Review: 2023 AACSB International Conference and Annual Meeting

Sunday, April 23th, 2023

  1. 9:00 AM – 9:55 AM CT
    • Associate Deans and Online Learning Affinity Group Meeting
      • ChatGPT and Education: Illistration of the Impact of Generative AI
        • Pros:
          • Can be used as a learning tool
          • Can be used to overcome languge barrier
          • As a tutor (I like this one):
          • For brainstorming (I like this one)
          • To correct programming code
          • To improve writing
        • Cons:
          • Can be used to cheat
        • Academic Integrity: Communicate with students about expectations; Include a syllabus statement
        • Speaker performed a demo, asking ChatGPT to review an academic paper in which it did provide a limited review. He also generated an abstract on the fly. He also demonstrated its use to create wedding vows as well as a demonstrated how ChatGPT was used to generate a series of break up texts in which a woman wanted to break up with her boyfriend and let him off as easily as possible.
        • The next speaker was a finance professor that shared his evaluation of responses to various financial questions. Some questions were more general about processes and how to make certain evaluations. Responses were mostly correctly though some detail was missing. Then he moved on to more specific, calculable questions; from easy to hard. It did well on easy and intermediate problems. However, it tended to stumble with more nuanced questions. His conclusion was that it can get students headed in the right direction but it won’t get them all the way. Students still need to “think”.
        • The session broek into groups to discuss ChatGPT and identify one positive and one negative.
          • Keldon brought up the point that ChatGPT affords us as professors to update our assessments and return to a time in which we ask deeper, more thoughtful questions that are…currently, beyond the scope of ChatGOT. Learners may use ChatGPT to learn and work with foundational knowledge but then be required to apply it to those deeper thoughts.
          • Another professor, a new dean somewhere, mentioned that he requires learners to submit their ChatGPT prompt which he can then evaluate how learners are formulating their questions to help them improve their ability to define a problem and obtain a solution.
            • ChatGPT Inquiry: How can requiring learners to submit their chatgpt inquiries help professors evaluate their ability to forumate a problem?
            • ChatGPT Response:
            • Requiring learners to submit their ChatGPT inquiries can help professors evaluate their ability to formulate a problem in several ways:
            • Clarity of expression: By reviewing students’ ChatGPT inquiries, professors can evaluate the clarity of their expression. They can assess if the student has clearly articulated the problem they are trying to solve, and if they have provided enough context and details for the question to be understood.
            • Precision and specificity: Professors can evaluate if students have formulated their questions with precision and specificity. Students who can formulate their questions with clarity, specificity, and precision are more likely to identify the key concepts and issues related to a problem and are better equipped to find effective solutions.
            • Identification of relevant information: By analyzing students’ ChatGPT inquiries, professors can evaluate whether they have identified and included all the relevant information necessary for understanding the problem they are trying to solve. Students who can identify and include all the relevant information demonstrate their ability to think critically and solve complex problems.
            • Creativity: ChatGPT can generate responses to students’ inquiries that may require students to think more deeply about the problem they are trying to solve. Professors can evaluate the creativity of students’ inquiries by assessing how they have used the information provided by ChatGPT to generate new insights or approaches to solving the problem.
            • In summary, requiring learners to submit their ChatGPT inquiries can help professors evaluate their ability to formulate a problem by assessing their clarity of expression, precision and specificity, identification of relevant information, and creativity.
        • Elon Musk: “ChatGPT is scary good”. Based on the above output, I’d say he is right. In fact, when I inserted that quote into ChatGPT, it thank me..but also ackowledged the fears that some may have and shared that it is unable to harm people and designed based on ethical principles.
  2. 11:00 AM – 11:55 AM CT
    • Digital Transformation Affinity Group: Focus is on ChatGPT and Google Bard and how these tools may impact our curriculum.
    • Lots of pontification of the threats…and benefits of ChatGPT. The general consensus was that ChatGPT is here to stay and they we, as educators, need to figure our the best way to live with it. “Live with it” meaning exploring ways to leverage it as a learning tool. Derrill shared one of his experiences leveraging ChatGPT to explore a specific research question related to the Great Recession, having students utilize ChatGPT, reviewing the results, verifying and identify proper citations. He referenced a paper that used ChatGPT as a brainstorming tool which had the most success compared to other approaches.
    • NOTE: This is the second session in a row that brought up the issue of utilizing ChatGPT as a brainstorming tool.
    • Derrill, and a few other participants noted that when complex questions with specific detail included in the prompt is necessary, that ChatGPT often simply mimics the input, rearranging key words from the prompt to develop a response.
    • One participant mentioned that they use ChatGPT for understaffed functions such as student recruitment and social media posts to help generate content.
      • NOTE: Reach our to Ryanna to have her review this as a potential tool for these purposes
    • After the slide below, the discussion moved towards discussing Internal Governance, specifically policies in place for faculty, staff, and students regarding the use of AI.
  1. 12:00 PM – 1:30 PM CT
    • Graduate Business Education Affinity Group Meeting: Strategic Enrollment Management for GME: Best Practices and Innovation”
      • At the time of this writing, the slides were not yet made available through The Exchange. But, it seems like their slide deck is full of useful information.
      • They are looking at this from a traditional marketing funnel perspective through which they described different levels to help steward prospective students from awareness to conversion to students.
      • Applications ususally include:
        • Transcripts
        • Application Fees (up from $42 to $65 on average)
        • A little under a 1/3 were first generation students and significant increase in international students and a slight decline in those from a military background.
        • More women represented
        • Younger people being represented
        • Still a large gap for minorities with trend being flat or down
        • 3.3-3.4 is the average GPA
        • GMAT/GRE showing downward trends in terms of average scores
        • Most undergraduates are from business, enginnering, marketing, information systems
        • International applications up more that U.S. applicants. Note, this does not mean students, these are applications.
        • Target X is one of the top 3 in use; Outside of the top 3, everyone else is super small. So, we are good with respect to using a widely used CRM.
    • They broke up into break out sessions to discuss:
      • Staffing, Management, & Leadership: Number of advisors (they reporting in some instances of 1000 students per advisor); some use faculty. Stats are reported for undergraduate ratios but NOT for graduate advisors. Offering professional development for advisors to help them be a part of the profession. Another challenge is the incoming background of their MBA students (i.e., those that lack business background). ALso, recruiting (i.e., SEO, work with organizations in the area, certificates to encourage companies to pay for, double count undergraduate/graduate hours, etc.)
      • International Student Recruitment: Helping students to acclimate to new social environments.
      • Granular Process Analysis:
        • Working with the university is a hastle
        • Outdated application processes
        • Working with Marketing for approvals to promote programs is difficult
        • No longer requiring the GMAT
        • Rolling admissions. Both of these last two bullets, something we have doen for some time now, appear to be effective practices based on input from other schools that have started implementing these policies.
        • Prospective students do not want to hear from sales people, they want to hear from actual faculty.
      • Pipeline Development-New Audiences:
        • Flexibility
        • Stackables are not working out the way they want to. Customized demand is proving too difficult to implement
        • Specialized programs seem to be increasing in demand
        • Hybrid appears to be on the rise (i.e., some online, some face to face)
        • Encouraging undergraduate students to continue through graduate programs through grants, scholarships, etc.
    • Pipeline Development-Traditional Audiences:
      • This is the one in which I participated. Seems like other schools, mostly in the Illinois area, are reporting declining f2f enrollment. We are moving in the wrong direction.
      • Key concerns of attracting traditional audiences. Students are asking for flexibility (i.e., they want face to face, on Tuesday nights, during odd weeks that are on even dates…if they don’t have anything else conflicting). They say they want face to face but ultimately, that is not what they end up wanting. Other programs reporting real challenges in the opposite direction of our challenges.
  2. 1:00 PM – 1:55 PM CT
    • Responsible Management Education Affinity Group Meeting
      • Noted the U.N.’s sustainability goals and that with approximaltey 1/3 or 70 million graduates with an undergradaute or gradaute degree in business each year, we have a real opportunity and responsibility to have a positive societal impact.
      • PRME Roadmap:
        • Curriculum Change
        • Skillset Development
          • The way curriculum is brought into the classroom.
          • This is an oldschool approach and we, as educators, need to be able to update our own skillsets to engage students in a way that better prepares them for the workforce.
        • Practical Relevance
          • We must link together/tie our classroom concepts to real world, practical applications. Teach students to apply their theory.
        • Global Impact
          • Positive societal impact; Sharing success stories so that all may benefit by communicating successful practices.
  3. 3:30 PM – 4:15 PM CT
    • Collaborating for Innovation: A Conversation with Business School Partners
      • Single modality program offerings used to be the major consideration. Today, deterimining rapidly changing demands in different modalities is necessary and those that handle this well are flat or growing whereas others focused on a single modality tend to have dropping enrollments. She did not say it, but my impression was that she was referring to those only offering face to face.
      • CapSim representative mentioned the growing challenge/emphasis on softskills.
      • Trends: Curricular agility-Pivot the uniqueness of programs to provide learners with authentic, emersive experiences for their students. Think simulations that can be used to present high-fidelity experiences for learners to teach students real life or real life-like case studies. There is also a rise in interdisciplinary programs. Shift to online, multi-model course offerings. Gave an example of MBA online program being offered to international students LOCATED abroad.
        • ACTION ITEM: LOOK into this!!! Idea, work with the international office to identify the most appropaite country, work with Triss to create targeted ads, grow like hell!
          • Emailed International Office to begin thisline of inquiry.
      • We need to get better at marketing our programs online; understanding our customers (i.e., learners, prospective learners, and other stakeholders).
      • Audience member asked about faculty training for various technology applications in the classroom.
      • CapSim representative pushed more than once, the idea of a pre-test and post-test over those higher orders of thinking (i.e., critical thinking, communicaiton, etc.) as becoming more important to businesses.

