Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Economics of Investment in Information Assurance: An Empirical Investigation By Dr. Lawrence A. Gordon* and Dr. Martin P. Loeb* * Robert H. Smith School.

Published byLaureen Logan Modified over 9 years ago

Similar presentations

Presentation on theme: "The Economics of Investment in Information Assurance: An Empirical Investigation By Dr. Lawrence A. Gordon* and Dr. Martin P. Loeb* * Robert H. Smith School."— Presentation transcript:

1 The Economics of Investment in Information Assurance: An Empirical Investigation By Dr. Lawrence A. Gordon* and Dr. Martin P. Loeb* * Robert H. Smith School of Business, University of Maryland 1

2 Information Assurance Protect information from reaching competitors and unauthorized parties Detect information security breaches Assure integrity of organization’s database Assure availability of information to authorized users upon demand 2

3 General Research Questions Q1: Do firms use net present value models in determining investments in information security? 3 Q2: What are the driving factors in utilizing NPV models, and more generally in utilizing an economics approach, for determining investments in information security? Q3: What effect do information security breaches have on firm performance?

4 Methodology 4 Survey Survey Design –Experts in field –Structural questionnaire with 7-point Likert scale and open ended questions Sample –199 firms –Intersection of S&P 500 and InformationWeek.com ‘s list of tech savvy firms (gave names of senior IT managers) Q1: Do firms use net present value models in determining investments in information security? Q2: What are the driving factors in utilizing NPV models, and more generally in utilizing an economics approach, for determining investments in information security?

5 Methodology 5 Event Study announcement of IS breach Q3: What effect do information security breaches have on firm performance? R=  R m  1 D 1  2 D 2  3 D 3  4 D 4  5 D 5  6 D 6  7 D 7 

6 Preliminary Results 6 Survey Findings (38 out of 199 vs SAIC -1997, 6 out of 100) Conventional Wisdom: NPV for Information Security is Voodoo Economics The data shows that a large number of firms use NPV in at least some cases, but not all. However, there is high variation. Key reason firms do not use NPV is due to the fact that they cannot accurately estimate future benefits. Even among non-NPV users, expected loss is an important factor in driving the level of of investments in information security (i.e., many non-NPV firms take an economic approach to info security investments). The shape we have assumed of the Information Security Breach Function is confirmed. This includes the fact that no amount of information security can completely prevent a breach. Event Study Findings An information Security breach has no impact on stock market returns.

7 Work-In-Progress Case Studies Theory Building Hypothesis Testing Final Analysis & Drafting Papers 7

8 Potential Future Extensions Information Assurance Investments to Protect the Infrastructure of Telecommunications Carriers: An Empirical Study of the Airline and Healthcare Industries Estimate expected loss (i.e., risk exposure) from carriers losing connectivity What is the appropriate level of investment in information security to protect infrastructure of carriers? How does insurance affect the above issues? Expand on Event Study Large study not restricted to WSJ announcements Assess effect of breaches on accounting numbers Case studies 8

Download ppt "The Economics of Investment in Information Assurance: An Empirical Investigation By Dr. Lawrence A. Gordon* and Dr. Martin P. Loeb* * Robert H. Smith School."

Similar presentations

The Impact of R&D on Innovation and Productivity Professor Derek Bosworth Intellectual Property Research Institute of Australia Melbourne University.

The Impact of R&D on Innovation and Productivity Professor Derek Bosworth Intellectual Property Research Institute of Australia Melbourne University.
A test of the free cash flow hypothesis: The case of bidder returns Larry H.P. Lang Rene M. Stulz Ralph A. Walkling (Journal of Financial Economics 29,

A test of the free cash flow hypothesis: The case of bidder returns Larry H.P. Lang Rene M. Stulz Ralph A. Walkling (Journal of Financial Economics 29,
Moral hazard and contracts

Moral hazard and contracts
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.

CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.
Attorney General Regulatory Enforcement: Evidence from P/C Insurance Companies Authors: Chinmoy Ghosh and James I. Hilliard Discussant: Anne E. Kleffner.

Attorney General Regulatory Enforcement: Evidence from P/C Insurance Companies Authors: Chinmoy Ghosh and James I. Hilliard Discussant: Anne E. Kleffner.
 3M is expected to pay paid dividends of $1.92 per share in the coming year.  You expect the stock price to be $85 per share at the end of the year.

 3M is expected to pay paid dividends of $1.92 per share in the coming year.  You expect the stock price to be $85 per share at the end of the year.
ECONOMIC ASPECTS OF CYBERSECURITY

ECONOMIC ASPECTS OF CYBERSECURITY
The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.

The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
RISK MANAGEMENT FOR ENTERPRISES AND INDIVIDUALS Chapter 6 The Insurance Solution and Institutions.

RISK MANAGEMENT FOR ENTERPRISES AND INDIVIDUALS Chapter 6 The Insurance Solution and Institutions.
1 Why Demand Uncertainty Curbs Investment: Evidence from a Panel of Italian Manufacturing Firms Maria Elena Bontempi (University of Ferrara) Roberto Golinelli.

1 Why Demand Uncertainty Curbs Investment: Evidence from a Panel of Italian Manufacturing Firms Maria Elena Bontempi (University of Ferrara) Roberto Golinelli.
GODFREY HODGSON HOLMES TARCA

GODFREY HODGSON HOLMES TARCA
Accounts Receivable and Inventory May 4, 2009. Learning Objectives  How and why firms manage accounts receivable and inventory.  Computation of optimum.

Accounts Receivable and Inventory May 4, Learning Objectives  How and why firms manage accounts receivable and inventory.  Computation of optimum.
An Empirical Study of the Relationships between IT Infrastructure Flexibility, Mass Customization, and Business Performance Sock Hwa Chung Department of.

An Empirical Study of the Relationships between IT Infrastructure Flexibility, Mass Customization, and Business Performance Sock Hwa Chung Department of.
Prepared by Arabella Volkov University of Southern Queensland.

Prepared by Arabella Volkov University of Southern Queensland.
The priority factor model for customer relationship management system success Reporter :林曉薇 Date: 2006/12/05 Author : Tae Hyup Roh, Cheol Kyung Ahn, Ingoo.

The priority factor model for customer relationship management system success Reporter :林曉薇 Date: 2006/12/05 Author : Tae Hyup Roh, Cheol Kyung Ahn, Ingoo.
1 Estimating the Cost and Benefits of Software Assurance Investments Thomas P. Frazier November 9, 2006.

1 Estimating the Cost and Benefits of Software Assurance Investments Thomas P. Frazier November 9, 2006.
Market Efficiency Chapter 12. Do security prices reflect information ? Why look at market efficiency - Implications for business and corporate finance.

Market Efficiency Chapter 12. Do security prices reflect information ? Why look at market efficiency - Implications for business and corporate finance.
- Justification of BCM Projects Implementation approach overview - Decision Methodology: The Key Probability, Cost-Benefit, Intuitive Approaches Business.

- Justification of BCM Projects Implementation approach overview - Decision Methodology: The Key Probability, Cost-Benefit, Intuitive Approaches Business.

Similar presentations

Ads by Google