Computer Science

David Thaw
Visiting Assistant Professor
School of Law, 
University of Connecticut 
The Efficacy of Cybersecurity Regulation




This paper examines two categories of information security regulation and presents the results of an empirical study comparing their efficacy at addressing organizations’ failures to protect sensitive consumer information.  It uses quantitative data on security breach incidence and qualitative data gathered from interviews with key Chief Information Security Officers.  The quantitative analysis reveals that a combination of the two types of regulation is substantially more effective than is either alone.  The qualitative analysis describes the effects of each type of regulation on the role of technical security professionals.  Additionally, the qualitative analysis suggests that a lack of agreement and/or regulatory guidance as to what constitutes “reasonable” security hampers security professionals’ ability to advise organizations properly on achieving regulatory goals.  Based on these analyses, the paper presents policy recommendations designed to improve the efficacy of information security regulation.


David Thaw is a Visiting Assistant Professor at the University of Connecticut School of Law. David's research and scholarship examines the regulation of Internet and computing technologies, with specific focus on cybersecurity regulation and cybercrime. 

Prior to joining UConn, David was a Research Associate at the University of Maryland Department of Computer Science and the Maryland Cybersecurity Center.  David also practiced cybersecurity and privacy regulatory law at Hogan Lovells (formerly Hogan & Hartson) and was previously a Postdoctoral Fellow at Yale Law School. 

David received his J.D. in from Berkeley Law.  He holds a Ph.D. in Information Management and Systems and a M.A. in Political Science from UC Berkeley, as well as undergraduate degrees in Government and Computer Science from the University of Maryland.  David is also an Affiliated Fellow of the Yale Law School Information Society Project.


Additional information is available at:

Host: Prof. Joshua Guttman

Refreshments will be served.


Description: Description: [WPI]Description: Description: [Top]