1 / 6

Potential Research Topics in IS Security and Audit

Potential Research Topics in IS Security and Audit. Vern Richardson, University of Arkansas. Contributions of this paper. Carr’s (2003) Arguments May not get a competitive advantage from IT Vulnerabilities still critical Types of IT Failures E-commerce Engine

tamber
Download Presentation

Potential Research Topics in IS Security and Audit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Potential Research Topics in IS Security and Audit Vern Richardson, University of Arkansas

  2. Contributions of this paper • Carr’s (2003) Arguments • May not get a competitive advantage from IT • Vulnerabilities still critical • Types of IT Failures • E-commerce Engine • Website Outage (Hacker, Failure) • Financial Statement System Error (Sarbanes Oxley) • Accounting Restatements and Earnings Revisions

  3. Losses from Lack of IT Security • Direct Tangible Losses • Earnings (Market Capitalization) Lost due to Web Outage • Money spent on security • Intangible Losses • Loss of Customers/ Website Experience • Lack of Faith – BBB? Webtrust? • Privacy – Loss of Credit Card Data • What’s the optimal amount to spend? When is it too much? • Yager (2002) suggests that CIOs overspent on security. • Which of these measurable using archival techniques?

  4. Event Studies • Anthony, Choi and Grabski (2005) show losses of 3.92% market cap around web outage • Ettredge and Richardson (2003) show event study losses by Internet firms in the same industry as those hacked as well as Internet firms that were not hacked at all.

  5. Effects on Industries Not Directly Affected By Denial of Service (Feb. 2000) “Information Transfer among Internet Firms: The Case of Hacker Attacks,” Journal of Information Systems, (Fall 2003): 71-82 (with M. Ettredge).

  6. Triangulation beyond Event Studies • Issue with event study – ex ante prediction of potential affect on firms • Does an impairment actually affect revenues – can you capture that? • Have anecdotal evidence, does it show in the statistics as well? • See it in Retail firms – via monthly sales? • Nielsen Net Ratings – measure effect on: • Hits (Both during that period and after) • Stickiness – how long do they stay? • Repeat Customers or most profitable customers? • How about long-run returns? • Money spent on IT Security and its effects on: • Audit fees? Sarbanes-Oxley? • Errors? Extent of Restatements?

More Related