Monday, April 24th, 2023

  • 9:30 AM – 10:30 AM CT
  • 11:15 AM – 12:00 PM CT
    • (A1) What Should Business Schools be Doing Today to Stay Relevant?
      • We have shifted from a generalists mindset to more of a specialist’s mindset. Recruiter indicated they are recruiting for targeted skills.
      • There is a need to shift academic research to deal with the grand issues faced by society today. A review of top management journals indicated that only 3% are tackling these issues.
        • I think this is where Keldon’s idea of incorporating the UN’s SDG’s as keywords for articles is a good idea but I am not sure it is enough. I think we need to emphasize among faculty to considering these kinds of issues before they even begin or at least as they begin to formulate their research problem. Additionally, we need to move beyond this to incorporate the UN SDG’s into the curriculum, perfect timing for our review of our BBA core.
      • We have to engage learners through technology as well as through innovative pedagogies such as helping learners travel to locations to learn about a business, country, etc. Bring education to those with disability to meet them where they are.
        • Dean from Shanendoa indicated that their curriculum is “boring”. She wants to invigorate it while maintaining the essence of what is important in a graduate education. Sounds liks a similar issue we are facing.
  • 1:15 PM – 1:45 PM CT
    • Beta Gamma Sigma International Honoree: The Power of Partnerships
      • Presentation by Stephanie Stuckey, CEO of Stuckey’s. She explored the story of her grandfather starting and growing the Stuckey’s brand to it being sold off and nearly driven into non-existence. She purchased ownership in the company and has begun to turn it around.
      • Stuckey’s was NEVER segregated. Build an identity with high ethics.
  • 2:00 PM – 2:45 PM CT
    • Partnering for Impact
      • Colleges of Business have always had “impact”. They have created graduates that go out and earn a living and serve as economic drivers. Perhaps it is the languate. But today, there is a shifting definiion of “impact” and this is what we need to get behind. Partnerships with the community are important in order to avoid transactional relationships.
      • Partner with local non-profits to get local non-profits to agree to allow students to shadow their people (i.e., managers and so on).
      • Must find ways to appropriate reward and incentivize different types of impact so as to not reward/punish disproprotionatly different groups. We need money to do this.
      • Keys:
        • Identify a core group of faculty that are interested in impact. That way, they are personally intersted.
        • Be willing to experiment and try things.
        • Culture: What is it that we wish to do and achieve institutionally? Build a culture of impact through involvement.
  • 3:30 PM – 4:30 PM CT
    • AACSB Officers’ Remarks and Annual Business Meeting
      • AACSB’s current CEO is stepping down and search is underway. It is anticipated that the new CEO will be announcenent within the next few weeks.
      • AACSB is increasing its dues, requiring discussion and a vote. It was 2017 the last time there was a rate increase. The fees include membership fees, accreditation fees, site visit fees, etc.
      • Two votes: all voting member and educational members
        • The increase passed.
      • AACSB REALLY needs to update their voting mechanism. Consider Poll Everywhere. The printed paddles are inconsistent with sustainability efforts and the manual process of counting screams a lack of innovation, something that AACSB has been championing. Please, please, please come inot the 20th century, if not the 21st.
  • 4:45 PM – 5:30 PM CT
    • Fixing The Research Culture
      • Ended up not attending but based on Derrill’s feedback, I did not miss much.

Tuesday, April 25th, 2023

  • Document notes over Knack Tutoring
  • Document notes over Ivey Software to replace our leveling classes
  • 9:30 AM – 10:15 AM CT
    • Upcoming CIR Accreditation Visit Q&A
      • Someone asked about “mature” schools having an extended review period (i.e., 7 years instead of 5). While the board considered this, it was decided to stick with the current 5 year review. One speaker shared that AACSB is not the sign of a high quality school but rather, it is a sign of continuous process improvement.
      • PRT’s want to see faculty credentials organizaed by disciplines. This is a seperate issue from organizational structure. In other words, we can organize however we wish. But we need to be able to demonstrate that our faculty meet the appropriate credentials and scholarly status, by discipline.
      • COVID impact statements are going away after this current cycle (i.e. those entering the 5 year C.I.R. cycle this after year). After 2027-2028 cycle ends, COVID impact statements will no longer be required.
      • Use the PRT report with the adminisration to leverage for more resources.
      • NOTE: During the session, they also included a flier that shared a new program in which AACSB will conduct Private Seminars for schools. Keldon and I thought that it would be useful to perhaps do this twice fo rour faculty; once soon and another right before our C.I.R. visit.
  • 10:30 AM – 11:30 AM CT
    • Keynote II: Overcoming the Resistence that Awaits New Ideas
      • Fuel forces that incite change vs. Friction forces that slow/stop change
      • Gave an example of a furnature retailer who ran into the problem of increasing advertizing that did not result in an increase in sales. After exploring the problem, they determined that the real issue was that customers delayed purcahsing until they could figure out what to do with their old furnature. The solution was simple: promote that the company would remove the old furnature for the customer.
      • “Does the idea represent a major changr frmo the status quo”
        • Reduce the tendencies to differentiate ideas and emphasize the similarities to how new ideas are similar to old ideas.
      • “What is the cost of implementation?”
        • Provide a roadmap. Show people where they are in a process (i.e., Question 1 of 3).
        • Always provide an agenda bacause we are reducing friction by sharing with users what they can expect
      • What negative feelings might the idea produce in others?
        • Make sure you kow the emotional reasons people buy your good or service.
      • What business are you reall in?
        • Friction of reaction: The idea that pushback occurs simply as the result of being told what to do.
        • For reactants, more data does not help. Rather than trying to convince them with more data, invite them into the process to help design a solution to the problem that is faced.
        • Frame everything, not as a new policy but rather, a new experiment.
        • Ask instead of tell.
        • Four elements of Friction: Intertia, Effort, Reactance, Emotion (Read his book)
          • David Schonthal
  • 12:00 – 12:45 PM CT
    • (C4) Industry Session: Move the Needle with Virtual and Virtual Hybrid Classroom Software
  • 12:45 PM – 1:30 PM CT
    • System 2 Thinking: Move from System 1 (Directive Change) to System 2 (Collaborative Change) where the people you want to keep want to stay and the people you want to leave, do.
    • DxVxFxS>R
      • D: Disatisfactions
      • V: Vision
      • F: First Steps
      • S: Supporting Mechanism
    • I want to meet with you instead of we need to have a meeting. It says I want to meet with “you”! Participants are more likely to engage in the activity. Coming together to do work that matters.
    • You have to go slow to go fast
    • If you want to go fast, go alone. If you want to go far, go together.
    • 6 Rules: Only do together, what you can only do when you are together
  • Three questions: ask these every time: purpose, who, conversation
    • Flip it: Asynchronous tools to unleash synchronous moments
    • Event Design Teams: Include the participants in agenda creation
    • Systemic Breathing: Connect individual group whole
    • Enabling Constratints: Use collaborative change techniques
    • Model it all the way: Practice What You Teach



  • AACSB is ISO Certified and as part of that effort, conducts satisfaction surveys and anything under 90% they work to address.
  • Begin working on CIR so that we have a better idea of what the content/expectations are and can make adjustments as necessary to meet the 2020 standards and prepare for the accounting supplemental accreditation.

