The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - January/February (2010 vol.8)
pp: 36-42
Francis Kofi Andoh-Baidoo , University of Texas-Pan American
Kwasi Amoako-Gyampah , University of North Carolina at Greensboro
Kweku-Muata Osei-Bryson , Virginia Commonwealth University
ABSTRACT
Decision-tree induction is an effective technique for examining the factors influencing abnormal stock market returns when security breaches are announced in the public media. In this article, the authors extend a previous study, specifically identifying new relationships between abnormal returns and firm and attack characteristics and subject them to traditional statistical testing. They relate their results to the confidential, integrity, and availability dimensions of information security and discuss the findings' technical and managerial implications. The Web extra for this article presents detailed event data.
INDEX TERMS
Internet security breach, market value, abnormal returns, decision-tree induction
CITATION
Francis Kofi Andoh-Baidoo, Kwasi Amoako-Gyampah, Kweku-Muata Osei-Bryson, "How Internet Security Breaches Harm Market Value", IEEE Security & Privacy, vol.8, no. 1, pp. 36-42, January/February 2010, doi:10.1109/MSP.2010.37
REFERENCES
1. "When the Law Chases the Internet," Christian Science Monitor, vol. 98, no. 77, 2006, p. 8.
2. C. Madden, "Firms Trying to Crack Down on Cybercrime," The Irish Times,9 Feb. 2007, p. 14.
3. J. Pollock and J. May, "Authentication Technology: Identity Theft and Account Takeover," FBI Law Enforcement Bulletin, vol. 71, no. 6, 2002, pp. 1–4; www.fbi.gov/publications/leb/2002/june2002 june02leb.htm.
4. M.E. Johnson and E. Goetz, "Embedding Information Security into the Organization," IEEE Security &Privacy, vol. 5, no. 3, 2007, pp. 16–24.
5. K. Campbell et al., "The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market," J. Computer Security, vol. 11, no. 3, 2003, pp. 431–448.
6. C. Viecco and J. Camp, "A Life or Death InfoSec Subversion," IEEE Security &Privacy, vol. 6, no. 5, 2008, pp. 74–76.
7. F.K. Andoh-Baidoo and K.-M. Osei-Bryson, "Exploring the Characteristics of Internet Security Breaches that Impact the Market Value of Breached Firms," Expert Systems with Applications, vol. 32, no. 3, 2007, pp. 703–725.
8. J. Howard, An Analysis of Security Incidents on the Internet 1989–1995, PhD thesis, Dept. of Engineering and Public Policy, Carnegie Mellon Univ., 1997; www.cert.org/archive/pdfJHThesis.pdf.
9. L.A. Gordon, M.P. Loeb, and W. Lucyshyn, "Information Security Expenditures and Real Options: A Wait-and-See Approach," Computer Security J., vol. 19, no. 2, 2003, pp. 1–7.
10. E.F. Fama et al., "The Adjustment of Stock Prices to New Information," Int'l Economic Rev., vol. 10, no. 1, 1969, pp. 1–21.
11. W. Sharpe, "A Simplified Model for Portfolio Analysis," Management Science, vol. 9, no. 2, 1963, pp. 277–293.
12. A.R. Cowan, "Nonparametric Event Study Tests," Rev. Quantitative Finance and Accounting, vol. 2, no. 4, 1992, pp. 343–358.
13. B. Dehning et al., "Reexamining the Value Relevance of E-Commerce Initiatives," J. Management Information Systems, vol. 21, no. 1, 2004, pp. 55–82.
14. K.-M. Osei-Bryson and K. Giles, "Splitting Methods for Decision-Tree Induction: An Exploration of the Relative Performance of Two Entropy-Based Families," Information Systems Frontiers, vol. 8, no. 3, 2006, pp. 195–209.
15. L.A. Gordon and M.P. Loeb, "The Economics of Information Security Investment," ACM Trans. Information and System Security, vol. 5, no. 4, 2002, pp. 438–457.
16. L.D. Bodin, L.A. Gordon, and M.P. Loeb, "Evaluating Information Security Investments Using the Analytic Hierarchy Process," Comm. ACM, vol. 48, no. 2, 2005, pp. 79–83.
17. P. Baltzan and A. Phillips, Business Driven Information Systems, McGraw-Hill, 2008.
18. E.E. Schultz, "A Framework for Understanding and Predicting Insider Attacks," Computers &Security, vol. 21, no. 6, 2002, pp. 526–531.
19. R. Richardson, "CSI Computer Crime and Security Survey," 12th Ann. Computer Crime and Security Survey, Computer Security Inst., 2007; http://netscale.cse.nd.edu/twiki/bin/view/ RepositoryCsiSurvey2007.
13 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool