Classification of security breaches and their impact on the market value of firms
|
|
- Rolf Glenn
- 8 years ago
- Views:
Transcription
1 Classification of security breaches and their impact on the market value of firms Anat Hovav Korea University Business School Seoul, Korea Francis K. Andoh-Baidoo State University of New York at Brockport Gurpreet Dhillion Virginia Commonwealth University Abstract While studies in other industries suggest that firm type, firm size, and time are important factors that explain the cross-sectional variations in abnormal stock market returns, studies in the area of IS security are inconclusive. In this study, we examine whether the characteristics of the incident Attacker type, attacker s objective, results of the attack, attack tools and access type - influence the abnormal stock market return. Our results indicate that not all attacks have the same effect on the market value of companies. The results also help us create taxonomy of attacks and identify the factors that the market views as detrimental to the organization. We found that certain attacker type, the result of the attack and objective of the attacker and the tools used for the attack have significant impact on the abnormal stock market returns while the type of access obtained have marginal effect on the market value of the firm. Keywords: Internet security breaches, event study, market value, attack characteristics Introduction The importance of Internet commerce to the success of businesses in the modern information age is unquestionable. Research has shown that information security is one of the critical issues that cannot be ignored for successful implementation of e-commerce solutions and operations (Torkzadeh and Dhillon, 2002; Chang, Torkzadeh, and Dhillon, 2004). Also in a 2000 Financial Times report, the director of the National Consumer Council was quoted as saying, Unless the total online shopping environment sites and payment mechanisms is made more secure, some consumers will never have confidence to explore the opportunities (Mackintosh, 2000, p2). Further, the 2006 CSI/FBI Survey on computer crime and security reports that the percent of organizations that reported computer intrusion to law enforcement agents has reversed its yearly decline from a 20% the previous year to an all-time high of 25% albeit organizations concern over the negative publicity for making such reports (Gordon, Loeb, Lucyshyn and Richardson, 2006). The reports also note economic and security risk management as of critical concern to organizations.
2 Pg 14-2 In this paper, we define Internet security in terms of preserving data confidentiality, integrity and authenticity. Hence a security breach occurs if the confidentiality, integrity and authentication of a firm s network or computers are compromised. Internet security breaches could lead to lower sales revenues, higher expenses, a decrease in future profits and dividends, and a reduction in the market values of companies which are compromised (Power, 2002; Gordon, Loeb, and Lucyshyn, 2003). Measuring the economic impact on Internet security breaches will help in risk management and information security planning. However, making information systems security investment decisions is very complex and difficult (Gordon and Loeb, 2002). Similar to the productivity paradox challenges identified in the information systems literature (Dewan and Kraemer, 1998), productivity paradox arguments have also been made in the information security domain. Dhillon (2004), for example identifies this as an information security investment paradox. While there has been an increased spending on information security measures, there has also been an exponential increase in the losses because of security breaches. Although information security researchers and practitioners recognize the seriousness of Internet security breaches, the relationship of the security incidents to the economic impact and valuation of the firm is not well understood. The market value of a firm corresponds to the confidence that investors have in that firm. Hence measuring the market value of a firm that has been compromised is one way of calculating the impact of Internet security breaches and augments other economic studies. Prior studies investigated the relationships between an announcement of a security breach and market value of a firm (e.g., Cavusoglu, Mishra, and Raghunathan, 2004; Hovav and D Arcy 2003, Hovav and D Arcy 2004). The results were inconclusive. These studies did not differentiate between the type of attackers, the objectives of the attack, the results of the attack, tools used to attack, and the access type. The goal of this study is to extend current knowledge by investigating the relationships between the above mentioned dimensions of an attack and the market value of the firm. Recently, Andoh-Baidoo and Osei-Bryson (2007) have considered these variables. Our study differs from that work in two ways: (1) we use traditional confirmatory approach rather than decision tree; and (2) our sample size is larger. The study uses an event study methodology. Such a methodology has been widely used to investigate the effect of unexpected IT related events (e.g., Dos Santos, Peffers, and Mauer 1993, Im, Dow, and Grover, 2001; Oh and Kim, 2001; Chatterjee, Pacini, and Sambamurthy, 2002; Dehning, Richardson, and Zmud, 2002). Literature Review Early studies in the area of IS security risk focused on the evaluation of financial damage caused by various types of security breaches. Ettredge et al. (2001) studied the spill-over effect of denial-of-service (DOS) attacks that occurred over a very short period - February The study found significant negative impact on the stock value of firms similar to the attacked companies. However, due to clustering effect, the significance of the results needs to be interpreted with caution. None of the subsequent studies were able to replicate the significance of the effect of the attacks on the market value of the attacked companies and the overall results are mixed. Hovav and D Arcy (2003) studied the impact of DOS attacks on the stock price of attacked companies and found little overall impact. However, the DOS attacks did have a larger
3 Pg 14-3 impact on Internet-centric companies than on other companies. Hovav and D Arcy (2004) studied the impact of computer virus announcements on the stock prices of attacked companies and found no significant effects. Other studies (Anthony et al., 2006; Cavusoglu et al., 2004) that examined the impact of various security breaches on the market value of firms found only a minor effect. This effect was mostly limited to e-commerce companies. Campbell et al. (2003) found that the market differentiates across types of breaches. Specifically, they found a higher negative market reaction for breaches involving confidential data relative to other types of breaches. Cavusoglu et al. (2004) studied the affect of the firm size and firm type on the market reaction to security attacks. Although prior research made some progress in classifying security attacks and their varied affect on firms market value, the mixed results of these studies suggest that more work in the area is necessary. We believe that the characteristics of the attack, the objectives of the attackers and the goal of the attack will influence the abnormal (negative) stock market return (Andoh-Baidoo and Osei-Bryson, 2007). For example, an attack that did not cause major financial damage is expected to have lower impact than an attack that reported a major financial damage. To effectively examine the above assertion, we use Howard s (1997) taxonomy of Internet security attacks and Internet security incidents. While Howard (1997) developed the taxonomy for computer and network attacks, he showed that it can also be used to classify Internet security incidents. In the current study, we employ Howard s taxonomy to investigate the moderating effect of the incident characteristics on the market value of the attacked companies. Specifically we examine the impact of the attacker type, attacker s objective, attack results, attack tools, and access type, on the abnormal (negative) stock market return. Howard s taxonomy appears in Appendix B 1. Hypothesis Development Based on the discussion above, we develop five hypotheses related to each of the five characteristics described in Howard (1997). Attacker Type In this paper we define attacker to mean an individual or group of individuals responsible for the Internet security incident. Howard (1997) identifies six categories of attackers. In our sample only three attacker types were identified. These are described briefly. In a particular announcement, the attacker left a note telling the attacked firm about how vulnerable its systems were. Howard (1997) refers to this group of attackers as hackers. What motivates hackers to attack is the desire to show their prowess and to raise their status in the community in which they operate. Professional criminals are individuals who operate on their own seeking financial gain from their activities. Vandals break into computer systems mainly to cause damage. Other kinds of attackers could use the vulnerabilities resulting from hackers activities to launch other attacks with more disastrous outcomes. However, if a firm responds quickly to the hackers activities, those vulnerabilities could be eliminated, preventing further attacks. While vandals cause damage, it may not be a financial damage. However, a response to a vandal could 1 Attackers, Objective, Results, Tools, and Access presented in Howard s Taxonomy are represented as Attacker type, Attacker s objective, Attack results, Attack tools, and Access type respectively in this paper.
4 Pg 14-4 be too when detected since damage could have been done already. Thus the Attacker type will influence the abnormal stock market return. Specifically we hypothesis that the negative abnormal returns from an attack by a professional criminal will be higher than the negative returns from the other type of attacks We therefore state the hypothesis that: H1 There are significant differences between the negative abnormal returns of attacks by hackers, vandals and professional criminals. Attacker s Objective Howard (1997) identified four types of objectives: challenge/status, damage, financial gain, and political gain. None of the announcements in the sample was classified with a political gain objective. An announcement where there is clear intention that the attacker intended to inform the breached firm or firms that provide computer systems, software, or network vulnerabilities is classified as having challenge/status objective. Here the attacker is challenging big IT firms while demonstrating their superior expertise to a community of hackers. An announcement where it is found that the attacker threatens to publish information or perform further damage if not compensated is classified as having financial gain as its objective. Attacks that cause damage without any negotiations are classified as damage for the attacker s objective variable. Clearly, an attack geared towards financial gain will have greater financial impact than an attack where the attacker challenges the firm s claim that its system is secured. Such an attack will receive more attention from investors and will therefore have different impacts on stock market return. Therefore, we hypothesis that: H2: There are significant differences between the negative abnormal returns of attacks depending on the objectives of the attackers. Attack Results Howard (1997) identifies four different results of attack: corruption of information, denial of service, theft of service, and disclosure of information. Prior studies found little impact of Denial of service attacks on the market value of firms (Hovav and d Arcy 2003). Companies can also avoid reporting the extent of damage resulting from attacks that corrupt their data. However, attacks that compromise or disclose private information often affects a large number of people and are likely to get much attention. Therefore, each of these results could have a different impact on the breached firms, investors will also react differently. Thus we develop the following hypothesis: H3: There are significant differences between the negative abnormal returns of attacks depending on the results of the attacks. Attack Tools Howard (1997) claims that the level of sophistication of the tools used to attack, continues to increase. The kinds of destruction and the level of access that the attacker can gain increase with the increased sophistication of tools employed. Two specific tools that were identified in our sample are: Scripts/Programs, and Autonomous agents. Scripts/Programs
5 Pg 14-5 involve attacks that resulted from defaults in software applications. Autonomous agents include viruses and worm attacks. It is likely that since more sophisticated tools can create more damage, their impact on investors reaction will be higher. Thus, the tool employed in the attack could impact the abnormal stock market return. We develop the hypothesis: H4: There are significant differences between the negative abnormal returns of attacks depending on the tools used for the attack. Access type Attacks can be internal or external. Internal attacks include disgruntled employees taking advantage of privileged access to corporate networks to perform unauthorized activities. Outsiders usually take advantage of vulnerabilities to gain unauthorized access to corporate networks. There are differing opinions (Howard, 1997) as to which type of access attackers use most. In spite of the different views, investors reactions could depend on which access type was employed by the attacker. Investors may consider unauthorized use as an error and unauthorized access as an organization s failure to prevent intruders from getting access to secured data or network systems leading to increase negative market returns. Firms can control the amount of information published regarding internal attacks. External attacks are more likely to get more publicity. In an asymmetric information environment, investors will be more concerned with one type of access to another. Thus we define our final hypothesis as: Methodology H5: There are significant differences between the negative abnormal returns of attacks depending on the type of access. Data Collection An event is defined as an announcement in one of the major newspapers about a security breach in a firm. Our sample included announcements for the period 1990 through Keywords for searching events include: virus names (love bug, sobig, and blaster worm); attacker type (hacker, vandal); result of attack (denial of service, theft of service), names of organizations reported in previous studies (Yahoo, ebay), or a term or combination of such terms as (information security breach, computer system security, Internet security incident, and breach). All events involving governmental, state, local and non-profit organizations were not considered. Only events involving publicly traded firms were included in this study. We recorded 310 events. However, we eliminated some events using the following criteria: (1) some of the events were reported more than once in single or different newspapers. In such cases, we kept only the first announcement; (2) only firms that were listed on New York Stock Exchange (NYSE), NASDAQ, or American Stock Exchange (AMEX) and had return data in the CRSP 2 2 CRSP is a financial research center at University of Chicago. It generates and maintains leading historical US databases for stock (NASDAQ, AMEX, and NYSE), indices, bond, and mutual fund securities used by leaders in the academic and corporate communities for financial, economic, and accounting research.