Review: 2022 AACSB Americas Accreditation Conference

Wednesday, September 14th, 2022

  1. Supplemental Accounting Accreditation Q&A:
    • Join this session to learn more about AACSB’s supplemental accounting accreditation for schools interested in an elevated quality assurance system for their accounting programs.
    • Why pursue supplemental accounting accreditation?
      • Recognizes the unique aspects of accounting as a profession
      • Signals quality to stakeholders and potential students and faculty; Speaker specifically identified international students and their valuation of accreditations being more than what he has observed from domestic students.
      • Other: Question was asked whether accounting firms found additional value in the supplemental accounting accreditation. The general consensus was no but that having the general AACSB accreditation did make a difference.
    • Accounting PRT’s usually include both an accounting academic as well as a practitioner. In other words, make sure that you have both perspectives represented in faculty, curriculum, documentation.
    • 2018 Accounting Standards largely align to the 202 Business Standards. You can save time and effort by referring to the business report in the accounting report. There are three general areas.
      • Area 1: Strategic Management and Innovation for Accounting Academic Units
        • Standard A1: Accounting Academic Unit Mission, Impact, and Innovation
        • Standard A2: Accounting Intellectual Contributions, Impact, and Alignment with Mission
        • Standard A3: Financial Strategies and Allocation of Resources
      • Area 2: Accounting Learning and Teaching
        • Standard A4: Accounting Curricula Content, Management and Assurance of Learning
        • Standard A5: Information Technology Skills, Agility and Knowledge for Accounting Graduates and Faculty
      • Area 3: Accounting Academic and Professional Engagement and Professional Interactions
        • Standard A6: Accounting Faculty Sufficiency, Credentials, Qualifications and Deployment
    • Accelerated Path: Designed for schools that were already AACSB accredited and streamlines the process. It reduces redundance in reporting, reduces cost, etc. They skip the eligibility application phase and skills the SER report. Still have a mentor, iSER that speaks to the six standards, and write an accounting CIR report and prepared for visit. Saves a lot of time and approximately $8000 in fees. The accounting accreditation committee (AAC) meets three times a year. Documentation is due two months before they meet.
      • Contact staff liaison (I am assuming Rachel) to discuss interest. They will assign mentor if we wish and give us the timeline.
      • Timeline for iSER is, for us, approximately 2-3 years out for a CIR in Summer 2027.
      • My take-away is that we can clearly do this but need support from the administration in terms of hiring.
  2. Continuous Improvement Review Accreditation Q&A:
    • “New” standards appear to be performing well; great consultative emphasis for CIR visits creates added value; Schools committing to societal impact and greater emphasis on strategic planning (this is growing in importance, the leveraging of the strategic plan – make sure we continue to address this).
    • Challenges include communicating the school’s impact story from a strategic point of view as opposed to an ad hoc manner; providing a focused approach to societal impact and selecting measures; identifying the “right” disciplines for tables 3-1 and 8-1; overlooking key element in strategic plans (KPIs, Targets, etc.) and not including societal impact in the plan as required in Standard 1.4; understanding the nuances of Standard 3 (faculty ratios).
    • Pay attention to the notes left in our initial accreditation document. The CIR team will focus on those items and looking for us to have addressed them.
      • Write a great report; outlining who you are, identifying what identifies the school and programs, how the mission is embodied within daily operations, etc. Share the report with the team (i.e. faculty, staff, students, business advisory board).
      • Include accurate and complete tables (integrity)
      • Work closely with PRT Chair (Collaborative)
      • Plan the logistics of the visit, scheduling relevant groups, requesting consultative guidance, have multiple contributors during meetings, etc.)
    • Make sure that societal impact is an overarching strategy that flows through the daily activities of the school (i.e. mission, curriculum, events, etc.).
    • Additionally, more significant efforts in strategic plans are expected. Fluff is no longer acceptable; rather, they want to see KPIs, measurable targets, etc. We need to refine this aspect of our plan.
    • The session moved to a Q&A mode; Dr. Lynn Richardson asked about the importance of research quality. The response was that research quality expectations should be tied to mission. Tie/Explain this through the narrative, linking the quantity and quality of research to the school’s mission. The narrative in the CIR is important; it needs to tell the story…and I am adding this, but you need a story to tell.
  3. Keynote I: The Future of Higher Education – A Time for Leadership
    • Speaker: Scott Van Pelt: Demographic, technological, and economic demographics represent forces that are forcing the need for change. In his book, they looked at the history of higher education (backwards, forwards, and sideways) and out of that, were able to identify found new realities:
      • The ongoing proliferation of new distributors and providers:
        • Coursera’s rapid rise is a prime example. But other competitors include companies like Google that offers certification 100% online. They have partnered with major employers to help “graduates” advance their careers. These programs are flexible and low cost.
      • The demand for any time, any lace education:
        • Traditionally, fixed time, fixed location, bundled. Now, on demand, flexible, unbundled. Right, wrong, or indifferent but online is where it is at due to the flexibility of location, time, etc.
      • The rise of just in time education:
        • Short-term, agile learning experiences that can be immediately applied in a person’s current job. Within the medical field, knowledge doubles every 73 days. This is much short that the quote from 20 years ago that more broadly stated that it doubles every 18 months. Automation continues to replace task-oriented skills. Half of time spent on current job tasks could be automated within the next 10-20 years.
        • This means we have three new needs: industry partnerships, new credentialing models, and lifelong learning. Employers are increasing expecting employees to upskill while in the job; there was a significant increase from 6#% in 2018 to 94% in 2020.
      • A pivot from inputs to outcomes
        • We must update our traditional teaching practices (i.e. from the traditional lecture to more experiential learning opportunities). Utilize SMEs, learning science experts, instructional technologists, and data-driven roles each come together to create learning design. Think self-paced learning to that learners that need more time, have it while those that need less can complete their assignment, module, etc. and move on to their next task; creating outcomes as the constant rather than time. Perhaps setting assignment goals where a learner must score at least 80% before they can advance to the next assessment?
      • More discussion of badging and micro-credentials. The speaker related current traditional programs to that of the music industry and albums. Disruptive technologies altered that reality to create digital sales of individual songs. He believes that education is headed in a similar direction.
      • What they know, what they can do, evidence of achievement leads to digital learner-owned credentials.
      • Discussed equity issues, stating that we need to address access disparities, stating that African American access to high-speed Internet access is roughly 8% lower than for whites while Latinx access is approximately 15% lower. We need to develop curriculums that keep this in mind as we develop programming.
  4. Altus Assessment – Moving Towards More Holistic and Standardized Admissions in Business Education
    • Challenges include fully and fairly reviewing applicants, ensure diversity, etc.
    • GPA “can” be a good predictor however, grade inflation, working students, etc is challenging
    • Personal statements are problematic as are reference letters. They are poor predictors of student success. Standardized tests represent a hurdle that may unfairly impact some student segments.
    • Life experience, leadership background, and potential can represent more equitable admissions per an AACSB article.
    • Casper that assesses social intelligence and professionalism; Snapshot communication, and self-reflection.
      • Situational Judgement Tests (SJTs): provides insight into how learners may react in hypothetical future situations.
      • Their exam prompts prospective students with videos and/or textual prompts to which learners respond in the form of short essay responses. Takes approximately an hour.
      • Each scenario is scored by multiple raters to come up with an aggregate score, approximately 2-4 weeks as the assessment is administered.
      • WIth 9 scenarios, learners receive an average score across 9 scenarios scored by 9 different raters.
      • Applicants can be ranked based on a formular, rubric, and qualitatively.
      • Casper measures a LOT of constructions including collaboration, communication, empathy, etc.
    • Snapshot is their other soft-skills tool they use to measure soft-skills of prospective learners.
      • Communication, self-reflection, and motivation
      • Applicants record their responded as short videos
      • Similarly, scored by multiple raters
  5. (A2) Upskilling and Reskilling Your Faculty – Overcoming Resistance to Change
    • Upskilling and reskilling is not an option, it is a must due to experiential learning and student competitions, continuous improvement, outreach activities, corporate engagement, and online learning. These things require that faculty continuously upskill and reskill to stay current and relevant.
    • Faculty are resistant to change due to:
      • tenure system
      • educational industry
      • workload (i.e., teaching, research, and service)
      • culture
    • Overcoming Resistance to Change:
      • Annual faculty report (points based on various activities to help ensure/encourage “merit”/raise eligibility)
      • Recruitment Processes (mix of tenure track AND fixed term faculty)
      • Faculty Development: Sending faculty to workshops in areas the school wishes to develop and emphasize (i.e., case writing workshops).
      • International Exposure:
      • Students’ Online Evaluation: Consider including informal evaluations as well where students may add additional detail beyond the traditional university evaluation tool.
      • Center of Learning and Teaching (CTL): New faculty MUST complete training at CTL: Perhaps we could do this with ACUE/QM?
      • Second SPeaker:
        • Peer Faculty Learning
        • Grad/MBA Mentor/Coach
        • New Online Course Series
        • Annual Faculty Activity Report:
          • Provides faculty the opportunity to articulate how their efforts help the college and university achieve their mission.
  6. (B3) Engaging Stakeholders & Framing Processes for a Successful Accreditation
    • Did not get a lot of out this session, presumably because of our recent accreditation efforts
    • One cool thing they did though was to include links in their accreditation documents to their annual magazine/newsletter that includes lots of societal impact examples. So, rather than reinventing the wheel, they could simply point back to those already created sources which helped tell their story yet managed the work effort.
      • My takeaway is to make sure we archive our newsletters for use in future reports
      • Consider making sure that we include stubs within our newsletters to make sure we are capturing that information all along that is aligned with AACSB items.
    • You need strong leadership (voice) to champion accreditation efforts
    • Broad engagement: combine standing committees with short-term task forces which make things seem more attainable
    • Attend AoL Seminars I&II
    • Attend Continuous Improvement Review seminar
    • Attend Societal Impact seminar
  7. (C1) Where do Indirect Measures Fit In?
    • Direct vs Indirect Measures:
      • Direct: Require observation of student work, performance based, samples of student work, individual level, granular, identify specific problem, non-student assessors
      • Indirect: Do NOT observe actual student work, opinion-based, for a general population of students, can be group-level, can be global, identify general issues, students can be assessors
    • Learning analytics systems are essentially indirect measures (i.e., Canvas Analytics regarding student performance, data from EAB, etc.). We have LOTS of data in various systems around campus, but it is not utilized to its full potential.
    • Define, capture, report, predict, and act (Campbell, 2007)
    • Consider adding indirect measures to end of course evaluations (perhaps AoL measures)
    • Consider pulling indirect measures from Canvas
    • Hire/assign student workers reach out to alumni, complete alumni surveys, etc.
    • Our First/Next Destination Surveys seem to be really on target with the data collection we are doing relative to the conversation I had with representatives from six other schools at the table at which I was seated.
    • One of the speakers made a reference to being very careful when using indirect measures only to assess a program. Such programs need to be small, niche, specialized and likely use multiple indirect measures to evaluate that particular objective.
    • We could also use data regarding student suspensions, EAB data related to advising, interventions, etc., data from our students attending the accounting lab, etc.
    • Karen Tarnoff, one of the presenters, provided an example of placing tutoring outside of classrooms on days in which exams were administered, noting that as students were leaving, they were much more likely to become aware of and later utilize those resources later in the semester and in subsequent semesters once that resource stared them in the face after that initial poor performance.

Thursday, September 15th, 2022

  • AACSB Advocacy and Thought Leadership
    • Advocacy: Platforms to amplify
      • Advancing Value: Brand the AACSB logo everywhere (i.e., on the website, in fliers, etc.). Leverage it to raise brand awareness.
      • Answer these questions:
        • Why did your school pursue AACSB Accreditation?
        • Who benefits from the process?
        • How has the accreditation process (or CIR) enhanced your school?
          • Value and ROI:
        • What impact are you making?
      • Review AACSB resources; specifically Influential Leaders (to spotlight influential alumni) and Innovation That Inspire (to share innovative, engaging work being done within the college)
      • Hashtag and tag AACSB in social media posts. For example, the hashtag for this specific conference is #AACSBaccreditation.
        • Their most engagement is occurring through LinkedIn
    • Thought Leadership: Content to Share:
      • Range of research, actionable insight, and multi-media content on trending and important topics relevant to business education and its stakeholders. Information related to this come from all over the place and is disseminated through various channels.
      • Engaging in thought leadership is important because it keeps you current, encourages continuous improvement, etc. (See slides for more examples).
        • Review AACSB Insights for lots of Thought Leadership content
        • Review AACSB Recent & Notable for content related to societal impact, DEIB, lifelong learning, etc.
        • Upcoming content will cover New Value Proposition for Business Education, Societal Impact Thought Leadership, and Edtech Readiness
  • (E1) Learner Progression and Student Success
    • Standard 6: Learner Progression
    • As part of their strategic plan, they developed 9 “clusters” to address over the next 5 years. Some of these were specifically tied to learner progression and student success.
    • Diversity Cluster Metrics to Track:
      • Representation; Retention; Recruitment; Selection; Promotion; Development; Pay & Benefits
    • Student Engagement Cluster
      • Student engagement survey which includes mental health, food security, time spend at Tarleton outside of class time questions.
      • Design undergraduate degrees with more flexibility
      • Increase faculty and admin knowledge of students support services (i.e., training faculty how to respond to student in distress or similar mental wellness training by x date
      • Student support lunch and learn
      • Deep reflection on internship experiences
      • Faculty survey on student interest in engagement
    • Dr. Melinda Cline: Utilized LinkedIn to interact and engage with alumni; Utilize Advancement Alumni Data Sheet to help guide questions (this could be useful for updating our First/Next Destination Surveys as well as follow up surveys).
      • She handles this largely manually by calling them directly; when she does not get ahold of them, sometimes she will connect to them through LinkedIn to make the connection there; She gets about a 40% success rate with two contacts at which point, she moves on.
      • They get rich feedback (NOTE: Ask about preparedness for the work force and/or graduate school) about salary ranges, employment status,
      • She recommends a dedicated faculty member with release time, LinkedIn great tool but often not current, alumni are interesting to talk to, many contemplating graduate school but need personalized advice, many want to engage/give back (direct to web site); provide guidance (i.e., Career Service) if they are struggling.
      • If they feel like they did not learn everything they needed to learn, ask them what they would have liked to have learned more about to help your program improve and adjust to changing needs. Her findings found they want more career readiness skills, internships, career services, studies abroad, and brand awareness and promotion (with employers) to help raise the value of their degree with the people that are writing their paychecks.
      • Long story short, alumni tend to love their school. But, often, they are not able to leverage how their degree provided value and helped to leverage/improve their position. We MUST teach them the value of their degree to help them make that translation to improve their satisfaction with attending your school.
  • Keynote II: State of Accreditation Discussion with Stephanie Bryan



  • AACSB is ISO Certified and as part of that effort, conducts satisfaction surveys and anything under 90% they work to address.
  • Begin working on CIR so that we have a better idea of what the content/expectations are and can make adjustments as necessary to meet the 2020 standards and prepare for the accounting supplemental accreditation.

