Sasha Romanosky is a policy researcher at the RAND Corporation and a member of the Pardee RAND Graduate School faculty. He researches topics in the economics of security and privacy, information policy, applied microeconomics, and law and economics.
Romanosky has published in the Journal of Policy Analysis and Management, Journal of Empirical Legal Studies, and the Berkeley Technology Law Journal; coauthored two book chapters; and written other works on information security. He was a Microsoft research fellow in the Information Law Institute at New York University and was a security professional for over 10 years within the financial and e-commerce industries at companies such as Morgan Stanley and eBay. He holds a CISSP certification and is co-author of the Common Vulnerability Scoring System (CVSS), an open standard for scoring computer vulnerabilities.
Romanosky holds a Ph.D. in public policy and management from Carnegie Mellon University and a B.S. in electrical engineering from the University of Calgary, Canada.
Sasha Romanosky, Martin C. Libicki, Zev Winkelman, Olesya Tkacheva, Internet Freedom Software and Illicit Activity: Supporting Human Rights Without Enabling Criminals, RAND Corporation (RR-1151-DOS), 2015
Sasha Romanosky, David Hoffman, Alessandro Acquisti, "Empirical Analysis of Data Breach Litigation," Journal of Empirical Legal Studies, 11(1):74-104, 2014
Sasha Romanosky, Alessandro Acquisti, Rahul Telang, "Do Data Breach Disclosure Laws Reduce Identity Theft?" Journal of Policy Analysis and Management, 30(2):256-286, 2011
Sasha Romanosky, Alessandro Acquisti, "Privacy Costs and Personal Data Protection: Economic and Legal Perspectives of Ex Ante Regulation, Ex Post Liability and Information Disclosure," Berkeley Technology Law Journal, 24(3), 2009