CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

CIO Risk Appetite and Information Security Management

Tawei (David) Wang

Tawei (David) Wang - DePaul University

Mar 22, 2017

Size: 320.0MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube


After a series of recent high profile information security breach incidents, the role of Chief Information Officers, particularly their role in information security risk management, has been in a heated debate among practitioners. However, little is known in academic literature about how a CIOs’ risk aversion level affects the effectiveness of information security management. Using reported information security breach incidents during 2003-2015, this study examines how a CIO’s risk aversion level is associated to the possibility of information security incidents. In addition, we investigate the moderating effect of CEOs’ risk aversion level and whether the CIO is on the board on the aforementioned effect. Our preliminary results show that a CIO’s risk aversion level is significantly associated with a lower likelihood of information security breaches. We further document that such association varies depending on types of security breaches.

About the Speaker

Tawei (David) Wang is currently an Assistant Professor at DePaul University. He received his Ph.D. from Krannert Graduate School of Management, Purdue University. Before joining DePaul University, he was a faculty member at the University of Hawaii at Manoa and National Taiwan University. His research interests are IT management and information security management. His papers have appeared in several leading journals, including Information Systems Research, Decision Support Systems, European Journal of Information Systems, Information and Management, Information Systems Journal, Journal of Accounting and Public Policy, Journal of Banking and Finance, Journal of Information Systems, Journal of Organizational Computing and Electronic Commerce, among others.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.