Proceedings of the Conference on The Future of Software Engineering
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Information Systems Research
The Impact of E-Commerce Announcements on the Market Value of Firms
Information Systems Research
Journal of Computer Security - IFIP 2000
Bringing security home: a process for developing secure and usable systems
Proceedings of the 2003 workshop on New security paradigms
The two sides of ROI: return on investment vs. risk of incarceration
Communications of the ACM - Transforming China
Budgeting process for information security expenditures
Communications of the ACM - Personal information management
Sample-Based Quality Estimation of Query Results in Relational Database Environments
IEEE Transactions on Knowledge and Data Engineering
An analysis of the traditional IS security approaches: implications for research and practice
European Journal of Information Systems
Market reactions to E-business outsourcing announcements: an event study
Information and Management
Information Systems Research
International Journal of Electronic Commerce
Journal of Management Information Systems
Towards a standard approach for quantifying an ICT security investment
Computer Standards & Interfaces
An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price
IEEE Transactions on Software Engineering
Cost-Benefit analysis of security investments: methodology and case study
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III
An economic modelling approach to information security risk management
International Journal of Information Management: The Journal for Information Professionals
International Journal of Business Information Systems
Market Value Impacts of Information Technology Enabled Supply Chain Management Initiatives
Information Resources Management Journal
Hi-index | 0.00 |
In the information society, it is important for firms to manage their core information resources securely. However, the difficulty of measuring the return on an IT security investment is one of the critical obstacles for firms in making such investment decisions. By utilizing event methodology, this study examines the value of an investment in IT security, based on stock market investors' behavior toward a firms' IT security investment announcements. Based on a sample of 101 investment announcements of firms whose stocks are publicly traded in the U.S. stock market between 1997 and 2006, we find substantial support for the hypotheses that information security investment leads to positive abnormal returns for firms. Interestingly, security investments with commercial exploitation tend to result in higher returns than those for IT security improvement. Another interesting finding is that stock market reaction to security investments shows higher abnormal returns after the Sarbanes-Oxley Act (SOX) than any of those before it.