Sasha Romanosky

Sasha Romanosky

Senior Policy Researcher

Expertise

Sasha Romanosky is a senior policy researcher at RAND. He researches the economics of cyber security, privacy, insurance, cybercrime, and national security. For example, he has examined how insurance companies price cyber risk, and whether a federal reinsurance program is warranted to address catastrophic cyber risks. He examined when firms are more likely to be sued (and settle) for a data breach, and studied the cost of data breaches to understand whether corporate losses are as severe as commonly believed. He has also developed a capability to identify, collect, and apply regression and NLP analyses to federal civil and criminal cases.   

Romanosky was a research fellow in the Information Law Institute at New York University, and a security professional for over 10 years. He is one of the original coauthors of the Common Vulnerability Scoring System (CVSS), an open standard for scoring computer vulnerabilities, and EPSS, the Exploit Prediction Scoring System, an industry standard for predicting software vulnerability exploitation.

Romanosky is a former member of DHS's Data Privacy and Integrity Advisory Committee (DPIAC), and a former cyber policy advisor at the Pentagon in the Office of the Secretary of Defense for Policy (OSDP). While in DoD, he oversaw two of the Department's most critical vulnerability programs, and advised on other matters related to cyber security and cyber policy.

Romanosky holds a Ph.D. in public policy and management from Carnegie Mellon University.

Education

Ph.D. in public policy and management, Carnegie Mellon University; B.S. in electrical engineering, University of Calgary

Selected Work

  • Sasha Romanosky, Lillian Ablon, Andreas Kuehn,Therese Jones, "Content Analysis of Cyber Insurance Policies: How do Carriers Price Cyber Risk?" Journal of Cybersecurity, 2019 (forthcoming)
  • Sasha Romanosky, "Cost and Consequences of Cyber Incidents," Journal of Cybersecurity, 2(2), 2016
  • Sasha Romanosky, Zachary Goldman, "Understanding Cyber Collateral Damage," Journal of National Security Law and Policy, 9(1), 2017
  • Sasha Romanosky, David Hoffman, Alessandro Acquisti, "Empirical Analysis of Data Breach Litigation," Journal of Empirical Legal Studies, 11(1), 2014
  • Romanosky, Sasha, Martin C. Libicki, Zev Winkelman, and Olesya Tkacheva, Internet Freedom Software and Illicit Activity: Supporting Human Rights Without Enabling Criminals, RAND Corporation (RR-1151-DOS), 2015
  • Sasha Romanosky, Alessandro Acquisti, Rahul Telang, "Do Data Breach Disclosure Laws Reduce Identity Theft?" Journal of Policy Analysis and Management, 30(2), 2011
  • Sasha Romanosky, Alessandro Acquisti, "Privacy Costs and Personal Data Protection: Economic and Legal Perspectives of Ex Ante Regulation, Ex Post Liability and Information Disclosure," Berkeley Technology Law Journal, 24(3), 2009

Authored by Sasha Romanosky

  • Content Type
  • Topic

    Most relevant topics

  • Region

    Most relevant regions

  • Date
    to
31 Results