6 Pg 14-6 database were included for analysis; (3) for firms in the CRSP database, the returns data had to be available for 120 days before the event for the computation of stock market return; and (4) where there were confounding effects such as earning announcements, dividends or any major announcement during the event window involving the breached firm, the event was dropped. After eliminating events based on the above criteria, our sample size was 185. Statistical Analysis and Measures of Variables A three-day event period covering the day before the event through the day after the event was used in this study. One of the previous studies used the same event window (Cavusoglu et al., 2004). The rationale behind this length of period is that investors may have pre-announcement information about the security breach and may react before the market closes a day before the announcement. Alternatively, breach announcement might have been made after 4PM on day t, which means that the entire reaction will occur on day t+1. We used 120 days before the event to estimate the expected stock market return which is consistent with prior studies. We use the Market Model to define the return of a specific stock in the absence of the security breach as: R i, t = return of stock i on day t; R i, t= α i+ β ir m, t+ ε i, t R, is the return of the market portfolio on day t, m t α i, β i are the intercept and slope parameters respectively for firm i, and ε i, t is the disturbance term for stock i on day t. We define the abnormal return (prediction error) for firm i on day t of the event window as: AR = R α + β R ) ^ α and ^ ti i, t ( i i m, t β are the ordinary least square estimates of α and β which are parameters estimated using the market model over 120 day period starting from the day immediately preceding the first day of the event window, i.e. day (-2). The cumulative abnormal return for stock i over the event window ( D 1, Dd) is Dd CARi( D1, Dd) = ARi The cumulative abnormal return for n stocks over the event window is computed as n 1 CARR ( D 1, Dd ) = CARi ( D 1, Dd ) n i= 1 n is the number of events in the sample. Coding of the data Table 1 summarizes the five characteristics and their coded value. We have explained the differences among the different categories in previous section. Howard (1997) provides comprehensive definition of these categories. t= D1, t
7 Pg 14-7 Table 1. Categories of the five attack Characteristics presented in the sample Attacker Results Tools Access Objectives 0 Others [i.e. other categories or not known] 1 Unauthorized 2 3 Vandal Denial of Service Scripts/Programs Corruption of Autonomous Hacker Information Agents Disclosure of Professional Criminal Information Results and Analysis Use Unauthorized Access Damage Challenge/Status Financial Gain Table 2 describes the sum of the CAR for each group of attacks. Attacks with unknown or other characteristics were eliminated. Table 2. CAR for the five attack characteristics Attacker Results Tools Access Objective Given the categorical nature of the data we use ANOVA to examine the differences between the affect of each of the characteristics on the market reaction to the various attack types. Table 3 below summarizes the ANOVA results. Table 3.ANOVA results Variable Variability Sum of Df Mean F Sig. Squares Square Objective Between Groups Within Groups Total Attacker Between Groups Within Groups Total Access Between Groups Within Groups Total Results Between Groups Within Groups Total Tools Between Groups Within Groups Total
8 Pg 14-8 In addition to the above analysis we also ran partial ANOVA. These partial runs did not change the significance of the results. For additional details see Appendix A. Analysis The above results indicate that there is a difference in the market reaction based on the characteristics of the attack. The type of tool used by the attacker has a significant impact on the market reaction, thus supporting hypothesis 4. Specifically, attacks using scripts resulted in a negative market reaction while attacks using autonomous agents such as viruses and worms did not. These results support the findings in Hovav and d Arcy (2004). The type of access used by the attacker also has a significant affect on the market reaction thus supporting hypothesis 5. However, looking at the data, neither access type resulted in a negative abnormal return. Thus our conclusions regarding the affect of the access type on the market reaction are limited. The objective of the attacker had a significant impact on the market reaction thus supporting hypothesis 2 (α = 0.038). Specifically, attacks intended for financial gain (type = 3) resulted in significantly larger negative market reaction than attacks aimed at challenge or non-financial damage (types 1 and 2). The type of the attacker also had a significant impact on the market reaction thus supporting hypothesis 1 (α = 0.015). Specifically, attacks by professional criminals (type = 3) resulted in significantly higher negative market reaction than attacks by hackers or vandals (types 1 and 2). The most significant characteristic is the end result of the attack. The results of the attack had a significant impact on the market reaction thus supporting hypothesis 4 (α = 0.003). Specifically, disclosure of private