ABSTRACT
Information security incidents are serious threats for a modern business environment. Firms believe that an investment on information security contribute to firms avoiding security incidents. However, there is a little research on economic outcomes of information security investment. This research investigates the relationship between information security investments and the number of information security incidents. This study empirically investigates how the information security related investment could reduce the possibility of information security incidents. Based on survey data, this study explores an impact of information security investment on information security incidents. This research explores the factors; an investment on information security, top management support, and Employees' information security awareness, contributing on firms' information security breaches. Based on Poisson regression model, we expect to figure out a positive impact of firm's information security investment on reducing the number of information security incidents. In addition, we expect to find out the impact of support of top management and employees' information security awareness.
- Bharadwaj, A., & Keil, M. 2001. The effect of information technology failures on the market value of firms: An empirical examination. INFORMS 2001 Miami.Google Scholar
- Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523--548. Google ScholarDigital Library
- Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. 2003. The economic cost of publicly announced information security breaches: empirical evidence from the stock market. Journal of Computer Security, 11(3), 431--448. Google ScholarCross Ref
- Cavusoglu, H., Mishra, B., & Raghunathan, S. 2004. The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 70--104. Google ScholarDigital Library
- Chai, Sangmi, Minkyun Kim, and H. Raghav Rao. "Firms' information security investment decisions: Stock market evidence of investors' behavior." Decision Support Systems 50.4 (2011): 651--661. Google ScholarDigital Library
- Creel, M. D., & Loomis, J. B. (1990). Theoretical and empirical advantages of truncated count data estimators for analysis of deer hunting in California. American journal of agricultural economics, 72(2), 434--441.Google Scholar
- Eloff, J. H. (1988). Computer security policy: Important issues. Computers & Security, 7(6), 559--562. Google ScholarDigital Library
- Ettredge, M., Richardson, V. J., & Scholz, S. 2002. Timely financial reporting at corporate web sites?. Communications of the ACM, 45(6), 67--71. Google ScholarDigital Library
- Gemalto. (2016). 2015 Findings from the 2015 breach level index. Retrieved from http://www.gemalto.com/brochures-site/download-site/Documents/ent-Breach_Level_Index_Annual_Report_2015.pdfGoogle Scholar
- Gordon, L. A., & Loeb, M. P. 2002. The economics of information security investment. ACM Transactions on Information and System Security (TISSEC), 5(4), 438--457. Google ScholarDigital Library
- Kankanhalli, A., Teo, H. H., Tan, B. C., & Wei, K. K. (2003). An integrative study of information systems security effectiveness. International journal of information management, 23(2), 139--154. Google ScholarDigital Library
- Knapp, K. J., Marshall, T. E., Kelly Rainer, R., & Nelson Ford, F. (2006). Information security: management's effect on culture and policy. Information Management & Computer Security, 14(1), 24--36.Google ScholarCross Ref
- Pahnila, S., Siponen, M., & Mahmood, A. (2007, January). Employees' behavior towards IS security policy compliance. In System sciences, 2007. HICSS 2007. 40Th annual hawaii international conference on (pp. 156b--156b). IEEE. Google ScholarDigital Library
- Posthumus, S., & Von Solms, R. (2004). A framework for the governance of information security. Computers & Security, 23(8), 638--646. Google ScholarDigital Library
- Public printing and documents, 44 U.S.C.§ 3542 (2011)Google Scholar
- Ilsoon Shin, Wonchang Jang, & Heeyoung Park. 2013., Information Security Investment and Security Breach: Empirical Study on the Reverse Causality. Journal of The Korea Institute of Information Security & Cryptology 23(6), 1207--1217.Google ScholarCross Ref
- Wooldridge, J. (2015). Introductory econometrics: A modern approach. Nelson Education.Google Scholar
Index Terms
- An impact of information security investment on information security incidents: a case of Korean organizations
Recommendations
Firms' information security investment decisions: Stock market evidence of investors' behavior
In the information society, it is important for firms to manage their core information resources securely. However, the difficulty of measuring the return on an IT security investment is one of the critical obstacles for firms in making such investment ...
Information security management: An information security retrieval and awareness model for industry
The purpose of this paper is to present a conceptual view of an Information Security Retrieval and Awareness (ISRA) model that can be used by industry to enhance information security awareness among employees. A common body of knowledge for information ...
The impact of information security breaches: Has there been a downward shift in costs?
By analyzing evidence of stock returns using a sophisticated market model over a long period and over two distinct and naturally arising sub-periods, this study helps resolve conflicting evidence from previous studies concerning the effect of ...
Comments