[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2971603.2971644acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicecConference Proceedingsconference-collections
short-paper

An impact of information security investment on information security incidents: a case of Korean organizations

Published: 17 August 2016 Publication History

Abstract

Information security incidents are serious threats for a modern business environment. Firms believe that an investment on information security contribute to firms avoiding security incidents. However, there is a little research on economic outcomes of information security investment. This research investigates the relationship between information security investments and the number of information security incidents. This study empirically investigates how the information security related investment could reduce the possibility of information security incidents. Based on survey data, this study explores an impact of information security investment on information security incidents. This research explores the factors; an investment on information security, top management support, and Employees' information security awareness, contributing on firms' information security breaches. Based on Poisson regression model, we expect to figure out a positive impact of firm's information security investment on reducing the number of information security incidents. In addition, we expect to find out the impact of support of top management and employees' information security awareness.

References

[1]
Bharadwaj, A., & Keil, M. 2001. The effect of information technology failures on the market value of firms: An empirical examination. INFORMS 2001 Miami.
[2]
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523--548.
[3]
Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. 2003. The economic cost of publicly announced information security breaches: empirical evidence from the stock market. Journal of Computer Security, 11(3), 431--448.
[4]
Cavusoglu, H., Mishra, B., & Raghunathan, S. 2004. The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 70--104.
[5]
Chai, Sangmi, Minkyun Kim, and H. Raghav Rao. "Firms' information security investment decisions: Stock market evidence of investors' behavior." Decision Support Systems 50.4 (2011): 651--661.
[6]
Creel, M. D., & Loomis, J. B. (1990). Theoretical and empirical advantages of truncated count data estimators for analysis of deer hunting in California. American journal of agricultural economics, 72(2), 434--441.
[7]
Eloff, J. H. (1988). Computer security policy: Important issues. Computers & Security, 7(6), 559--562.
[8]
Ettredge, M., Richardson, V. J., & Scholz, S. 2002. Timely financial reporting at corporate web sites?. Communications of the ACM, 45(6), 67--71.
[9]
Gemalto. (2016). 2015 Findings from the 2015 breach level index. Retrieved from http://www.gemalto.com/brochures-site/download-site/Documents/ent-Breach_Level_Index_Annual_Report_2015.pdf
[10]
Gordon, L. A., & Loeb, M. P. 2002. The economics of information security investment. ACM Transactions on Information and System Security (TISSEC), 5(4), 438--457.
[11]
Kankanhalli, A., Teo, H. H., Tan, B. C., & Wei, K. K. (2003). An integrative study of information systems security effectiveness. International journal of information management, 23(2), 139--154.
[12]
Knapp, K. J., Marshall, T. E., Kelly Rainer, R., & Nelson Ford, F. (2006). Information security: management's effect on culture and policy. Information Management & Computer Security, 14(1), 24--36.
[13]
Pahnila, S., Siponen, M., & Mahmood, A. (2007, January). Employees' behavior towards IS security policy compliance. In System sciences, 2007. HICSS 2007. 40Th annual hawaii international conference on (pp. 156b--156b). IEEE.
[14]
Posthumus, S., & Von Solms, R. (2004). A framework for the governance of information security. Computers & Security, 23(8), 638--646.
[15]
Public printing and documents, 44 U.S.C.§ 3542 (2011)
[16]
Ilsoon Shin, Wonchang Jang, & Heeyoung Park. 2013., Information Security Investment and Security Breach: Empirical Study on the Reverse Causality. Journal of The Korea Institute of Information Security & Cryptology 23(6), 1207--1217.
[17]
Wooldridge, J. (2015). Introductory econometrics: A modern approach. Nelson Education.

Cited By

View all
  • (2022)Reconceptualizing cybersecurity awareness capability in the data-driven digital economyAnnals of Operations Research10.1007/s10479-022-04844-8Online publication date: 2-Aug-2022

Index Terms

  1. An impact of information security investment on information security incidents: a case of Korean organizations

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ICEC '16: Proceedings of the 18th Annual International Conference on Electronic Commerce: e-Commerce in Smart connected World
    August 2016
    311 pages
    ISBN:9781450342223
    DOI:10.1145/2971603
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    • BigBang Angels: BigBang Angels
    • Benple: Benple
    • Women's News Inc.: Women's News Inc.
    • FKII: The Federation of Korean Infomation Industries
    • Korea Internet Corporations Association: Korea Internet Corporations Association
    • KOFST: Korean Federation of Science and Technology Societies
    • NIA: National Information Society Agency, Republic of Korea
    • HAREX: HAREX InfoTech Inc.
    • Haitai: Haitai Confectionery & Foods Co., Ltd.
    • KTO: Korea Tourism Organization
    • G-MICE Bureau: Gyeonggi MICE Bureau
    • IT Daily: ITMG Corp.
    • Suwon City: Suwon City
    • ALLWIN: ALLWIN
    • DIPA: Digital Industry Promotion Agency of Yongin City
    • Tech M: Moneytoday Network Inc.

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 17 August 2016

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. employees' information security awareness
    2. information security incidents
    3. investment of information security
    4. poisson regression model
    5. top management's support

    Qualifiers

    • Short-paper

    Conference

    ICEC '16
    Sponsor:
    • BigBang Angels
    • Benple
    • Women's News Inc.
    • FKII
    • Korea Internet Corporations Association
    • KOFST
    • NIA
    • HAREX
    • Haitai
    • KTO
    • G-MICE Bureau
    • IT Daily
    • Suwon City
    • ALLWIN
    • DIPA
    • Tech M
    ICEC '16: International Conference on Electronic Commerce 2016
    August 17 - 19, 2016
    Suwon, Republic of Korea

    Acceptance Rates

    ICEC '16 Paper Acceptance Rate 44 of 55 submissions, 80%;
    Overall Acceptance Rate 150 of 244 submissions, 61%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)12
    • Downloads (Last 6 weeks)3
    Reflects downloads up to 19 Dec 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2022)Reconceptualizing cybersecurity awareness capability in the data-driven digital economyAnnals of Operations Research10.1007/s10479-022-04844-8Online publication date: 2-Aug-2022

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media