2022 ACBSP Conference

Thursday, June 17, 2022 from 8:00-12:00: Preconference refresher of peer review team training. I had not registered and missed some of the preliminary content presented the day before. Was useful for catching up on a few emails as picking up a tidbit or two related to writing high quality Opportunities for Improvement. (OFI’s). Having said that, I was able to serve on an ACBSP Peer Review Team (PRT) and found it to be interesting and a great learning experience. I would highly recommend completing this training in full and volunteering to serve on a PRT.

Thursday, June 17, 2022 from 12:00-1:00: The conference started with a networking lunch. Met Dr. RJ Podeschi ( of the Tabor School of Business at Millikin. He is the Dean there and knows Jason Sharp.

Thursday, June 17, 2022: 1:00-1:45: Measuring Social Media Marketing’s Impact on HBCU Graduate Programs presented by Dr. Terrell Strayhorn. Great presentation over leveraging social media on a budget to promote graduate programs. I have reached out to him to share his presentation

  • Examine social media profiles to make sure they reflect what we want about the college
  • Use hashtags for internal use and @s to promote/encourage others to share relevant posts (i.e. make it easy on them to be able to share;)
  • Posts should include why? What? When? Where? Why? (how?)
  • Post early and often. Early refers to posts having plenty of lead time as it sometimes takes times for awareness to build as shares proliferate.
  • Acknowledge new followers and likes by responding directly to them. This helps to engage them and gets their contacts/followers to engage.
  • To help promote on LinkedIn, their dean created a blog post that they shared on LinkedIn. They found this useful for recruiting.

Thursday, June 17, 2022 from 2:00-2:45: Leadership Development & Networking

Thursday, June 17, 2022 from 3:00-3:45: Engaging Gen Z: Presenter was unable to make it and referred us to their presentation. Posted a video presentation in the app.

Thursday, June 17, 2022 from 4:00-5:00: Thought Leader – Developing Resilient and Empathetic Leaders through Higher Education by Dr. Kasthuri Henry, CEO of KasHenry Inc. in Chicago. Empathy is key. Employers are valuing this more than ever. The “other” imperative skill learners need to develop is resiliency. Use Bloom’s taxonomy to to leverage learning. We can not afford to teach undergraduate and graduate students high school levels of cognition. We MUST advance their learning to cognition levels seen in the workplace (i.e. apply, analyze, evaluate, and create). The Resiliency Playbook (speaker’s book) is built around the empathy framework of self-awareness, social awareness, self-management, and relationship management. She shared a story that essentially served as the “five-whys” to get to the root cause. Relate our experiences to learners, facilitate experiential learning. Don’t forget that every student counts. We cannot ask students that one day make a name for themselves if we do not show them we value them when we have them in class.

Saturday, June 18, 2022 from 8:30-9:15: How to Scale Experiential Learning in Business Education. Stakeholders are looing at business schools to produce “career-ready” graduates. Only 34% of students feel prepared for the job market. Employers also feel like most students are not career ready. There is a disconnects between what students think they are good at and what businesses think they are good at particularly for leadership, communication, and listening. There is a growing desire by employers to hire those with soft-skills. Traditional internships are great in terms of “experiential learning” but it is difficult to scale due to limited number of interested students, employers, etc. In 2021, 21% reported taking an internship. 25% of students that DO have internship experience, have a less than satisfactory experience with that internship. 67% of students interested in internships cannot participate in one (equity). CapSim and other simulation tools can help expose students to experiential education at scale. CapSim Inbox Platform allows students to be put into various roles within a simulated environment (i.e. finance, marketing, etc.) to measure a variety of soft skills such as communication, leadership, initiative, etc. For example, they may have to respond to an email from their CFO to address a task. The student’s response to that email is evaluated.

Saturday, June 18, 2022 from 9:30-11:00: Annual Business & Town Hall Forum. Nothing of significance to report. Basic business of the association including recognition of award recipients, nominations and voting on leadership changes, etc.

Saturday, June 18, 2022 from 11:15-12:00: Improving Student Learning Through Assessment Data Analysis. Shifted to a two-year cycle to ease pressure of constant data collection. They use Excel spreadsheets. Introduced curriculum map (looks almost identical to the ones we do – including courses and objectives and introduced, developed, mastered, assessed). They use a simplified analysis template as a mid-year review to require them (faculty) to review their action plans/implementation throughout the year rather than waiting until the end of the year. They use a variety of data tools including Peregrine Reports, Python, SQL, LaTeX, Power BI, SSRS, and R Studio. They are using Power BI to present the data which helps them to demonstrate that data to faculty where they can filter in various different ways to identify trends/issues. They also use statistical packages to analyze the data. Power BI needs to be a priority as it will let you combine or slice and dice which would be good in terms of measuring/assessing concentrations, different majors, etc. to comply with different requirements from ACBSP and AACSB. They also include faculty type (i.e. adjunct/full-time). We could consider adjunct/full-time as well as SA, PA, etc. We also want to include by department but I think this would be covered by including their major? We need to think about this.

Saturday, June 18, 2022 from 12:00-1:00: Networking Lunch. Sat with Steve Parscale and a few others. Followed up on Rusty’s earlier conversation with him regarding the need to assess concentrations. This is particularly relevant given our recent launch of the MS: Management program that contains multiple concentrations. I believe that a great solution is outlined above and the direction in which we are heading; a zero-credit course to be taken during a student’s final semester. Along with the assessment data collected, it would have to be cross-referenced with each student’s major and if relevant, concentration.

Saturday, June 18, 2022 from 1:00-2:00: Keynote Speaker: New Higher Education Imperative. Stakeholder Capitalism. Stressed the importance of serving the broader definition of stakeholders in a moral and ethical way; addressing diversity, equity, and inclusion issues head on. Demographic shifts mean we have to be more open to change, inclusion, open-mindedness, and better than the past. Globalization is also changing things. Communications is shrinking our globe, making it easier to connect and work globally. This means we have to be more open-minded and able to interact and engage with diverse cultures, languages, etc.

If you do good, people will accuse you of ulterior motives. Do good anyway!

Marc H. Morial

Saturday, June 18, 2022 from 2:00 PM-2:45: Thought Leader Session – Resilience in Higher Education: Fostering a Culture of Transformation. Seemed to provide little value so I left early.

Saturday, June 18, 2022 from 3:15-4:00: Marketing Panel: Leveraging Accreditation to Grow Business Programs in Fluid Times. Over 80% of students starting at a community college do so with the intention of wanting to complete their bachelor’s degree. The first presenter essentially argued the importance of leveraging accreditation to develop articulation agreements, using accounting as an example. The first section of this session was not particularly valuable with the exception of the potential to develop an articulation agreement between us and ACC.

  • Promote accreditation at open houses and on admissions website
    • Parents often ask if programs are accredited
    • Use ACBSP standards to discuss the quality of the program
    • Teaching, research, service, class sizes, co-curricular, etc.
  • Send accreditation material to high schools
    • Ensure admission staff are well-verses in ACBSP standards
  • Promote and increase articulation agreements with 2-year schools and international schools
    • Meet at annual conference
  • Encourage faculty to reach out to deans of schools of business when they travel
    • Promote accreditation to non-accredited schools
  • Press releases that promote the value of accreditation for increasing the value of the school
    • Focus accreditation
  • Use current students as role models
    • Promote honor societies and scholarships
    • Encourage student involvement in accreditation via clubs and regional conference presentations
    • Encourage students to present at regional (ACBSP) conference
  • Alumni Outcomes (Meets CHEA Standards)
    • Place alumni outcomes on website (retrievable from LinkedIn) – Use this to build a database of alumni and where they are after graduation
    • Place learning outcomes on website
    • Emphasize Global network of schools and alumni
    • Promote the fact that
  • Add accreditation logos to syllabi and email signatures
  • Add AACSB/ACBSP logos to table clothes
  • Display AACSB/ACBSP logos prominently at Open Houses
  • Social Media: Not clear how they will leverage using social but I am thinking with hashtags, including accreditation logos in banner images, Canvas course shells, etc.

Saturday, June 18, 2022 from 4:15-5:00: Email Marketing: The Hidden Hero of Online Student Recruitment. Email returns a better ROI than social media. It is important to manage email list growth and quality; do not send the same message to all contacts; test delivery; test all links; know your audience.

Define your audience: know their age, work experience, interests, motivations (i.e. skills, build professional network, etc.), what might stop her I.e. difficulty of graduate school, ROI of degree, etc.); from this, develop key messages that speak to their motivation and addresses their concerns.

Awareness: Gain visibility and create a positive brand image. Keep messages brief and to the point.

Consideration: This is where you provide them with helpful resources, upcoming events, testimonials, offer interaction with staff members, how to finance their education, etc.

Decisions: Overcome final pain points, offer to work with them one-on-one if they require help.

Enrollment: Goal is to complete the applications. Welcome accepted students into the school. Personalize this. Make next steps easy and exciting. We’ve prepared great things for you.

