Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMPIRICAL RESEARCH RELATED TO ECONOMIC ASPECTS OF CYBER/ INFORMATION SECURITY: Concerns and Potential Solutions by Dr. Lawrence A. Gordon E rnst & Young.

Published byBlaise Ferguson Modified over 8 years ago

Similar presentations

Presentation on theme: "EMPIRICAL RESEARCH RELATED TO ECONOMIC ASPECTS OF CYBER/ INFORMATION SECURITY: Concerns and Potential Solutions by Dr. Lawrence A. Gordon E rnst & Young."— Presentation transcript:

1 EMPIRICAL RESEARCH RELATED TO ECONOMIC ASPECTS OF CYBER/ INFORMATION SECURITY: Concerns and Potential Solutions by Dr. Lawrence A. Gordon E rnst & Young Alumni Professor of Managerial Accounting and Information Assurance Director, Ph.D. Program Robert H. Smith School of Business University of Maryland Affiliate Professor in University of Maryland Institute for Advanced Computer Studies © Lawrence A. Gordon

2 2 A. Determining the Real Economic Cost of Cybersecurity Breaches 1. Explicit Costs of Cybersecurity Breaches Detection Costs Correction & Prevention Costs 2. Implicit Costs of Cybersecurity Breaches Existing and Potential Revenue Actual and Potential Legal Liability 3. Archival, Survey, Experiment, Simulations and Case Studies (Strengths and Weaknesses) 4. Stock Market Effect of Breaches (Strengths and Weaknesses)

3 © Lawrence A. Gordon3 The Real Economic Costs of Information Security Breaches Other Stock Market Studies (e.g., Ishiguro et al, 2006) Campbell, K., L. A. Gordon, M. P. Loeb, and L. Zhou, “ The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market. ” Journal of Computer Security, Vol. 11, No. 3, 2003, pp. 431-448.

4 © Lawrence A. Gordon4 B. Cybersecurity Related Activities 1.Firms are not required to report Cybersecurity Activities (e.g., Cost of Breaches, Vulnerabilities, and Proactive Steps) 2. Archival, Survey, Experiment, Simulation and Case Studies (Strength and Weaknesses) 3. Impact of SOX and Voluntary Disclosures

5 © Lawrence A. Gordon5 Empirical Evidence on SOX and Disclosure of Information Security Activities Source: Gordon, Loeb, Lucyshyn, and Sohail, 2006, p. 516. SOX Passed

6 © Lawrence A. Gordon6 Security Investment Activities Gordon, L. A., M. P. Loeb, W. Lucyshyn, and R. Richardson, “2006 CSI/FBI Computer Crime and Security Survey,” Computer Security Journal, Summer 2006, p. 16. CSI/FBI Computer Security Survey Source: Computer Security Institute Figure 18.Security technologies used 2006: 616 Respondents

7 © Lawrence A. Gordon7 C. Cybersecurity Related Investments 1.Organizations are not required to report Cybersecurity Investments 2. Archival, Survey, Experiment, Simulation and Case Studies (Strength and Weaknesses)

8 © Lawrence A. Gordon8 Optimal Security Investments & Vulnerability Gordon, L. A. and M.P., Loeb (2002), “The Economics of Information Security Investment,” ACM Transactions on Information and System Security, Vol. 5, No. 4, pp. 450. Optimal Level of Information Security Investment Vulnerability This paper used actual data on e-local governments in Japan. The results related to actual information security investments support the economic framework developed by Gordon and Loeb (2002) concerning the relation between the optimal level of investment and vulnerability. Tanaka, H., K. Matsuura and O. Sudoh(2005), ” Vulnerability and information security investment: An empirical analysis of e-local government in Japan,” Journal of Accounting and Public Policy, Vol. 24, No. 1, p56. Theoretical Model Empirical Evidence

9 © Lawrence A. Gordon9 D. References  Campbell, K., L. A. Gordon, M. P. Loeb, and L. Zhou, “The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market.” Journal of Computer Security, Vol. 11, No. 3, 2003, pp. 431-448.  Gordon, L. A., and M. P. Loeb. “The Economics of Information Security Investment,” ACM Transactions on Information and System Security Vol. 5, No. 4, November 2002, pp. 438-457.  Gordon, L. A., and M. P. Loeb, “Return on Information Security Investments: Myths vs. Reality,” Strategic Finance, November 2002, pp. 26-31.  Gordon, L. A., and M. P. Loeb, MANAGING CYBERSECURITY RESOURCES: A Cost- Benefit Analysis, McGraw Hill, 2006.  Gordon, L. A., and M. P. Loeb, “Budgeting Process for Information Security Expenditures: Empirical Evidence,” Communications of the ACM, Vol. 49, No. 1, 2006. pp. 121-125.  Gordon, L. A., M. P. Loeb, and W. Lucyshyn, “Information Security Expenditures and Real Options: A Wait and See Approach.” Computer Security Journal, Vol. 19, No. 2, Spring 2003, pp. 1-7.

