270,637 research outputs found
NCAA Division I Basketball Facility Managers\u27 Perceptions of Terrorism
The aftermath of September 11, 2001 left our country fighting a battle against terrorism. While our government has taken steps in protecting our country with the formation of the Department of Homeland Security, researchers in the field of Sports Management have begun to examine security preparation and risk management plans at sporting events. However, little research has examined risk assessment and risk communication. Securing sport venues starts with an individual analyzing all the potential risks with hosting an event. How risk is communicated and how risk is perceived can affect security preparation and risk management plans. The purpose of this study was (1) To discover whether information presented on a frequency or probability scale affects a basketball facility managers perception of the likelihood of a possible terrorist attack. (2) To detect whether information presented on a frequency or probability scale affects a basketball facility manager\u27s security preparation. (3) To identify if the media\u27s (television, radio, internet, conferences, magazine, newspaper, and word of mouth) portrayal of terrorism influences a facility manager\u27s perception that an attack is likely to occur. Three hundred and fifty facility managers at NCAA Division I universities and colleges in the United States, who were in charge of basketball arena safety, were chosen as subjects for this study. Questions pertaining to risk communications were presented on frequency and probability scales to see if managers\u27 perceptions of risk differed. The research also studied whether or not mass media influenced managers\u27 perceptions of the likelihood of a terrorist attack and security preparation plans. Data analysis included descriptive statistics and a one-way analysis of variance (ANOVA). When a\xa0significant difference was found for a research question whose independent variable had three or more groups, post hoc analysis using the Tukey Honesty Significant Difference (HSD) was performed \xa0to determine a mean difference between groups. The results indicated that there was a difference in how facility managers interpreted risk when information was provided on two different scales, i.e., frequency versus probability.\xa0When facility managers were placed in New York, they perceived greater risk to their facility when risk was presented on a frequency scale versus a probability scale. Furthermore, facility managers were more likely to monitor Homeland Security when risk is presented on a frequency scale than on a probability scale, when placed at a facility in New York. Additionally, when determining at what point, i.e., threshold, facility managers would re-evaluate their security preparation plans, facility managers\xa0 indicated\xa0 re-evaluating security plans sooner when risk was communicated on a frequency scale as opposed to a probability scale.\u2
The Impact Of Repeated Data Breach Events On Organisations’ Market Value
Purpose – In this study, we examined the influence of one or more information security breaches on an organization’s stock market value as a way to benchmark the wider economic impact of such events.
Design/Methodology/approach – We used an event studies based approach where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time.
Findings – Based on the results, we argue that although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches.
Research limitations/implications – One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information.
Practical implications – One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives.
Originality/value – We envisage that as more breach event data become more widely available due to compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.
Keywords - Information Security, Event Based Analysis, Information Security Breaches
Paper type - Research pape
Learning from past Disasters to Improve Crisis Management
In the event of a disaster the coordinated response of emergency services is crucial for saving lives and protecting critical infrastructure. Efficient communication and access to relevant information are essential elements in the immediate aftermath and all phases of the crisis management cycle to maintain public safety. As part of the European Commission funded FP7 project EPISECC (Establish Pan-European Information Space to Enhance Security of Citizens), an inventory of past disasters and critical events was developed. Information was obtained by systematic interviews with experts active in the field of crisis and disaster management on both national and international level. They represent organisations such as first responders, emergency services and civil protection offices from 15 EU (European Union) countries. The paper will outline several aspects such as the quality of information exchange between crisis managers and the analysis of key recommendations for improvement identified during the management of past disasters
Strategies to Reduce the Fiscal Impact of Cyberattacks
A single cyberattack event involving 1 major corporation can cause severe business and social devastation. In this single case study, a major U.S. airline company was selected for exploration of the strategies information technology administrators and airline managers implemented to reduce the financial devastation that may be caused by a cyberattack. Seven participants, of whom 4 were airline managers and 3 were IT administrators, whose primary responsibility included implementation of strategies to plan for and respond to cyberattacks participated in the data collection process. This study was grounded on the general systems theory. Data collection entailed semistructured face-to-face and telephone interviews and collection and review of public documents. The data analysis process of this study involved the use of Yin\u27s 5-step process of compiling, disassembling, reassembling, interpreting, and concluding, which provided a detailed analysis of the emerging themes. The findings produced results that identified strategies organizational managers and administrators of a U.S. airline implemented to reduce the fiscal influence of cyberattacks, such as proactive plans for education and training, active management, and an incident response plan. The findings of this study might affect social change by offering all individuals a perspective on creating effective cyberculture. An understanding of cyberculture could include the focus of a heightened understanding, whereby, to ensure the security of sensitive or privileged data and information and of key assets, thus, reducing the fiscal devastation that may be caused by cyberattacks
Enhancing security incident response follow-up efforts with lightweight agile retrospectives
Security incidents detected by organizations are escalating in both scale and complexity. As a result, security incident response has become a critical mechanism for organizations in an effort to minimize the damage from security incidents. The final phase within many security incident response approaches is the feedback/follow-up phase. It is within this phase that an organization is expected to use information collected during an investigation in order to learn from an incident, improve its security incident response process and positively impact the wider security environment. However, recent research and security incident reports argue that organizations find it difficult to learn from incidents.