Avoiding SPAM filters: Keep your database list clean. Use opt-in when you can on information request forms. Don’t be afraid of the unsubscribe button (keeps your email list clean: 20-30% annual churn; prevents frustration/badmouthing amongst peers; update preferences; encourages high quality content); Use strong subject lines (he provided a list of do’s and don’ts); Segment email campaigns (i.e. locations, course of interest, lead score, type of request – targeted segmented campaigns are SIGNIFICANTLY more effective);

SPF, DMARC, DKIM methods to verify whitelist scores

Learn how to track clicks from email as well as the web. If we use Qualtrics, it does facilitate this to a degree. Google Analytics provides similar (more detailed) kinds of data. Use templates, segment, automate as much as possible

Sunday, June 19, 2022 from 9:00-9:45: Capstone Courses in the Pandemic: Providing the Best Learning Outcomes. What are our goals? Integration, application (problem identification), and professional readiness. Common approaches include case analyses, simulations, etc. Those three criteria were evaluated by some research she presented and in general, in academic, we get an A, B, and F respectively in these three areas. My last criteria likely would be better given my newly added resume/job search project. Focus on continuing to develop this portion of the class. Lots of reflection exercises (on track there), case analyses (on track there), experiential project (this one I would need to think through more). The goal is to get them into the “consulting” mindset. This might look a lot like the project developed in BCIS 5311 to analyze the information system for an organization. As the capstone, I have to figure out a way to incorporate each area (i.e. networking databases, systems analysis and design, etc.) as part of that project. Consider three projects as I currently do but tweak to more formally align with the three criteria outlined above.

Sunday, June 19, 2022 from 10:00-10:45: Using the Baldridge Framework to Improve Resilience. Baldrige Framework. Creating a culture of Baldrige is key at the most important thing followed but planning strategically and continuity planning. Leading with vision was next. The results of their study indicated that organizations that utilize Baldrige and scored high on it faired better during the pandemic. While I did not find a lot of value in this session, it did serve both as a reminder and motivation for reviewing Baldrige and thinking about how to best incorporate that into what we do as a College. The framework aligns quite nicely with accrediting standards.

Sunday, June 19, 2022 from 11:15-12:00: Standard 3 – Overview of the Requirements for Student and Stakeholder Satisfaction. Parents, alumni, parents, local community (employers), other schools (i.e. transfer institutions), students (current and prospective), faculty/staff all represent stakeholders. We need to collect data from these and others that are somehow involved with our College. One of the keys is to not only collect this data/information but also USE it! See Table 3,1: Student and Stakeholder Groups in the ACBSP Standards. Tools include surveys as well as evaluations. Qualitative/informal ways include advisory boards, dinner/donor with the dean, etc. Great source for “quotes”. Make sure this aligns with the mission. Process is key: Specify the process and follow it. Providing results is also key. Evaluate trends from course evaluations, student measures, alumni surveys, other student/stakeholder measures. We really want a minimum of 3-5 data-points. So, think 3-5 years of data collection. We have several measures; some with a single data point while others of as many as four, I believe. See links below for more thorough examples. So, “use” the information by sharing it with relevant stakeholders.

NOTE: Due to the need for these feedback loops to be systematic, work with Chris to add these to the calendar to routinize/systematize this process. On a related note, also make sure our AoL reviews are scheduled for the Spring faculty meetings.

Action Items:

  • Incorporate AACSB and ACBSP logos to all COB materials (i.e. the Canvas template, website, flyers, guidebooks, etc.).
  • Review social media profiles to make sure they clearly and accurately reflect what we want to put out into the world.
  • Review AoL outcomes to identify outcomes that align with stakeholder expectations and work to identify objective, validated instruments to assess each outcome. Outcomes might include things like communication, emotional intelligence, ethics, etc.
  • Expand internship opportunities and leverage the use of simulations to expand experiential learning at scale.
  • Develop Power BI to reflect data for assessment and other feedback tools such as stakeholder satisfaction surveys.
  • Share with Drake and David opportunities with CapSim to train with some of the new simulations.

What is a router and what does it do?

In working with students on their logical designs, it has become clear to me that many students get confused about the differences between routers and switches. So, I wanted to take a moment to talk specifically about routers. So, what is a router? Well, a router links together two similar networks in order to direct IP packets from one network to another. When you see IP, you should automatically start thinking about the OSI model and specifically, layer 3 of the OSI model.

Figure 1: The OSI Model
Typically, when students start creating their logical diagram, if they include logical configuration information at all, they always seem to focus on the internal side of this connection; the LAN side. But there is the WAN side of this connection as well. What kind of configuration information is on the WAN side of the connection? It (hopefully) obviously needs an IP address. Just to make this clear, every device connected to the Internet needs a unique IP address in order to be able to communicate with other devices over the Internet. The WAN connection also needs a subnet identified. The subnet is important because it tells the router on the WAN side of the connection which part of the IP address refers to the network and which part refers to the router itself (on the WAN side). The WAN side also needs a default gateway. If the router does not know where to route a particular packet, it needs the default gateway to forward the packet to a higher layer router that may in fact know where that particular packet should be sent. Lastly, the WAN side of the connection needs to know a DNS server so that it can resolve domain names and share that information with clients on the LAN side.

Now, the good news is that while you need to know how to configure these settings, you do not have to come up with the numbering scheme itself. If you have a static connection, this information will be provided to you by your ISP. This is typically the case for business class services in which you need your external address to stay the same so that web server, email servers, and so on can routinely be found in the same place logically. Consumers typically have dynamic addresses and this really makes things easy as the router reaches out to the ISP and obtains this information automatically. The advantage of this is obviously that it reduces your administrative burden.

Figure 2 below shows a router where the WAN port is labeled ‘Line’ and then it also happens to have a four port switch built into the router, with each port labeled 1 through 4. So, the WAN configuration information is associated with the WAN or ‘Line’ side of the router whereas the LAN side of the configuration information is associated with the clients associated with the four ports.

Figure 2: Router
On the internal side of the network, we also have configuration information that is needed. Specifically, we need an IP address and a subnet mask to tell the router which portion of the IP address represents the network and which part represents the router itself. The IP address serves as the default gateway for all the clients on the internal side of the network. Where is the rest of the configuration information internally? It’s not there. When a client on the internal side of the network does not know where the server is that it is trying to communicate with, it sends the packet to its default gateway which is found in its own configuration information. That gateway is the router’s LAN connection. When the router gets that request, if the requested server is not on the LAN side of the connection, it routes the packet to the WAN side of the connection which includes a default gateway so that it knows where to forward the packet.

Figure 3 illustrates a sample logical diagram. In this diagram, for the gateway router, you should see that the WAN connection is dynamically set. Again, this makes it easy on the network administrator. Internally, there is an IP address and a Subnet Mask (SM). There is also an SSID to indicate that this is also a wireless router as well as information indicating that this wireless router is capable as serving as a DHCP server.

Figure 3: Logical Diagram

You may also notice a second, internal router is included in the diagram. This design is segmenting the network at layer 3. I want to draw your attention to the WAN side of the internal router. It includes the IP address and the default gateway. Specifically, I want to draw your attention to the IP address and the fact that it is on the same subnet as the internal side of the gateway router. This is necessary so that the two routers can communicate. Also, note the internal IP address of the internal router. Note that it is on a different subnet. As a result, it can be said that this network is segmented to keep traffic from the business side of the network separate of the traffic on the personal side of the network.

So, that is what a router is and some basic information about the configuration information that goes into a router and whatnot. Commercial routers get much more complicated quickly. But, at the same time, commercial routers are beginning to take on similar dashboards to consumer grade routers making them easier to configure and use. If you have any questions, please leave a comment. Follow me on Twitter @SchuesslerPhD and until next time, happy networking.

Dr. S.

AACSB Impact Forum

The College of Business at Tarleton State University is pushing to obtain accreditation from the Association to Advance Collegiate Schools of Business (AACSB), the premier accrediting body for business schools. Before this process began, I knew that AACSB existed. I knew the general idea behind accreditation. But, I can honestly say that I did not know the degree to which they can drive value within a business school by helping to establish and maintain standards by which schools can first be measured and second, continuously improve.

As part of our push for accreditation, this last weekend, I attended one of their “Impact Forums” held at their international headquarters in Tampa Florida. They have identified impact as one of the three pillars of accreditation along with engagement and innovation. But impact is something that can be a little nebulous at times. After all, how do we know that our teaching is having real “impact”? Hence, the reason behind the forum.

So, what is “impact” and how does it apply to the college of business? Well, impact is pretty easy to define: to have a strong effect on something or someone. But, how does that apply to the college of business? Well, we want our teaching, research, and service to have impact. Of course, the assumption is that the impact is positive and hopefully it is.

Traditionally, as faculty, impact has been assessed by counting journal publications in peer reviewed journals and/or publications in high quality journals. Why? Because they are relatively easy to measure. But, we have to realize that impact has many different stakeholders. These might include faculty, staff, administrators, or the academy itself. Other stakeholders might include students, businesses, accrediting organizations, governing bodies, and so on.

So, we need to look at impact from a much broader perspective. Again, as it relates to research, while counting the number of peer reviewed journal publications a researcher had, additional impact information that might prove useful is whether or not other professors are using that work in their classes. Are businesses applying that research to their organization? That is real impact.

But, measuring such impact can prove difficult. Sometimes it takes considerable time for impact to be seen. For example, sometimes research can take more than a year to get published. Beyond that, such research must then be disseminated to various stakeholders for them to begin to be influenced by the results. Ultimately, it may be 2 or 3 years later or more before an impact can be measured. Even then, whether the impact is explicit or implicit can make measuring them difficult at best.

What about other kinds of impact though? Turns out, they are all around us. Some of them are quite easy to measure. We just need to rethink how we look at impact. For example, the number of degrees granted and student placement success (along with research quality and quantity) are the most commonly used impact metrics. These are followed by the number of consulting projects and applied research, rankings, surveys and feedback from key stakeholders, and community engagement and student projects. Finally, we have things like assurance of learning data, alumni engagement, and so on that can serve as representing impact.

So, the scope of impact is much broader than how it might have originally been interpreted. In academia, we impact all three areas: research, teaching, and service. The key is to recognize when we are having an impact and weaving it into a coherent story that helps us to tell our story as an institution.

With such a large potential scope of impact with which to tell our story, how do you know where to start? Start with your mission statement. It tells stakeholders what you value the most. If that is where your value is, that is where the focus of your impact measurements should be. For example, if you are a teaching school and you value innovative teaching, you should probably focus less on measuring and reporting the impact of research. That is not to say that research should be completely ignored. It just should not be “featured”.

So, start with your mission and align appropriate metrics to assess impact. Identify what is impacted, by what, how, what the measures are, and how often they are to be measured. You are painting a road map here so that you can create repeatable results. In the end, this does not have to be a painful process. You do have openly and honestly reflect on your college. But, I think in the long run, it creates an environment for continuous improvement that keeps people engaged and excited about coming to work and doing great things!