information had a significantly larger impact on the market reaction (type = 3) while denial of service attacks and corruption of information had less affect on the market reaction. From a theoretical perspective, our study advances our understanding of the types of attacks, and the type of attackers that pose higher risks to firms. Our findings also have some implications for practitioners. Security managers need to decide where and how to allocate their security budget. Knowing that certain security breaches have larger impact on the value of a company, managers can allocate larger portion of their budgets to prevent the more damaging attacks. Conclusion We have presented our results on an event study that seeks to examine the impact of the announcement of information security breaches on breached firms. Most prior studies treat all events equally. Our study attempts to identify attack and attacker characteristics that affect investor reactions and differentiate between the various attacks. Our results suggest that the objective of the attack, the type of the attacker and the results of the attack have significant moderating effect on the market reaction. Specifically, attacks by professional criminals, attacks that aim to increase financial damage and attack that result in the disclosure of private information have significantly larger negative impact on the market than other attacks
9 Pg 14-9 References Andoh-Baidoo, F.K., and Osei-Bryson, K-M (2007) Exploring the Characteristics of Internet Security Breaches that impact the Market Value of Breached Firms, Expert Systems with Applications, 32, Campbell, K., Gordon, L. A., Loeb, M. P. and Zhou, L (2003) The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market, Journal of Computer Security, 11, 3, Chang, J.C., Torkzadeh, G, and Dhillon, G (2004) Re-examining the Measurement Models of Success for Internet Commerce, Information and Management, 41, 5, Cavusoglu, H., Mishra, B., and Raghunathan, S (2004) The effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers, International Journal of Electronic, Commerce, 9, Chatterjee, D., Pacini, C., and Sambamurthy, V (2002) Shareholder Wealth Effects of IT Infrastructure Investments, Journal of Management Information Systems, 19, 2, Dehning, B., Richardson, V.J., and Zmud, R.W (2002) The Value Relevance of Information Technology Investment Announcements: Incorporating Industry Strategic IT Role, Proceedings of the 35 th Annual Hawaii International Conference on Systems Science, 216. Dewan, S., and Kraemer, K. L (1998) International Dimensions of the Productivity Paradox, Communications of the ACM, 41,8, Dhillon, G (2004) Guest Editorial: The Challenge of Managing Information Security, International Journal of Information Management, 24 (2) Dos Santos, B.L., K. Peffers, and Mauer, D.C (1993) The impact of information technology Investment announcements on the market value of the firm, Information Systems Research, 4, 1, Ettredge, M. and Richardson, V.J. (2001) Assessing the Risk in E-Commerce, in the Proceedings of the 22 nd International Conference on Information Systems, Gordon, L.A., Martin P. Loeb, M.P., Lucyshyn, W., and Richardson, R (2006) CSI/FBI Computer Crime and Security Survey. Gordon, L A., Loeb, M.P., and Lucyshyn, W (2003) Information Security Expenditures and Real Options: A Wait-and-See Approach, Computer Security Journal, 19, 2, 1-7. Gordon, L. A. and Loeb, M.P (2002). Return on Information Security Investments: Myths vs. Reality, Strategic Finance, Howard, J (1997) An Analysis of Security Incidents on the Internet, PhD Thesis, Carnegie Mellon University. Hovav, A. and D Arcy, J (2003) The Impact of Denial-of-Service Attack Announcements on the Market Value of Firms Risk Management and Insurance Review, 6, 2, Hovav, A. and D Arcy, J. (2004) The Impact of Virus Attack Announcements on the Financial Value of Firms, Information Systems Security Journal, 13, 3, Mackintosh, J. Barclay s gremlins raise big questions about Online Trust: Teething troubles at Internet Banks could have wider Repercussions, Financial Times, August 2, Oh, W. and Kim, J. (2001) The Effects of Firm Characteristics on Investor reaction to IT Investment Announcements, Proceedings of the International Conference on Information Systems, New Orleans, LA. Power, R (2002) CSI/FBI Computer Crime and Security Survey, Computer Security Issues and Trends, 8, 1, Richardson, V.J. and Zmud, R.W (2002) The Effects Accompanying Appointments of Outside Directors to the Boards of Internet Companies, Working Paper, University of Kansas. Torkzadeh, G., and Dhillon, G (2002) Measuring Factors that Influence the Success of Internet Commerce, Information Systems Research, 13, 2,
10 Pg Appendix A: Additional analysis
11 Pg Appendix B: Computer and Network Attack Taxonomy (Howard 1997) Attackers Tools Access Results Objective s Hackers User Implementation Unauthorized Corruption of Files Challenge, Command Vulnerability Access Information Status Spies Script Program or Design Vulnerability Unauthorized Use Processes Data in Transit Disclosure of Information Political Gain Terrorists Autonomo us Agent Configuration Vulnerability Theft of Financial Service Gain Corporate Raiders Professional Criminals Toolkit Denial-ofservice Damage Distributed Tool Vandals Data Tap