10 © Lawrence A. Gordon10 D. References (Cont:)  Gordon, L. A., M. P. Loeb, W. Lucyshyn, and R. Richardson, “2006 CSI/FBI Computer Crime and Security Survey,” Computer Security Journal, Summer 2006, pp. 1-21.  Gordon, L. A., M. P. Loeb, W. Lucyshyn, and T. Sohail, “ The Impact of the Sarbanes-Oxley Act on the Corporate Disclosures of Information Security Activities,” Journal of Accounting and Public Policy, Vol. 25, No. 5, 2006. pp. 503-530.  Gordon, L. A., M. P. Loeb and T. Sohail, “A Framework for Using Insurance for Cyber Risk Management,” Communications of the ACM, Vol. 46, No. 3, March 2003, pp. 81-85. Ishiguro, M., H. Tanaka, K. Matsuura, I. Murase, “The Effect of Information Security Incidents on Corporate Values in the Japanese Stock Market,“ Proceedings of The 2006 Workshop on the Economics of Securing the Information Infrastructure.  Gordon, L. A., M. P. Loeb, and W. Lucyshyn, “Sharing Information on Computer Systems: An Economic Analysis,” Journal of Accounting and Public Policy, Vol. 22, No. 6, 2003b, pp. 461-485.  Tanaka, H., K. Matsuura and O. Sudoh, ”Vulnerability and information security investment: An empirical analysis of e-local government in Japan,” Journal of Accounting and Public Policy, Vol. 24, No. 1, pp. 37-59, 2005

Download ppt "EMPIRICAL RESEARCH RELATED TO ECONOMIC ASPECTS OF CYBER/ INFORMATION SECURITY: Concerns and Potential Solutions by Dr. Lawrence A. Gordon E rnst & Young."

Similar presentations

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.

Bodnar/Hopwood AIS 7th Ed1 Chapter 5 u TRANSACTION PROCESSING AND INTERNAL CONTROL PROCESS.
Control and Accounting Information Systems

Control and Accounting Information Systems
1 Security Policy and Financial Costs (original slides from Josh Kaplan, Stephanie Losi, and Eric Chang)

1 Security Policy and Financial Costs (original slides from Josh Kaplan, Stephanie Losi, and Eric Chang)
CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.

CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.
Rise in cyber attacks at US companies “This threat to our country’s economic and national security, and to companies’ bottom line, is real and it is growing.”

Rise in cyber attacks at US companies “This threat to our country’s economic and national security, and to companies’ bottom line, is real and it is growing.”
ACC 424 Financial Reporting II Lecture 5 Introduction to consolidations.

ACC 424 Financial Reporting II Lecture 5 Introduction to consolidations.
Payout Policy Advanced Corporate Finance 2 October 2007.

Payout Policy Advanced Corporate Finance 2 October 2007.
Financial Management I

Financial Management I
ECONOMIC ASPECTS OF CYBERSECURITY

ECONOMIC ASPECTS OF CYBERSECURITY
The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.

The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.
The Economics of Investment in Information Assurance: An Empirical Investigation By Dr. Lawrence A. Gordon* and Dr. Martin P. Loeb* * Robert H. Smith School.

The Economics of Investment in Information Assurance: An Empirical Investigation By Dr. Lawrence A. Gordon* and Dr. Martin P. Loeb* * Robert H. Smith School.
EQUITY VALUATION: APPLICATIONS AND PROCESSES Presenter Venue Date.

EQUITY VALUATION: APPLICATIONS AND PROCESSES Presenter Venue Date.
1. Research Topics for Continuous Auditing Mike Groomer Professor of Accounting and Information Systems Kelley School of Business Indiana University.

1. Research Topics for Continuous Auditing Mike Groomer Professor of Accounting and Information Systems Kelley School of Business Indiana University.
Fall-01 FIBI Zvi Wiener 02-588-3049 DAC.

Fall-01 FIBI Zvi Wiener DAC.
Market Efficiency Chapter 12. Do security prices reflect information ? Why look at market efficiency - Implications for business and corporate finance.

Market Efficiency Chapter 12. Do security prices reflect information ? Why look at market efficiency - Implications for business and corporate finance.
Managerial Economics: Economic Profit

Managerial Economics: Economic Profit
South-Western / Thomson Learning © 2004 by Robert A. Strong University of Maine PowerPoint Presentation by Yee-Tien Fu National Cheng-Chi University Taipei,

South-Western / Thomson Learning © 2004 by Robert A. Strong University of Maine PowerPoint Presentation by Yee-Tien Fu National Cheng-Chi University Taipei,
SOX & ISO 27001 Protect your data and be ready to be audited!!!

SOX & ISO Protect your data and be ready to be audited!!!
ACCT3003 Issues in Accounting Theory

ACCT3003 Issues in Accounting Theory
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Similar presentations

Ads by Google