In the 16th Americas Conference on Information Systems (AMCIS 2010), August 12-15, Lima, Peru. “The Impact of Security Breach Announcements on the Market Value of companies in South Korea.” With Jin Young Han and Shina Kim. In the Fifth Pre- 10