Security Theories

Computer Anxiety: “Excessive timidity in using computers, negative comments against computers and information science, attempts to reduce the amount of time spent using computers, and even the avoidance of using computersfrom the place where they are located” (Doronina, 1995).

  • Doronina, O. “Fear of Computers: Its Nature, Prevention and Cure,” Russian Social Science Review (36:4) 1995, pp 79-90.

General Deterrence Theory:

  • BOSS SR, KIRSCH LJ, ANGERMEIER I, SHINGLER RA and BOSS RW (2009) If Someone Is Watching, I’ll Do What I’m Asked: Mandatoriness, Control, and Information Security. European Journal of Information Systems 18(2), 151–164. 
  • STRAUB DW and WELKE RJ (1998) Coping With Systems Risk: Security Planning Models for Management Decision Making. MIS Quarterly 22(4), 441–469.
  • D’ARCY J and HOVAV A (2009) Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures. Journal of Business Ethics 89, 59–71.
  • HERATH T and RAO HR (2009) Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems 18(2), 106–125. 
  • PAHNILA S, SIPONEN M and MAHMOOD A (2007) Employees’ Behavior towards IS Security Policy Compliance. In: 40th Annual Hawaii International Conference on System Sciences. Waikoloa, HI: IEEE Computer Society.
  • STRAUB DW (1990) Effective IS Security: An Empirical Study. Information Systems Research 1(3), 255–276. 

Protection Motivation Theory:

  • Rogers, R.W. (1975). A protection motivation theory of fear appeals and attitude change. Journal of Psychology, 91, 93-114.
  • Rogers, R.W. (1983). Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. In J. Cacioppo & R. Petty (Eds.), Social psychophysiology (pp. 153-176). New York: Guilford.
  • MADDUX JE and ROGERS RW (1983) Protection Motivation and Self-Efficacy: A Revised Theory of Fear Appeals and Attitude Change. Journal of Experimental Social Psychology 19(5), 469– 479.
  • CROSSLER RE (2010) Protection Motivation Theory: Understanding Determinants to Backing Up Personal Data. In: 43rd Hawaii International Conference on System Sciences. pp. 1–10.
  • HERATH T and RAO HR (2009) Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems 18(2), 106–125.
  • JOHNSTON AC and WARKENTIN M (2010) Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly 34(3), 549–A4.
  • PAHNILA S, SIPONEN M and MAHMOOD A (2007) Employees’ Behavior towards IS Security Policy Compliance. In: 40th Annual Hawaii International Conference on System Sciences. Waikoloa, HI: IEEE Computer Society.
  • VANCE A, SIPONEN M and PAHNILA S (2012) Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory. Information & Management 49(3–4), 190–198.
  • WOON I, TAN G-W and LOW R (2005) A Protection Motivation Theory Approach to Home Wireless Security. In: Proceedings of the 26th International Conference on Information Systems. pp. 367–380.
  • LEE Y and LARSEN KR (2009) Threat or Coping Appraisal: Determinants of SMB Executives’ Decision to Adopt Anti-Malware Software. European Journal of Information Systems 18(2), 177–187. 

Neutralization Theory:

Technology Threat Avoidance Theory (TTAT): Posits that threat avoidance behavior functions as a dynamic positive feedback loop (concept derived from cybernetic theory, and general systems theory) composed of two cognitive processes, threat and coping appraisals, which determine how an individual would cope with IT threats.

  • LIANG H and XUE Y (2009) Avoidance of Information Technology Threats: A Theoretical Perspective. MIS Quarterly 33(1), 71–90.
  • LIANG H and XUE Y (2010) Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective. Journal of the Association for Information Systems 11(7), 394– 413. 

Fear Appeal Theory

  • JOHNSTON AC and WARKENTIN M (2010) Fear Appeals and Information Security
  • Behaviors: An Empirical Study. MIS Quarterly 34(3), 549–A4.

Technology Anxiety (As a predictor of technology adoption): An individual’s tendency to be uneasy, aprehensive, or fearful about the current or future use of technology ((Parasuraman, et al,m 1990; Allen, 2002).

  • Allen, J.W., and Parikh, M.A. “The Impact of Personal Traits on IT Adoption,” Proceedings of the 8th Americas Conference on Information Systems, Dallas, TX, USA, 2002.
  • Meuter, M.L., Ostrom, A.L., Bitner, M.J., and Rountree, R. “The Influence of Technology Anxiety on Consumer Use and Experiences with Self-Service Technologies,” Journal of Business Research (56) 2003, pp 899-906.
  • Parasuraman, S., and Igbaria, M. “An Examination of Gender Differences in the Determinants of Computer Anxiety and Attitudes Towards Microcomputers Among Managers,” International Journal of Man-Machine Studies (32:3) 1990, pp 327-340.

Research: System Security Effectiveness in Large Versus Small Businesses

Schuessler, J. H., Windsor, J., & Wu, Y. (2014). System Security Effectiveness in Large Versus Small Businesses. Journal Of Information System Security, 10(1), 3.
This publication came from my dissertation. If you are familiar with the research process, dissertations, and whatnot, you know that this is one of your more robust pieces of research. Looking back, I certainly believe this to be true. I was lucky in that I really loved my topic and it kept me engaged throughout the process.

Information systems security is a big deal. We all know it. We see stories on TV, read about breaches in the news, and if you are one of the unfortunate ones, you have to deal with consequences of some sort of information systems security compromise. Despite the recognition that security is largely a managerial issue (Hitchings, 1995), managers routinely rank security relatively low compared to other managerial issues (Luftman & Ben-Zvi 2010; Pimchangthong, Plaisent, & Bernard 2003). A lot of this issue is that they simply do not understand the gravity of the situation. Some of it has to do with with a lack of understanding of the issues. This paper seeks to model the threat landscape along with the use of countermeasures and the ultimate effect on information systems security effectiveness. The goal was to develop a model that hopefully is more intuitive for managers that can incorporate the dynamic nature of threats and the use of countermeasures. The result is a unique model that uses cross-sectional data (data gathered at one time) to assess a dynamic relationship that changes over time.

Using Deterrence Theory as its basis (Straub and Welke, 1998), the Security Action Cycle (SAC) which consists of deterrence, detection, prevention, and remedy as dimensions, can be useful for framing the use of countermeasures by organizations. Countermeasures are dynamic in nature in that they constantly change against a changing set of threats face by an organization. Threats are not limited to “hackers” but rather, come in the form of threats from nation states, equipment obsolescence, natural disasters, etc. As the threat landscape changes, so must the use of countermeasures in order to manage risk. The ultimate goal is to insure information system security effectiveness which was conceptualized as the user of SAC efforts to protect hardware, software, data, and services. Lastly, important characteristics such as industry and organizational size were considered, recognizing that these factors might have an impact on the study.

Data was gathered, using an online survey, from AITP  professional members due to the diverse nature of their membership and their participation in prior studies (Nance & Straub 1988; Straub & Nance 1990). Of the 1500 professional members surveyed, 73 responses were gathered. Though low, this is not unusual for security related research. For a great example, see Kotulic and Clark (2004). Using PLS, the results were analyzed. However, to take it to the next level and analyze the circular relationship, where the output results for deterrence, prevention, detection, and remedy became the input the threats construct to close the circle, a personal communication with PLS guru Dr. W. Chin, helped to conclude the analysis. The results can be seen below.

Some of the big take aways were that there is a clear positive relationship between threats and the use of countermeasures. That should not come as a surprise. In fact, it would be surprising if there were not such a relationship. Interestingly, the model did indeed show a relationship between two of the dimensions of the SAC and the threats faced by an organization thus validating the circular relationship between these two constructs. Additionally, three of the four SAC dimensions also showed a positive relationship to the information system security effectiveness construct clearly showing that our use of countermeasures is having the intended protective effects. The study also showed that there is a relationship between industry and the use of preventive measures but also between preventive measures and information systems security effectiveness. Perhaps most interesting of all, the study indicated a negative relationship between organizational size and the use of countermeasures. So, relatively speaking, smaller organizations tend to employ more countermeasures than their larger counterparts. However, when considered with the result of no relationship between organizational size and information systems security effectiveness, a logical conclusion could be that larger organizations do a better job of targeting the use of countermeasures to respond to specific threats whereas small organizations tend to “shotgun” their security measures.

This was a cool study to conduct. I learned a lot and ended up getting two publications out of it. It has helped to form my research stream. I have included the citation at the top of the post. If you are interested in more detail and academic writing does not deter you, please give it a good read and let me know what you think.

Research: “Chunking” Semester Projects

Schuessler, J. H. (2017). “Chunking” Semester Projects: Does it Enhance Student Learning?”. Journal Of Higher Education Theory and Practice, 17(6).

My university is a teaching institution. We value quality teaching and keep students at the center of our focus. You can see it the way we write our learning objectives, the various student programs, and student organizations. While my college us pursuing AACSB accreditation which places more emphasis on research, the university provides for faculty development through our Center for Innovation and Instruction (CII). They put on all kinds of programs, including one geared towards the convergence of conducting research around/involving teaching. Referred to as the Scholarship of Teaching and Learning (SoTL), I think this is a great. I had never done pedagogical/andragogical research before. Sure, I’ve used students as a convenient sample, but the focus of my research has never been on my teaching methods, assignments, etc. Well, thanks to our CII’s efforts, that is no longer true.

I teach a couple of networking classes, undergraduate and graduate. I place a lot of emphasis on the semester project, specifically on some of the different components of network design: logical design, physical design, wireless design, financial analysis, risk assessment, and management design. I traditionally assigned this as a semester project due at the end of the semester. In addition to covering each section in more detail throughout the semester, I also included topic specific discussion boards in which teams of students could share their projects and see the pros and cons of each design with the idea that they could in turn, reflect and improve their own team’s design. As kind of an aside, the projects are all case based so each group was working on the same project. This makes it easier to compare the submissions from each group.

In our graduate version of this class, we actually use some of this data for program assessment purposes. To my disillusionment, I had attempted a variety of things to improve student scores, particularly as it relates to logical and physical designs, but students routinely seem to struggle with not only the diagramming aspects of such design, but also the logical aspects of logical and physical design.

The crux of the issue was that semester project scores were only ‘ok’. Clearly, some students got it. Others clearly were not “getting it”. As part of the SoTL project, I began to think of ways to modify the project such that students could get more substantive feedback earlier in the semester and work on and improve their final project submissions at the end of the semester.

