CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Reading the Disclosures with New Eyes: Bridging the Gap between Information Security Disclosures and Incidents

Ta-Wei "David" Wang - Purdue University

Feb 20, 2008

Size: 485.5MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

This paper investigates the relationship between information security related disclosures in financial reports and the impacts of information security incidents through cross-sectional and cluster analysis. First, by drawing upon the theories of disclosures in the accounting literature, we examine the effect of the number of disclosures on stock price reactions to information security incidents from 1997 to 2006. Our findings suggest that first-time disclosed information security risk factors in financial reports can mitigate the impact of information security incidents on business value. Second, a cluster analysis is performed on the disclosures in financial reports before and after the incidents. The results demonstrate that companies react to information security incidents by disclosing additional and more specific risk factors in subsequent financial reports. A prediction model is also built to classify disclosures as a belonging to a firm reported in the as breached or non-breached. The model can correctly classify a disclosure with approximately 75% accuracy which help investors and auditors assess information provided by the firm. This paper not only contributes to the literature in information security and accounting but also sheds light on how managers can evaluate their information security policies and convey information security practices more effectively to the investors.

About the Speaker

Ta-Wei "David" Wang is currently a Ph.D. student in Management Information Systems at Krannert Graduate School of Management, Purdue University. He received his B.B.A and M.B.A from National Taiwan University in Taiwan. He is also a Certified Public Accountant in Taiwan and Certified Internal Auditor. His research interests are information security and knowledge management.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.