THE IMPACT OF INFORMATION SECURITY BREACHES ON FINANCIAL PERFORMANCE OF THE BREACHED FIRMS: AN EMPIRICAL INVESTIGATION
Journal of Information Technology Management ISSN #1042-1319 A Publication of the Association of Management THE IMPACT OF INFORMATION SECURITY BREACHES ON FINANCIAL PERFORMANCE OF THE BREACHED FIRMS: AN
More informationThe Effect of Information Security Incidents on Corporate Values in the Japanese Stock Market
The Effect of Information Security Incidents on Corporate Values in the Japanese Stock Market Masaki Ishiguro Hideyuki Tanaka Kanta Matsuura Ichiro Murase Abstract We investigated the economic effects
More informationReducing the Challenges to Making Cybersecurity Investments in the Private Sector
Cyber Security Division 2012 Principal Investigators Meeting TTA: Cyber Economics PI - Dr. Lawrence A. Gordon* (lgordon@rhsmith.umd.edu), (301) 405-4072 Co-PI Dr. Martin P. Loeb* (mloeb@rhsmith.umd.edu),
More informationUNDERSTANDING THE COST ASSOCIATED WITH DATA SECURITY BREACHES
UNDERSTANDING THE COST ASSOCIATED WITH DATA SECURITY BREACHES Kholekile L. Gwebu, Associate Professor of Decision Sciences, Peter T. Paul College of Business and Economics, University of New Hampshire,
More informationINVESTING IN CYBERSECURITY:
INVESTING IN CYBERSECURITY: Insights from the Gordon-Loeb Model Lawrence A. Gordon EY Alumni Professor of Managerial Accounting & Information Assurance Affiliate Professor in University of Maryland Institute
More informationECONOMIC ASPECTS OF CYBER/INFORMATION SECURITY
ECONOMIC ASPECTS OF CYBER/INFORMATION SECURITY Lawrence A. Gordon Ernst & Young Alumni Professor of Managerial Accounting & Information Assurance The Robert H. Smith School of Business University of Maryland
More informationEstimating the Cost of a Security Breach. By Andrew Wong. 23 Feb 2008
Estimating the Cost of a Security Breach 23 Feb 2008 By Andrew Wong The Challenges As the number of companies that conduct their businesses electronically grows continuously, information security becomes
More informationThe Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers
The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers Huseyin Cavusoglu, Birendra Mishra, and Srinivasan Raghunathan
More informationImpact of Software Vulnerability Announcements on the Market Value of Software Vendors an Empirical Investigation 1
Impact of Software Vulnerability Announcements on the Market Value of Software Vendors an Empirical Investigation 1 Rahul Telang, Sunil Wattal {rtelang, swattal}@andrew.cmu.edu Abstract Researchers in
More informationIS THERE A COST TO PRIVACY BREACHES? AN EVENT STUDY 1
IS THERE A COST TO PRIVACY BREACHES? AN EVENT STUDY 1 Alessandro Acquisti Carnegie Mellon University acquisti@andrew.cmu.edu Allan Friedman Harvard University allan_friedman@ksgphd.harvard.edu Rahul Telang
More informationIAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know
IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know Moderator: Elaine Wolff, Partner Corporate Finance and Securities Practice, Jenner & Block Mary Ellen
More informationSTOCK MARKET REACTION TO INFORMATION TECHNOLOGY INVESTMENTS: TOWARDS AN EXPLANATORY MODEL
STOCK MARKET REACTION TO INFORMATION TECHNOLOGY INVESTMENTS: TOWARDS AN EXPLANATORY MODEL Roztocki, Narcyz, School of Business, State University of New York at New Paltz, 75 S. Manheim Blvd., New Paltz,
More informationCalifornia State University, Chico. Information Security Incident Management Plan
Information Security Incident Management Plan Version 0.8 January 5, 2009 Table of Contents Introduction... 3 Scope... 3 Objectives... 3 Incident Management Procedures... 4 Roles and Responsibilities...
More informationIncident categories. Version 2.0-04.02.2013 (final version) Procedure (PRO 303)
Version 2.0-04.02.2013 (final version) Procedure (PRO 303) Classification: PUBLIC / Department: GOVCERT.LU Table Contents Table Contents... 2 1 Introduction... 3 1.1 Overview... 3 1.2 Purpose... 3 1.3
More informationIT Security Management Risk Analysis and Controls
IT Security Management Risk Analysis and Controls Steven Gordon Document No: Revision 770 3 December 2013 1 Introduction This document summarises several steps of an IT security risk analysis and subsequent
More informationIncident Reporting Guidelines for Constituents (Public)
Incident Reporting Guidelines for Constituents (Public) Version 3.0-2016.01.19 (Final) Procedure (PRO 301) Department: GOVCERT.LU Classification: PUBLIC Contents 1 Introduction 3 1.1 Overview.................................................
More informationUNDERSTANDING THE IMPACT OF IT SERVICE INNOVATION ON FIRM PERFORMANCE: THE CASE OF CLOUD COMPUTING
UNDERSTANDING THE IMPACT OF IT SERVICE INNOVATION ON FIRM PERFORMANCE: THE CASE OF CLOUD COMPUTING Insoo Son, Korea University Business School, Korea University, Seoul, Korea, insoo114@korea.ac.kr Dongwon
More information1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services
1. Computer Security: An Introduction Definitions Security threats and analysis Types of security controls Security services Mar 2012 ICS413 network security 1 1.1 Definitions A computer security system
More informationDTEC 6823. Kelly Lucas. Network Administrator. Morgan Stanley. Economic Evaluation of a Company s Information Security Expenditures.