A contributing factor to this learning deficiency is that industry focused security incident response approaches, typically, provide very little practical information about tools or techniques that can be used to extract lessons learned from an investigation. As a result, organizations focus on improving technical security controls and not examining or reassessing the effectiveness or efficiency of internal policies and procedures. An additional hindrance, to encouraging improvement assessments, is the absence of tools and/or techniques that organizations can implement to evaluate the impact of implemented enhancements in the wider organization. Hence, this research investigates the integration of lightweight agile retrospectives and meta-retrospectives, in a security incident response process, to enhance feedback and/or follow-up efforts. The research contribution of this paper is twofold. First, it presents an approach based on lightweight retrospectives as a means of enhancing security incident response follow-up efforts. Second, it presents an empirical evaluation of this lightweight approach in a Fortune 500 Financial organization's security incident response team
Recommended from our members
Forensically-Sound Analysis of Security Risks of using Local Password Managers
Password managers have been developed to address the human challenges associated with password security, i.e., to solve usability issues in a secure way. They offer, e.g., features to create strong passwords, to manage the increasing number of passwords a typical user has, and to auto-fill passwords, sparing users the hassle of not only remembering but also typing them. Previous studies have focused mainly on the security analysis of cloud-based and browser-based password managers; security of local password managers remains mostly under-explored. This paper takes a forensic approach and reports on a case study of three popular local password managers: KeePass (v2.28), Password Safe (v3.35.1) and RoboForm (v7.9.12). Results revealed that either the master password or the content of the password database could be found unencrypted in Temp folders, Page files or Recycle bin, even after the applications had been closed. Therefore, an attacker or malware with temporary access to the computer on which the password managers were running may be able to steal sensitive information, even though these password managers are meant to keep the databases encrypted and protected at all times
Stockholder and Bondholder Reactions To Revelations of Large CEO Inside Debt Holdings: An Empirical Analysis (CRI 2009-005)
We conduct an event study of stockholders’ and bondholders’ reactions to companies’ initial reports of their CEOs’ inside debt positions, as required by SEC disclosure regulations that became effective early in 2007. Results show that bond prices rise, equity prices fall, and the volatility of both securities drops at the time of disclosures by firms whose CEOs have sizeable pensions or deferred compensation. The results indicate a transfer of value from equity toward debt, as well as an overall destruction of enterprise value, when a CEO’s inside debt holdings are large
Are internet firms different? : evidence from insider trading
This study investigates whether the information content of insider transactions, with
a focus on sell transactions, is different for high growth, high volatility Internet-based
firms. Prior research on more “traditional” firms has found a small, but significant
negative abnormal return with insider sells, which points to an association of insider
sells with negative information about the firm by outsiders. We employ several
models to examine over 1,000 inside transactions for more than 100 NETDEX firms to
find that for Internet firms, insider sells are not followed by a significant negative
abnormal return. Firm size effects differ between the different methods employed. In
conclusion, it appears that while insider sales in traditional firms are motivated by
information asymmetry reason, insider sales in Internet firms are not. We conclude
that Internet firms are different indeed.
- …