Ta-Wei "David" Wang - Purdue University

Feb 20, 2008

Size: 485.5MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

"Reading the Disclosures with New Eyes: Bridging the Gap between Information Security Disclosures and Incidents"


This paper investigates the relationship between information security related disclosures in financial reports and the impacts of information security incidents through cross-sectional and cluster analysis. First, by drawing upon the theories of disclosures in the accounting literature, we examine the effect of the number of disclosures on stock price reactions to information security incidents from 1997 to 2006. Our findings suggest that first-time disclosed information security risk factors in financial reports can mitigate the impact of information security incidents on business value. Second, a cluster analysis is performed on the disclosures in financial reports before and after the incidents. The results demonstrate that companies react to information security incidents by disclosing additional and more specific risk factors in subsequent financial reports. A prediction model is also built to classify disclosures as a belonging to a firm reported in the as breached or non-breached. The model can correctly classify a disclosure with approximately 75% accuracy which help investors and auditors assess information provided by the firm. This paper not only contributes to the literature in information security and accounting but also sheds light on how managers can evaluate their information security policies and convey information security practices more effectively to the investors.

About the Speaker

Ta-Wei "David" Wang is currently a Ph.D. student in Management Information Systems at Krannert Graduate School of Management, Purdue University. He received his B.B.A and M.B.A from National Taiwan University in Taiwan. He is also a Certified Public Accountant in Taiwan and Certified Internal Auditor. His research interests are information security and knowledge management.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...