Economic Evaluation of Infosec Expenditures 1 DTEC 6823 Kelly Lucas Network Administrator Morgan Stanley Economic Evaluation of a Company s Information Security Expenditures Abstract The paper will address
More informationChapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World
Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly
More informationNetwork Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access
Roadmap Introduction Network services X.800 RFC 2828 Players Marco Carli Conclusions 2 Once.. now: Centralized information Centralized processing Remote terminal access Distributed information Distributed
More informationSecurity Basics: A Whitepaper
Security Basics: A Whitepaper Todd Feinman, David Goldman, Ricky Wong and Neil Cooper PricewaterhouseCoopers LLP Resource Protection Services Introduction This paper will provide the reader with an overview
More informationASSESSING A NEW IT SERVICE MODEL: CLOUD COMPUTING
ASSESSING A NEW IT SERVICE MODEL: CLOUD COMPUTING Insoo Son, Korea University Business School, Korea University, Seoul, Korea, insoo114@korea.ac.kr Dongwon Lee, Korea University Business School, Korea
More informationNETWORK SECURITY ASPECTS & VULNERABILITIES
NETWORK SECURITY ASPECTS & VULNERABILITIES Luis Sousa Cardoso FIINA President Brdo pri Kranju, 19. in 20. maj 2003 1 Background Importance of Network Explosive growth of computers and network - To protect
More informationThe Open University s repository of research publications and other research outputs
Open Research Online The Open University s repository of research publications and other research outputs The impact of ICT-enabled offshoring announcements on share prices Journal Article How to cite:
More informationNetwork Security and the Small Business
Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,
More informationThreats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1
Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:
More informationBendigo and Adelaide Bank Ltd Security Incident Response Procedure
Bendigo and Adelaide Bank Ltd Security Incident Response Procedure Table of Contents 1 Introduction...1 2 Incident Definition...2 3 Incident Classification...2 4 How to Respond to a Security Incident...4
More informationIncident Response Plan for PCI-DSS Compliance
Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible
More informationAUTOMATED PENETRATION TESTING PRODUCTS
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate
More informationPenetration Testing Service. By Comsec Information Security Consulting
Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationDr. Pushpa Bhatt, Sumangala JK Department of Commerce, Bangalore University, India pushpa_bhatt12@rediffmail.com; sumangalajkashok@gmail.
Journal of Finance, Accounting and Management, 3(2), 1-14, July 2012 1 Impact of Earnings per share on Market Value of an equity share: An Empirical study in Indian Capital Market Dr. Pushpa Bhatt, Sumangala
More informationA Model For valuating IT Security Investments
A Model for valuating IT Security Investments Assessing the return on investment that computer viruses and hacking took a $1.6 has always been a sticking point trillion toll on the worldwide economy and
More informationStock Price Reactions to Investments in EAI and ERP: A Comparative Event Study
Stock Price Reactions to Investments in EAI and ERP: A Comparative Event Study Narcyz Roztocki School of Business State Universy of New York at New Paltz roztockn@newpaltz.edu Heinz Roland Weistroffer
More informationThe Stock Market s Reaction to Accounting Information: The Case of the Latin American Integrated Market. Abstract
The Stock Market s Reaction to Accounting Information: The Case of the Latin American Integrated Market Abstract The purpose of this paper is to explore the stock market s reaction to quarterly financial
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationEQUITY STRATEGY RESEARCH.
EQUITY STRATEGY RESEARCH. Value Relevance of Analysts Earnings Forecasts September, 2003 This research report investigates the statistical relation between earnings surprises and abnormal stock returns.
More informationAN EMPIRICAL ANALYSIS OF VULNERABILITY DISCLOSURE POLICIES. Research in Progress Submission to WISE 2010 Total Word Count: 3409
AN EMPIRICAL ANALYSIS OF VULNERABILITY DISCLOSURE POLICIES Research in Progress Submission to WISE 2010 Total Word Count: 3409 Sabyasachi Mitra College of Management Georgia Institute of Technology Atlanta,
More information3. LITERATURE REVIEW
3. LITERATURE REVIEW Fama (1998) argues that over-reaction of some events and under-reaction to others implies that investors are unbiased in their reaction to information, and thus behavioral models cannot
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationINFORMATION SECURITY INCIDENT MANAGEMENT PROCESS
INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS Effective Date June 9, 2014 INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS OF THE HELLER SCHOOL FOR SOCIAL POLICY AND MANAGEMENT Table of Contents 1.
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationReturns on Investments in Information Technology: A Research Synthesis. Bruce Dehning University of New Hampshire
Journal of Information Systems Vol. 16, No. 1 Spring 2002 pp. 7 30 Returns on Investments in Information Technology: A Research Synthesis Bruce Dehning University of New Hampshire Vernon J. Richardson
More informationEarnings Announcement and Abnormal Return of S&P 500 Companies. Luke Qiu Washington University in St. Louis Economics Department Honors Thesis
Earnings Announcement and Abnormal Return of S&P 500 Companies Luke Qiu Washington University in St. Louis Economics Department Honors Thesis March 18, 2014 Abstract In this paper, I investigate the extent
More informationCSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY
CSI/FBI 00 COMPUTER CRIME AND SECURITY SURVEY Statement of intent This survey was conducted by the Computer Security Institute (CSI) in association with the San Francisco Computer Crime Squad of the Federal
More informationNEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT
Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent
More informationEnvironmental Management Consolidated Business Center (EMCBC) Subject: Cyber Security Incident Response
Date 06/10/10 Environmental Management Consolidated Business Center (EMCBC) Subject: Cyber Security Incident Response 1.0 PURPOSE Implementing Procedure APPROVED: (Signature on File) EMCBC Director ISSUED
More informationSeamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.
Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues
More informationSCAC Annual Conference. Cybersecurity Demystified
SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber
More informationIncentives for Improving Cybersecurity in the Private Sector: A Cost-Benefit Perspective
Incentives for Improving Cybersecurity in the Private Sector: A Cost-Benefit Perspective Testimony for the House Committee on Homeland Security s Subcommittee on Emerging Threats, Cybersecurity, and Science
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationDigital Forensics Educational Needs in the Miami Valley Region
Peterson, G.L., Raines, R.A., and Baldwin, R.O., Digital Forensics Educational Needs in the Miami Valley Region, Journal of Applied Security Research, vol. 3, no. 3-4, pp. 429-439, 2008. DOI: 10.1080/19361610801981662.
