IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Cryptanalysis and protocol failures
Communications of the ACM
A taxonomy for key escrow encryption systems
Communications of the ACM
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Information Technology Effects on Firm Performance As Measured by Tobin's Q
Management Science
Balancing cooperation and risk in intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Identification of host audit data to detect attacks on low-level IP vulnerabilities
Journal of Computer Security
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Using information security as a response to competitor analysis systems
Communications of the ACM
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
The Impact of E-Commerce Announcements on the Market Value of Firms
Information Systems Research
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Information System Security: A Management Challenge
Information System Security: A Management Challenge
Inoculation strategies for victims of viruses and the sum-of-squares partition problem
SODA '05 Proceedings of the sixteenth annual ACM-SIAM symposium on Discrete algorithms
Business process-based valuation of IT-security
EDSER '05 Proceedings of the seventh international workshop on Economics-driven software engineering research
Budgeting process for information security expenditures
Communications of the ACM - Personal information management
Inoculation strategies for victims of viruses and the sum-of-squares partition problem
Journal of Computer and System Sciences
Expert Systems with Applications: An International Journal
Embedding Information Security into the Organization
IEEE Security and Privacy
Viruses, Worms, and Trojan Horses: Serious Crimes, Nuisance, or Both?
Social Science Computer Review
Journal of Management Information Systems
Archetypal behavior in computer security
Journal of Systems and Software
Towards a standard approach for quantifying an ICT security investment
Computer Standards & Interfaces
Market Reactions to Information Security Breach Announcements: An Empirical Analysis
International Journal of Electronic Commerce
The Deterrent and Displacement Effects of Information Security Enforcement: International Evidence
Journal of Management Information Systems
Why IT managers don't go for cyber-insurance products
Communications of the ACM - Scratch Programming for All
Quantifying the benefits of investing in information security
Communications of the ACM - Scratch Programming for All
Estimating the market impact of security breach announcements on firm values
Information and Management
Native Client: a sandbox for portable, untrusted x86 native code
Communications of the ACM - Amir Pnueli: Ahead of His Time
Information security investment decisions: evaluating the Balanced Scorecard method
International Journal of Business Information Systems
Assessing the impact of knowledge management strategies announcements on the market value of firms
Information and Management
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Information security economics - and beyond
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Dependability metrics
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Firms' information security investment decisions: Stock market evidence of investors' behavior
Decision Support Systems
Uncertainty in interdependent security games
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
The impact of information security breaches: Has there been a downward shift in costs?
Journal of Computer Security
Information systems resources and information security
Information Systems Frontiers
A comparison of market approaches to software vulnerability disclosure
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Did IT consulting firms gain when their clients were breached?
Computers in Human Behavior
International Journal of Information Management: The Journal for Information Professionals
An economic modelling approach to information security risk management
International Journal of Information Management: The Journal for Information Professionals
Availability of enterprise IT systems: an expert-based Bayesian framework
Software Quality Control
Explaining investors' reaction to internet security breach using deterrence theory
International Journal of Electronic Finance
Theorizing Information Security Success: Towards Secure E-Government
International Journal of Electronic Government Research
An agent-based model to simulate coordinated response to malware outbreak within an organisation
International Journal of Information and Computer Security
Information Resources Management Journal
The Impact of Information Technology Internal Controls on Firm Performance
Journal of Organizational and End User Computing
Information Resources Management Journal
The economic impact of cyber terrorism
The Journal of Strategic Information Systems
International Journal of Risk and Contingency Management
A qualitative analysis of effects of security risks on architecture of an information system
ACM SIGSOFT Software Engineering Notes
Information Sciences: an International Journal
Hi-index | 0.00 |
This study examines the economic effect of information security breaches reported in newspapers or publicly traded US corporations. We find limited evidence of an overall negative stock market reaction to public announcements of information security breaches. However, further investigation reveals that the nature of the breach affects this result. We find a highly significant negative market reaction for information security breaches involving unauthorized access to confidential data, but no significant reaction when the breach does not involve confidential information. Thus, stock market participants appear to discriminate across types of breaches when assessing their economic impact on affected firms. These findings are consistent with the argument that the economic consequences of information security breaches vary according to the nature of the underlying assets affected by the breach.