To address these issues, I decided to break the sections up over the course of the semester. Before I get into the details, I make extensive use of Google in my classes. For example, I require students use Google Docs for the papers they submit. In this particular class, since it is a group project, this works particularly well due to the collaborative features of Google Docs. So, for the first submission, I created a discussion board topic in Blackboard, our university’s Learning Management System (LMS). It required each group to create a thread within that discussion board in which they included a read only link to their team’s Google Doc. With each team doing this, and as you recall, they were all working from the same case, each team could see and reflect on the similarities and differences from their peer teams. I should note that within the initial discussion board were details to help students develop a more thorough understanding of the topic (i.e. Logical Diagrams, Physical Diagrams, etc.). Additionally, the rubrics for each discussion board were quite detailed, associating points with very specific items targeted for each particular topic.

The goal was for each group to be able to look at their peer’s work, make suggestions, and perhaps more importantly, incorporate the very best ideas into their own design such that everyone’s project should have improved. They did…sort of.

When comparing the results to those of students during prior semester who were assigned and submitted more traditional, monolithic semester projects, the results were somewhat mixed.

Table 1: Results

Students performed better on the wireless design and the financial analyses, but it was inconclusive regarding their performances in the other areas. Overall, their performance improved if you use the .10 level of statistical significance. Given the low sample size, this may be appropriate. Regardless, I felt as though student learning did improve by chunking the semester project in this way. Positive signs for example included, with the exception of H1, that the mean scores on each section improved in the treatment group. The variance in scores also, for the most part, decreased in the treatment group indicating that there was more consistency in student understanding of the topic in the treatment group. In a post-hoc analysis, I also examined student evaluations in each group to see if there were any differences. The control group were evenly split on the item for agreeing or strongly agreeing on effective instructor feedback and communication. But, the control group overwhelminly strongly agreed that instructor feedback and communication was effective. This pattern held for the remaining factors of the evaluation as well; appropriateness of readings and assignments, technological tools, instructor feedback and communication, course organization, clarity of outcomes and requirements, and content format (Rothman, Romeo, Brennan, and Mitchell, 2011).

In general, chunking semester projects seems to improve student learning. There is a clear relationship between chunking semester projects and improved student evaluations. But, there are clear limitations to this study, perhaps most significantly, the sample size. Additionally, the quasi-experiment utilized different students so as a result, differences could potentially be attributed to differences among the groups themselves rather than the way in which the semester project was implemented. At least as it relates to computer self-efficacy, this does not appear to be an issue in these two groups as there was no statistical difference in scores submitted by each group.

Future research should center around replicating the student with a larger sample. The low sample used in this study could have potentially influenced the statistical results and thus, the interpretation of those results. Other avenues for future research could be directed at student learning as it relates to semester projects and student scores on final exams and overall course grades. Presumably, such holistic measures of student performance provide a more monolithic measure of student learning which could be used to determine the effect of chunked and non-chunked semester projects on such scores.


Bodie, G. D., Powers, W. G., & Fitch-Hauser, M. (2006). Chunking, priming and active learning: Toward an innovative and blended approach to teaching communication-related skills. Interactive Learning Environments, 14(2), 119-135. doi:10.1080/10494820600800182

Carstens, D. S., Malone, L. C., & McCauley-Bell, P. (2007). Applying Chunking Theory in Organizational Password Guidelines. Journal Of Information, Information Technology & Organizations, 297-113.

Cowan, N. (2001). The magical number 4 in short-term memory: a reconsideration of mental storage capacity. The Behavioral And Brain Sciences, 24(1), 87-114.

Eligibility Procedures and Accreditation Standards for Business Accreditation. (2016) (pp. 1-53). Tampa. Retrieved from

Hambley, A. R. (1994). Electronics: A Top-Down Approach to Computer-Aided Circuitry Design. Prentice Hall PTR.

Kurose, James F., and Keith W. Ross. Computer Networking: A Top-down Approach Featuring the Internet. Harlow: Pearson Education, 2012. Print.

Mathy, F., & Feldman, J. (2012). What’s magic about magic numbers? Chunking and data compression in short-term memory. Cognition, 122(3), 346-362. doi:10.1016/j.cognition.2011.11.003

Miller, G. A. (1956). The magical number seven plus or minus two: some limits on our capacity for processing information. Psychological Review, 63(2), 81-97.

Nelson, T. (2011). Assessing Internal Group Processes in Collaborative Assignments. The English Journal, 100(6), 41-46. Retrieved from

Rothman, T., Romeo, L., Brennan, M., & Mitchell, D. (2011). Criteria for assessing student satisfaction with online courses. International Journal for e-Learning Security, 1(1-2), 27-32.

Sweller, John. “Cognitive Load Theory, Learning Difficulty, and Instructional Design.” Learning and Instruction 4.4 (1994): 295-312. Print.

Syn, T., & Batra, D. (n.d). Improving Sequence Diagram Modeling Performance: A Technique Based on Chunking, Ordering, and Patterning. Journal Of Database Management, 24(4), 1-25.

Vaughan-Nichols, Steven J. “204.5-Million Lines of Code Equals One Great Linux Distribution.” Computerworld. Computerworld, 22 Oct. 2008. Web. 23 Mar. 2017.
Xu, X., & Padilla, A. M. (2013). Using Meaningful Interpretation and Chunking to Enhance Memory: The Case of Chinese Character Learning. Foreign Language Annals, 46(3), 402-422. doi:10.1111/flan.12039

Research: Data Breach Laws: Do They Work?

Schuessler, J. H., Nagy, D, Fulk, H. K., & Dearing, A. (2017). Data Breach Laws: Do They Work? Journal Of Applied Security Research, 12(3), 84.

I‘ve got a data breach paper coming out in October in the Journal of Applied Security Research that argues for the passage of federal legislation to combat data breaches. I say “combat” but that is really a misnomer. See, “combat” makes it sound like we can take the fight to the bad guys and make them pay for breaking into organizations, stealing personal information, and selling it on the dark web. Unfortunately, it is not that easy. Neither is the passage of federal legislation that governs how those who have been breached should deal with the situation publicly.

Now, I tend to have a rather wide libertarian streak in me. As a result, I do not make light of calling for federal legislation. But, we have to look at the facts. What are the goals behind the creation of data breach legislation in the first place? It is not to stop or otherwise limit the occurrence of data breaches. Nearly every state in the U.S has passed data breach laws. Only Alabama, New Mexico, and South Dakota do not have such laws (National Conference of State Legislatures, nd). So, if such laws were working to reduce breaches, we would not being seeing the seemingly geometric rise in breaches that actually are occurring. In fact, my analysis showed that there were an average of 5.07 data breaches per year in states that would eventually pass data breach legislation and an average of 9.21 breaches per year in those same states after the passage of such legislation.

Table 1. Annual Breaches by Industry.


So, no, data breach laws are not designed to reduce the number of data breaches. Rather, data breach laws are designed to facilitate informing consumers that their data has been breached and taking measures to protect their private and financial information as opposed to protecting the information systems that were originally compromised in the first place. Such laws typically include an element that requires notification to the consumer in certain situations such as a breach in which their name and social security number are not encrypted and somehow compromised. When that happens, consumer are notified and can take action to protect themselves such as monitoring the financial transactions, signing up for credit monitoring services, etc. It’s not really about fixing the problem itself but rather, more about applying a band-aid after the fact.

Table 2. Relevant State and Territory Statutes.

AlaskaAlaska Stat. § 45.48.010 et seq.NevadaNev. Rev. Stat. §§ 603A.010 et seq.242.183
ArizonaAriz. Rev. Stat. § 44-7501New HampshireN.H. Rev. Stat. §§ 359-C:19-C:20-C:21189:66
ArkansasArk. Code § 4-110-101 et seq.New JerseyN.J. Stat. § 56:8-161, -163
CaliforniaCal. Civ. Code §§ 1798.291798.80 et seq.New YorkN.Y. Gen. Bus. Law § 899-aaN.Y. State Tech. Law 208
ColoradoColo. Rev. Stat. § 6-1-716North CarolinaN.C. Gen. Stat §§ 75-6175-65
ConnecticutConn. Gen Stat. § 36a-701b2015 S.B. 949, Public Act 15-142North DakotaN.D. Cent. Code §§ 51-30-01 et seq.51-59-34(4)(d)
DelawareDel. Code tit. 6, § 12B-101 et seq.OhioOhio Rev. Code §§ 1347.121349.191349.1911349.192
FloridaFla. Stat. §§ 501.171282.0041282.318(2)(i) OklahomaOkla. Stat. §§ 74-3113.1, 24-161 to -166
GeorgiaGa. Code §§ 10-1-910, -911, -912; § 46-5-214OregonOregon Rev. Stat. § 646A.600 to .6282015 S.B. 601, Chap. 357
HawaiiHaw. Rev. Stat. § 487N-1 et seq.Pennsylvania73 Pa. Stat. § 2301 et seq.
IdahoIdaho Stat. §§ 28-51-104 to -107Rhode IslandR.I. Gen. Laws § 11-49.2-1 et seq., 2015 S.B. 134, Public Law 2015-1382015 H.B. 5220, Public Law 2015-148
Illinois815 ILCS §§ 530/1 to 530/25South CarolinaS.C. Code § 39-1-902013 H.B. 3248
IndianaInd. Code §§ 4-1-11 et seq.24-4.9 et seq.TennesseeTenn. Code § 47-18-2107; § 8-4-119 (2015 S.B. 416, Chap. 42)
IowaIowa Code §§ 715C.1, 715C.2TexasTex. Bus. & Com. Code §§ 521.002521.053; Tex. Ed. Code § 37.007(b)(5); Tex. Pen. Code § 33.02
KansasKan. Stat. § 50-7a01 et seq. UtahUtah Code §§ 13-44-101 et seq.; § 53A-13-301(6)
KentuckyKRS § 365.732, KRS §§ 61.931 to 61.934 VermontVt. Stat. tit. 9 § 2430, 2435
LouisianaLa. Rev. Stat. §§ 51:3071 et seq.40:1300.111 to .116VirginiaVa. Code § 18.2-186.6, § 32.1-127.1:05, § 22.1-20.2
MaineMe. Rev. Stat. tit. 10 § 1347 et seq.WashingtonWash. Rev. Code § 19.255.01042.56.5902015 H.B. 1078, Chapter 65
MarylandMd. Code Com. Law §§ 14-3501 et seq., Md. State Govt. Code §§ 10-1301 to -1308West VirginiaW.V. Code §§ 46A-2A-101 et seq.
MassachusettsMass. Gen. Laws § 93H-1 et seq.WisconsinWis. Stat. § 134.98
MichiganMich. Comp. Laws §§ 445.63445.72WyomingWyo. Stat. § 40-12-501 et seq.
MinnesotaMinn. Stat. §§ 325E.61325E.64District of ColumbiaD.C. Code § 28- 3851 et seq.
MississippiMiss. Code § 75-24-29Guam9 GCA § 48-10 et seq.
MissouriMo. Rev. Stat. § 407.1500Puerto Rico10 Laws of Puerto Rico § 4051 et seq.
MontanaMont. Code §§ 2-6-1501 to -1503, 30-14-1701 et seq.33-19-321Virgin IslandsV.I. Code tit. 14, § 2208
NebraskaNeb. Rev. Stat. §§ 87-801-802-803-804-805-806-807

So, if that is the case, why aren’t state laws fine?” Well, I’ll tell you why. They cost us more money. In a paper by Hovav and Gray (2014), they looked at the effect of the TJMaxx breach on various stakeholders. Their identification of stakeholders was pretty exhaustive and even included the intruders themselves. The end result of their analysis was that in the long run, TJX, the parent company, the company was just fine. Initially, stock prices tanked but as damage estimates were revised down, class-action law suits dismissed, and settlement with Visa, their stock value actually increased. Similar results for the Target breach can be found. So, there’s no real market force in the long run that encourages organizations to protect the data of their customers. As long as they can weather the storm, they will come out of the other side, stronger than they were before knowledge of the breach occurred.