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationComputer Security Incident Response Planning. Preparing for the Inevitable
Computer Security Incident Response Planning Preparing for the Inevitable Introduction Computers and computer networks have been part of the corporate landscape for decades. But it s only in the last five
More informationOn Existence of An Optimal Stock Price : Evidence from Stock Splits and Reverse Stock Splits in Hong Kong
INTERNATIONAL JOURNAL OF BUSINESS, 2(1), 1997 ISSN: 1083-4346 On Existence of An Optimal Stock Price : Evidence from Stock Splits and Reverse Stock Splits in Hong Kong Lifan Wu and Bob Y. Chan We analyze
More informationThis chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How
This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How Network Security Is Breached Network Security Policy
More informationTHE VALUATION OF ECOMMERCE ANNOUNCEMENTS DURING FLUCTUATING FINANCIAL MARKETS
THE VALUATION OF ECOMMERCE ANNOUNCEMENTS DURING FLUCTUATING FINANCIAL MARKETS Michael Dardan The Dardan Group El Dorado Hills, CA 95762 michael.dardan@dardangroup.com Antonis Stylianou The Belk College
More informationHow To Understand The 2004 Csi/Fbi Computer Crime And Security Survey
NINTH ANNUAL 2004 CSI/FBI COMPUTER CRIME AND SECURITY SURVEY GoCSI.com by Lawrence A. Gordon, Martin P. Loeb, William Lucyshyn and Robert Richardson The Computer Crime and Security Survey is conducted
More informationCyril Onwubiko Networking and Communications Group http://ncg. ncg.kingston.ac.
Cyril Onwubiko Networking and Communications Group http://ncg ncg.kingston.ac..ac.uk http://ncg.kingston.ac.uk +44 (0)20 8547 2000 Security Threats & Vulnerabilities in assets are two most fundamental
More informationAsian Economic and Financial Review THE CAPITAL INVESTMENT INCREASES AND STOCK RETURNS
Asian Economic and Financial Review journal homepage: http://www.aessweb.com/journals/5002 THE CAPITAL INVESTMENT INCREASES AND STOCK RETURNS Jung Fang Liu 1 --- Nicholas Rueilin Lee 2 * --- Yih-Bey Lin
More informationCRS Report for Congress
Order Code RL32331 CRS Report for Congress Received through the CRS Web The Economic Impact of Cyber-Attacks April 1, 2004 Brian Cashell, William D. Jackson, Mark Jickling, and Baird Webel Government and
More informationHow Cloud Computing Impacts Stock Market Prices
How Cloud Computing Impacts Stock Market Prices Jan Huntgeburth 1, Jens Förderer 1, Cornelia Ebertin 2, and Daniel Veit 1 1 University of Mannheim, Dieter Schwarz Endowed Chair of Business Administration,
More informationDepartment of Information Technology Active Directory Audit Final Report. August 2008. promoting efficient & effective local government
Department of Information Technology Active Directory Audit Final Report August 2008 promoting efficient & effective local government Executive Summary Active Directory (AD) is a directory service by Microsoft
More informationStock Market Reaction to Information Technology Investments in the USA and Poland: A Comparative Event Study
2012 45th Hawaii International Conference on System Sciences Stock Market Reaction to Information Technology Investments in the USA and Poland: A Comparative Event Study Narcyz Roztocki School of Business
More informationWhat is your Investment IQ?
What is your Investment IQ? Jason Smith, CFA Nationwide Investment Management Group NRM-9322AO 1 DISCLOSURES This material is NOT, and should not be construed as INVESTMENT ADVICE. Principal Risks Investing
More informationGAO INFORMATION SECURITY. Fundamental Weaknesses Place EPA Data and Operations at Risk. Testimony
GAO United States General Accounting Office Testimony INFORMATION SECURITY Fundamental Weaknesses Place EPA Data and Operations at Risk Statement of David L. McClure Associate Director, Governmentwide
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationJournal Of Financial And Strategic Decisions Volume 7 Number 1 Spring 1994 THE VALUE OF INDIRECT INVESTMENT ADVICE: STOCK RECOMMENDATIONS IN BARRON'S
Journal Of Financial And Strategic Decisions Volume 7 Number 1 Spring 1994 THE VALUE OF INDIRECT INVESTMENT ADVICE: STOCK RECOMMENDATIONS IN BARRON'S Gary A. Benesh * and Jeffrey A. Clark * Abstract This
More informationInformation, Network & Cyber Security
School COMSC Information, Network & Cyber Security Information security officers are faced with strategic decisions on a daily basis, and are required to make informed decisions on the security options
More informationORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA
ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ON THE AMENDMENT OF THE ORDER NO. 1V-1013 ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY
More informationDo Announcements of Mergers and Acquisitions Create Value. for Shareholders? Evidence from US Industrial Firms. Yasir Iqbal
Do Announcements of Mergers and Acquisitions Create Value for Shareholders? Evidence from US Industrial Firms By Yasir Iqbal A research project submitted in partial fulfillment of the requirements for
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More information9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500
INFO 1500 9. Information Assurance and Security, Protecting Information Resources 11. ecommerce and ebusiness Janeela Maraj Tutorial 9 21/11/2014 9. Information Assurance and Security, Protecting Information
More informationA Review of Cross Sectional Regression for Financial Data You should already know this material from previous study
A Review of Cross Sectional Regression for Financial Data You should already know this material from previous study But I will offer a review, with a focus on issues which arise in finance 1 TYPES OF FINANCIAL
