Ta-Wei "David" Wang - Purdue University
Students: Fall 2024, unless noted otherwise, sessions will be virtual on Zoom.
Reading the Disclosures with New Eyes: Bridging the Gap between Information Security Disclosures and Incidents
Feb 20, 2008
Download: MP4 Video Size: 485.5MBWatch on YouTube
Abstract
This paper investigates the relationship between information security related disclosures in financial reports and the impacts of information security incidents through cross-sectional and cluster analysis. First, by drawing upon the theories of disclosures in the accounting literature, we examine the effect of the number of disclosures on stock price reactions to information security incidents from 1997 to 2006. Our findings suggest that first-time disclosed information security risk factors in financial reports can mitigate the impact of information security incidents on business value. Second, a cluster analysis is performed on the disclosures in financial reports before and after the incidents. The results demonstrate that companies react to information security incidents by disclosing additional and more specific risk factors in subsequent financial reports. A prediction model is also built to classify disclosures as a belonging to a firm reported in the as breached or non-breached. The model can correctly classify a disclosure with approximately 75% accuracy which help investors and auditors assess information provided by the firm. This paper not only contributes to the literature in information security and accounting but also sheds light on how managers can evaluate their information security policies and convey information security practices more effectively to the investors.About the Speaker
Ta-Wei "David" Wang is currently a Ph.D. student in Management Information Systems at Krannert Graduate School of Management, Purdue University. He received his B.B.A and M.B.A from National Taiwan University in Taiwan. He is also a Certified Public Accountant in Taiwan and Certified Internal Auditor. His research interests are information security and knowledge management.