The Association Between the Disclosure and the Realization of Information Security Risk Factors

Wang, Tawei; Kannan, Karthik; Ulmer, Jackie Rees

doi:10.1287/isre.1120.0437

Cited by 145 publications

(44 citation statements)

References 82 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…3. Unfortunately, at times there is a tendency to downplay security breaches in the corporate sector, despite evidence that openness and disclosure generally results in a lower likelihood of future breaches (Wang et al, 2013). While, to our knowledge, there has been no studies looking at disclosure (or lack of) of victimisation incidents in a social media context, there are good reasons to speculate -both from the extant literature and the research presented in this paper -that this would be detrimental to lowering risks.…”

Section: Implications For Policy and Practicementioning

confidence: 99%

Individual information security, user behaviour and cyber victimisation: An empirical study of social networking users

Saridakis

Benson

Ezingeard

et al. 2016

Technological Forecasting and Social Change

101

View full text Add to dashboard Cite

While extant literature on privacy in social networks is plentiful, issues pertaining to information security remain largely unexplored. This paper empirically examines the relationship between online victimisation and users' activity and perceptions of personal information security on social networking services (SNS). Based on a survey of active users, we explore how behavioural patterns on social networks, personal characteristics and technical efficacy of users impact the risk of facing online victimisation. Our results suggest that users with high-risk propensity are more likely to become victims of cybercrime, whereas those with high perceptions of their ability to control information shared on SNS are less likely to become victims. The study shows that there is a negative and statistically significant association between multipurpose dominant SNS (e.g. Facebook, Google+) usage and victimisation. However, activity on the SNS for knowledge exchange (e.g. LinkedIn, Blogger) has a positive and statistically significant association with online victimisation. Our results have implications for practice as they inform the social media industry that protection of individual information security on SNS cannot be left entirely to the user. The importance of user awareness in the context of social technologies plays an important role in preventing victimisation, and social networking services should provide adequate controls to protect personal information.

show abstract

Section: Implications For Policy and Practicementioning

confidence: 99%

Individual information security, user behaviour and cyber victimisation: An empirical study of social networking users

Saridakis

Benson

Ezingeard

et al. 2016

Technological Forecasting and Social Change

101

View full text Add to dashboard Cite

show abstract

“…given that the disclosure of information security risk factors, governance policies, and information security breaches can significantly impact firm value (Gordon, Loeb, & Sohail, 2010;Higgs, Pinsker, Smith, & Young, 2016;Wang, Kannan, & Ulmer, 2013). In addition, cybercrime poses "a different focal point of concern [and] a different 'subject' of risk", (Power, 2013, p. 538), because perpetrators are often unknown agents outside the organization.…”

Section: Introductionmentioning

confidence: 99%

The influence of a good relationship between the internal audit and information security functions on information security outcomes

Steinbart

Raschke

Gal

et al. 2018

Accounting, Organizations and Society

View full text Add to dashboard Cite

Given the increasing financial impact of cybercrime, it has become critical for companies to manage information security risk. The practitioner literature has long argued that the internal audit function (IAF) can play an important role both in providing assurance with respect to information security and in generating insights about how to improve the organization's information security. Nevertheless, there is scant empirical evidence to support this belief. Using a unique data set, this study examines how the quality of the relationship between the internal audit and the information security functions affects objective measures of the overall effectiveness of an organization's information security efforts. The quality of this relationship has a positive effect on the number of reported internal control weaknesses and incidents of noncompliance, as well as on the numbers of security incidents detected, both before and after they caused material harm to the organization. In addition, we find that higher levels of management support for information security and having the chief information security officer (CISO) report independently of the IT function have a positive effect on the quality of the relationship between the internal audit and information security functions.

show abstract

“…• Disincentives to Disclose -There have been many studies (Bodeau 1992, Cavusoglu et al 2004, Lambert 1993, Rees 2009, Sohail 2006, Wang et al 2008 showing that companies and individuals are reluctant to disclose information related to security breaches.…”

Section: Why Breach Impact Estimation Is Hardmentioning

confidence: 99%

How Bad is it? – A Branching Activity Model to Estimate the Impact of Information Security Breaches

Thomas¹,

Antkiewicz²,

Florer³

et al. 2013

SSRN Journal

View full text Add to dashboard Cite

The Association Between the Disclosure and the Realization of Information Security Risk Factors

Cited by 145 publications

References 82 publications

Individual information security, user behaviour and cyber victimisation: An empirical study of social networking users

Individual information security, user behaviour and cyber victimisation: An empirical study of social networking users

The influence of a good relationship between the internal audit and information security functions on information security outcomes

How Bad is it? – A Branching Activity Model to Estimate the Impact of Information Security Breaches

Contact Info

Product

Resources

About