Table 3. Statistical Significance Before and After Enactment of Data Breach Laws.

Before Law ImplementedAfter Law Implemented
P(T <= t) Two-tail.041

Now, this is not to say that breaches are “good” for companies. There are real dollar values associated with a data breach. According to the Ponemon Institute (2014), the average cost of a data breach in 2014 was $5.85 million. That’s $201 per record compromised. Those costs are even higher in healthcare. In light my the data from my student in which businesses and health/medical reported more breaches after data breach laws were enacted, that is a deadly combination. But, where do those costs come from? Costs come from the need to hire forensics experts, hotline support, notifications, providing credit monitoring subscriptions, etc.

Table 4. Effect of Data Breach Laws on Industry.

Before Law ImplementedAfter Law Implementedp-value.05

Table 5. Relationship between annual health care costs nationally and the number of data breaches occurring in the health care industry.

Total National Health Expenditures (in billions)2,0352,1672,3042,4142,5062,6042,7052,8172,919
Number of Healthcare Data Breaches164360976415576158162

So, this brings us back to the issue at hand; what is the goal behind data breach legislation? Let’s refine that question just a bit. What is the goal behind federal data breach legislation? If it is not to curtail the occurrence of data breaches and it is not to encourage organizations to do a better job of protecting their customer’s information, then what is it?

I would argue that it is about streamlining the compliance issue. Part of the reason the cost per record is so high is that organizations that operate across state lines have up to 47 different jurisdictions to potentially comply with (assuming they do business in each state with breach laws on the books). This makes compliance a significant issue. A federal law that establishes a baseline for reporting requirements and defining what constitutes a data breach is needed. It will help to reduce the costs associated with complying with various state’s current laws by allowing organizations to more simply comply with a single federal law.


Gross, G. Lawmakers push for federal data breach notification law. PCWorld. 2013. Available at: Accessed March 20, 2017.

Anthony, J. H., Choi, W., & Grabski, S. (2006). Market reaction to e-commerce impairments evidenced by website outages. International Journal of Accounting Information Systems, 7(2), 60-78. doi:10.1016/j.accinf.2005.10.002

Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers. International Journal of Electronic Commerce, 9(1), 69.

Centers for Medicaid & Medicare Services. (2015) Retrieved 5/27/2015

Clarke, R. (1994). Human identification in information systems: Management challenges and public policy issues. Information Technology & People7(4), 6-37.

Hardekopf, B. (2014, March 22). This Week In Credit Card News: Data Breaches At Supermarkets, Hospitals And UPS; Fighting Card Theft. Retrieved from

Hovav, A. P., & Gray, P. (2014). The Ripple Effect of an Information Security Breach Event: A Stakeholder Analysis. Communications of The Association For Information Systems, 34(50), 893-912.

Humer C, Finkle J. Your medical record is worth more to hackers than your credit card. http://wwwreuterscom. 2017. Available at: Accessed March 20, 2017.

Identity Theft Resource Center. Retrieved from

Joerling, J. (2010). Data breach notification laws: an argument for a comprehensive federal law to protect consumer data. Washington University Journal Of Law & Policy, 467.

Millman J. Health care data breaches have hit 30M patients and counting. Washington Post. 2014. Available at: Accessed March 20, 2017.

National Conference of State Legislatures. Retrieved from Accessed March 20, 2017.

Phelps, J., Nowak, G., & Ferrell, E. (2000). Privacy concerns and consumer willingness to provide personal information. Journal of Public Policy & Marketing, 19(1), 27-41.

Ponemon Institute. (2014). 2014 Cost of Data Breach Study: United States

Ring, L. S. (2016, May 31). Is a Federal Data Breach Law in the Cards This Year? Retrieved May 23, 201 Ring, L. S. (2016, May 31). Is a Federal Data Breach Law in the Cards This Year? Retrieved May 23, 2017, from, from

Schuessler, J. H. (2010). General deterrence theory: Assessing information systems security effectiveness in large versus small businesses. Dissertation Abstracts International Section A, 70, 3681.

Schuessler, J. H., Windsor, J., & Wu, Y. (2014). System Security Effectiveness in Large Versus Small Businesses. Journal of Information System Security, 10(1), 3-40.

Sherman, E. (2014, August 28). Why $250M didn’t protect J.P. Morgan from hackers. Retrieved from

Shultz, K. S., Hoffman, C. C., & Reiter-Palmon, R. (2005). Using archival data for I-O research: advantages, pitfalls, sources, and examples, The Industrial-Organizational Psychologist, 42(3), 31-37.

Straub, D. W., & Welke, R. J. (1998). Coping With Systems Risk: Security Planning Models for Management Decision Making. MIS Quarterly, 22(4), 441-469.

Thomas, L. (2014). Providing Notice After A Data Breach: 10 Steps To Take. Law360. Retrieved from

Review: Tarleton School of Criminology Cybersecurity 2016 Summit

Today, I attended the Tarleton School of Criminology Cybersecurity 2016 Summit held at the George W. Bush Presidential Library. I have to say that it was extremely well done. The various speakers brought forth an upbeat, hopeful message about the future of cybersecurity. With presentations from former military, law enforcement, lawyers, professors, and consultants, it was packed full of useful information.

One of the nice little nuggets I ran across was the concept of the “kill chain” presented by Col Jeff Schilling (ret). Naturally, this came from one of the former military presenters. A quick Google and the meaning behind it was clear and the extension to the field of cybersecurity could be easily extrapolated. Essentially, the kill chain is all the steps necessary to successfully eliminate a target. As it relates to cybersecurity, it would simply be all the steps necessary to compromise a target (read data). Remove any step in the kill chain and the objective of compromise cannot be completed. Now, here’s the kicker. As security professionals, you can attack the kill chain at each and every stage OR you can focus your efforts on a single stage. Basically, this was the argument made today. The point is not to ignore all the other stages. Patching is still important. So it user education. But focus on the data. Focus on the prize.

The thought process behind this is that if we spread our focus on all steps in the kill chain, it divides our focus and we become less effective. As long as we do not lose sight on our most valuable asset, we can focus our efforts where we can be most efficient and effective.

We also had presentations from the Secret Service as well as the FBI (no photos or names please).

Our keynote during lunch was Mr. Brian Sartin, Managing Director Verizon RISK Services over Verizon’s 2016 data breach report. No surprises here. Same thing as last year. Threats continue to grow, particularly as they relate to nation state hacking/espionage.

Then we had Candy Heath, AUSA and Lead Cyber Attorney for the United States Northern District of Texas confirm some of the keynote speaker’s findings that the vast majority of those compromised don’t know it. Rather, one a perpetrator’s is taken into custody and their systems are evaluated, numerous targets (sometimes dozens to hundreds) are discovered. This explains the concept of why it takes so long for organizations to discover that a breach has occurred. They are not discovering the breach. Others are…usually about 9 months after the breach originates.

Then a panel discussion over the state of educating security professionals and meeting the needs of employers occurred. The consensus was that we have a lot of work to do. Security professionals are very mobile. They can afford to be. They have highly sought after skills and few competitors. Depending on the presenter, there is a roughly 200,000 person shortage in this country. And, they predicted the problem would get worse. They also recognized the even within the general field of security, that there are specializations and the sometimes, an organization has security specialists, just not the specific ones they need.

Shawn Tuma, another attorney spoke about representing organizations that were the target of cyber attacks and noted the importance of simply have procedures in place and following them. Failure to protect data in and of itself is not the problem. But, failing to take reasonable precautions and not following established procedures opens up an organization to liability.

The second to last speaker was Chuck Easttom, computer scientist and author. He teaches, consults, testifies (prosecution and defense), etc. Bright guy. Would love to take some of his classes. He outlined an incident response template. The big take away from that was about verifying the credentials of the forensic expert. By that, he meant actually verify. Do not just take their word for it. Make sure they do the work and/or that they supervise those who do.

Lastly, Randell Casey, retired from the Army gave a great presentation. The take away there was “where are your electricians?” His point was that at the turn of the century in 1900, electricity was new. The government and large organizations had electricians on staff. When they needed new lines or a problem fixed, they just got their electricians to do it. Today, we simply expect to be about to flip a switch and for everything to work. If we need an electrician, we outsource it. His point was that security is moving in that direction. As things become more virtualized, more cloud based, organizations should shift to what they do best and leave the commoditization of infrastructure and security to professionals. But, he also restated the issue regarding the limited number of professionals on the market. His point here was was as the government continues to develop and employee many of those with these specialties, that as organizations start to wake up and truly understand how wide spread this issue truly is, that the shortage today could grow substantially before market forces can begin to correct the situation.

Now, I do not know if this was a one off event. I hope not. It was extremely well done. All the speakers were top notch from beginning to end. It has me rethinking our CIS programs at Tarleton to see how we might be able to collaborate with the CJ folks in order to generate some synergies. This was exciting, cool stuff.

Media Relations – Tarleton State University:

‘via Blog this’