PLANNING TECHNOLOGY INVESTMENTS FOR HIGH PAYOFFS: A RATIONAL EXPECTATIONS APPROACH TO GAUGING POTENTIAL AND REALIZED VALUE IN A CHANGING ENVIRONMENT

This paper examines the impact of information security breaches on organizational performance. Up to date, there have been only a few empirical academic studies that have investigated this issue and they have investigated information security breaches with the focus on the short-term impact on the market value of the firm. This study offers an alternate approach to investigate this issue as it explores the impact of breaches on financial performance of the firm, one year after the breach. Using a “matched sampling” methodology, we explored the impact of each type of breach (i.e. confidentiality, integrity, and availability) and also by IT intensity and size. Our results suggest that the direction of the impact (i.e. positive, negative) is dependent on the type of security breaches and also the impact of IT intensive firms is different from non-IT intensive firms. Our study also includes some important implications for managers and stock market investors.Information security, impact, security breach, organizational performance,confidentiality, integrity, availability

Communication of Data Breaches Through Financial Statements: A Text Analysis Perspective

Data breaches of companies in various industry segments have seen a significant increase over the past decade. Consumer data ranging from emails and bank account information to health information has been compromised through such data breaches that have raised grave information security and privacy concerns among the users and the organizations alike. Companies that are experiencing these data breaches have an obligation to communicate information about these incidents to their stakeholders and they do so through their financial reports. In this article, we analyze financial reports from a text analysis standpoint to identify key trends and formulate theoretical propositions. In that regard, we build on legitimacy theory as a foundation, and consider several factors such as the size of the data breach, type of information compromised, and coverage in the media

Timing of Data Breach Announcement and E-Commerce Trust

The primary contribution of this study is the examination of whether the timeliness in announcing the discovery of a data breach impacts the reduction in consumer trust in an e-commerce company, as well as later trust rebuilding efforts taken by the company. This study examines the effect of both trust reducing events (announced data breaches) and trust enhancing events (provision of data protection) on the level of perceived trust. The timeliness of the announcement of the breach by an e-commerce company was manipulated between two randomly assigned groups of subjects by changing the announcement of the breach between immediately upon its discovery by the company’s management and an announcement made two-months after the breach was discovered. The results suggest that companies that delay the announcement of a data breach are likely to suffer a larger drop in consumer trust than those companies that immediately disclose the data breach

Intra-Industry Effects of Information Security Breaches on Firm Performance

Instances of information security breaches are wide ranging, and can affect companies of different industries and sizes. We investigate the impact of publicly announced information security breaches of public organizations on their competitors that are comparable in size and operate in the same industry. This is called intra-industry information transfer, and has not been subject to extensive research in IS. We use matched-sampling methodology to measure the difference in firm performance using financial ratios, and interpret the results using paired samples t and Wilcoxon matched pair tests. Our results present a departure from intuition regarding the efficacy of security breaches on firm performance even though we do find an instance of information transfer

The Double-Edged Sword of Health Data Breaches: A Comparison of Customer and Stock Price Perspectives on the Impact of Data Breaches of Response Strategies

Unauthorized access to personal health data, known as data breaches, causes multi-faceted adverse effects and damage. Companies are trying to counteract the impact on customer relationships through recovery strategies such as compensation. On the other hand, there is also a negative effect on the company's stock price. Here, the literature suggests an opposite effect of response strategies, but this has not been explored further until recently. Our study takes both perspectives into account and examines the impact of data breaches on the market valuation in the health sector through an event study. Our results show a controversial relationship: If companies offered compensation to their customers in response to a data breach, this had a negative effect on the company's stock price. Our paper discusses this finding and derives practical implications and lessons learned for response strategies in the case of recent data breaches in the health sector

Ciberseguridad y su incidencia en la gestión de seguridad de la información en una entidad pública, Lima 2023

La presente investigación tuvo como objetivo general determinar la incidencia de la Ciberseguridad en la Gestión de Seguridad de la Información de una entidad pública, Lima 2023. El tipo de investigación que se empleo fue de tipo básica, con un diseño no experimental de tipo transversal de nivel correlacional; con el propósito de comprobar la incidencia de las variables estudiadas en un momento especifico. Asimismo, la población y muestra en esta investigación estuvo compuesta por 75 trabajadores de la entidad pública. En el análisis descriptivo se utilizó tablas cruzadas e histogramas, del cual se evidencia que la ciberseguridad tendrá un nivel adecuado ante la incidencia satisfactorio de la Gestión de Seguridad de la Información; mientras que en análisis inferencial se usó la regresión logística ordinal, de cual se pudo concluir que existe incidencia significativa de la Ciberseguridad en la Gestión de Seguridad de la Información; lo cual se fundamentó al obtener un valor de significancia de 0.000 menor a 0.05 el cual confirma la anterior conclusión. Además, se obtuvo un valor de R2 de Nagelkerke igual a 0.609, el cual representa el grado de incidencia entre las variables en un 60.9%

Towards a risk assessment matrix for information security workarounds associated with acceptable use policies

Acceptable Use Policies (AUPs) are used to influence employees’ information security behaviour. Some employees feel that the AUPs and related procedures interfere with their ability to work efficiently and may, therefore, choose not to comply by utilising information security workarounds associated with the AUP. An AUP workaround is a form of information security non compliance that may result in unnecessary information security risk exposure for an organisation. Some AUP workarounds may be useful as they identify more efficient ways to complete tasks that may not impact the information security of an organisation. However, these efficiencies should only be considered for incorporation into standard procedures when the information security risk exposure of an AUP workaround is known. This leads to the problem statement. Many organisations do not have a formal way in which to assess the information security risks posed by workarounds associated with their Acceptable Use Policies, and related procedures. This study provides a solution to the identified problem through the primary objective, to develop a Risk Assessment Matrix for Information Security Workarounds associated with Acceptable Use Policies, and related procedures. Four secondary research objectives were proposed to achieve the primary research objective. The first secondary objective determines the role of information security risk management and how it relates to information security governance through the utilisation of a literature review. The second secondary objective firstly utilises a literature review to determine the role that the AUP and its related procedures play within an organisation, followed by a content analysis which identifies the key content that should be considered in a comprehensive AUP. The third secondary objective determines the factors that influence the use of AUP workarounds within an organisation through the utilisation of a literature review. Lastly, the fourth secondary objective utilises a literature review to determine the key components required for the development of the risk assessment matrix for information security workarounds. In addition, critical reasoning is used to create the risk assessment matrix for information security workarounds. The solution to this study contributes to the body of knowledge by proposing a risk assessment matrix to assess the information security risk exposure of AUP workarounds and find possible efficiency gains while keeping information security risk exposure to a minimum.Thesis (MTech) -- Faculty of Engineering, the Built Environment and Information Technology , Information Technology, 202