More informationOn the Conditioning of the Financial Market s Reaction to Seasoned Equity Offerings *
The Lahore Journal of Economics 11 : 2 (Winter 2006) pp. 141-154 On the Conditioning of the Financial Market s Reaction to Seasoned Equity Offerings * Onur Arugaslan ** and Louise Miller *** Abstract Consistent
More informationEXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS
EXTREME CYBER SCENARIO PLANNING & ATTACK TREE ANALYSIS Ian Green Manager, Cybercrime & Intelligence Commonwealth Bank of Australia Session ID: GRC T17 Session Classification: ADVANCED WHY? What keeps you
More informationEFFECT OF LEGAL SANCTIONS ON TAKEOVER TARGET INSIDER PURCHASES
EFFECT OF LEGAL SANCTIONS ON TAKEOVER TARGET INSIDER PURCHASES J Carr Bettis and William A. Duncan Arizona State University West ABSTRACT: This study presents evidence of decreases in purchase activity
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationWhite Paper. Information Security -- Network Assessment
Network Assessment White Paper Information Security -- Network Assessment Disclaimer This is one of a series of articles detailing information security procedures as followed by the INFOSEC group of Computer
More informationInformation Technology Cyber Security Policy
Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please
More informationA Guide to the Insider Buying Investment Strategy
Mar-03 Aug-03 Jan-04 Jun-04 Nov-04 Apr-05 Sep-05 Feb-06 Jul-06 Dec-06 May-07 Oct-07 Mar-08 Aug-08 Jan-09 Jun-09 Nov-09 Apr-10 Sep-10 Mar-03 Jul-03 Nov-03 Mar-04 Jul-04 Nov-04 Mar-05 Jul-05 Nov-05 Mar-06
More informationPHOENIX NEW MEDIA LIMITED STATEMENT OF POLICIES GOVERNING MATERIAL, NON-PUBLIC INFORMATION AND THE PREVENTION OF INSIDER TRADING
PHOENIX NEW MEDIA LIMITED STATEMENT OF POLICIES GOVERNING MATERIAL, NON-PUBLIC INFORMATION AND THE PREVENTION OF INSIDER TRADING Adopted on [ ], 2011 and effective conditional and immediately upon commencement
More information資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系
資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security
More informationFREEDOM OF INFORMATION REQUEST
FREEDOM OF INFORMATION REQUEST Request Number: F-2013-05371 Keyword: Operational Policing Subject: Unmanned Aerial Systems (UAS) Purchased By PSNI 2012-2013 Request and Answer: Question 1 The number of
More informationUMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE
UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE Originator Patch Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Recommended by Director
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationContact: Henry Torres, (870) 972-3033
Information & Technology Services Management & Security Principles & Procedures Executive Summary Contact: Henry Torres, (870) 972-3033 Background: The Security Task Force began a review of all procedures
More informationEconomics of Information Security - A Review
Economics of Security and Privacy (BMEVIHIAV15) Mark Felegyhazi assistant professor CrySyS Lab. BME Department of Telecommunications (Híradástechnikai Tanszék) mfelegyhazi(atat)crysys(dot)hu Information
More informationCyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.
Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing
More informationJournal Of Financial And Strategic Decisions Volume 9 Number 2 Summer 1996
Journal Of Financial And Strategic Decisions Volume 9 Number 2 Summer 1996 THE USE OF FINANCIAL RATIOS AS MEASURES OF RISK IN THE DETERMINATION OF THE BID-ASK SPREAD Huldah A. Ryan * Abstract The effect
More informationIncident Categories (Public) Version 3.0-2016.01.19 (Final)
Incident Categories (Public) Version 3.0-2016.01.19 (Final) Procedures (PRO 303) Department: GOVCERT.LU Classification: PUBLIC Contents 1 Introduction 3 1.1 Overview.................................................
More informationSUPPLIER SECURITY STANDARD
SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 17 IT Security Controls, Plans and Procedures First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Implementing IT Security
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationThe Effect of Information Technology Investments on the Market Value of Supply Chain Firms: An Improved Event Study Approach
Asia Pacific Management Review 13(1) (2008) 435-444 The Effect of Information Technology Investments on the Market Value of Supply Chain Firms: An Improved Event Study Approach Jao-Hong Cheng *, Chen-Yu
More informationINFORMATION TECHNOLOGY POLICY
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY POLICY Name Of : DPW Information Security and Privacy Policies Domain: Security Date Issued: 05/09/2011 Date Revised: 11/07/2013
More informationThe Effect of Investment in Information Technology on the Performance of Firms Listed at Palestinian Security Exchange
The Effect of Investment in Information Technology on the Performance of Firms Listed at Palestinian Security Exchange ** * Naser Abdelkarim, & Said Alawneh ** * alawnehsaid@hotmailcom / / / / ROA ROS
More informationGuide to Vulnerability Management for Small Companies
University of Illinois at Urbana-Champaign BADM 557 Enterprise IT Governance Guide to Vulnerability Management for Small Companies Andrew Tan Table of Contents Table of Contents... 1 Abstract... 2 1. Introduction...
More informationInvestments. Introduction. Learning Objectives
Investments Introduction Investments Learning Objectives Lesson 1 Investment Alternatives: Making it on the Street Wall Street! Compare and contrast investment alternatives, such as stocks, bonds, mutual
More information