It's Not My Fault

This article investigates the transfer of information security breach information between breached firms and their peers. Using a large data set of information security incidents from 2003 to 2013, the results suggest that 1) the effect of information security breach information transfer exists between breached firms and non-breached firms that offer similar products and 2) the effect of information transfer is weaker when the information security breach is due to internal faults or is related to the loss of personally identifiable information. Additional tests demonstrate that the effect of information transfer exhibits consistent patterns across time and with different types of information security breaches. Finally, the effect does not depend on whether the firms are IT intensive. Implications, limitations, and future research are discussed.

Download Full-text

It's Not My Fault

Journal of Database Management ◽

10.4018/jdm.2019070102 ◽

2019 ◽

Vol 30 (3) ◽

pp. 18-37

Author(s):

Tawei Wang ◽

Yen-Yao Wang ◽

Ju-Chun Yen

Keyword(s):

Information Security ◽

Information Transfer ◽

Large Data ◽

Future Research ◽

Data Set ◽

Security Breach ◽

Security Breaches ◽

Personally Identifiable Information ◽

Types Of Information ◽

Transfer Of Information

Download Full-text

Financial Impact of Information Security Breaches on Breached Firms and their Non-Breached Competitors

Information Resources Management Journal ◽

10.4018/irmj.2012010102 ◽

2012 ◽

Vol 25 (1) ◽

pp. 21-37 ◽

Cited By ~ 9

Author(s):

Humayun Zafar ◽

Myung Ko ◽

Kweku-Muata Osei-Bryson

Keyword(s):

Information Security ◽

Information Transfer ◽

Sampling Method ◽

Denial Of Service ◽

Financial Impact ◽

Security Breaches ◽

Contagion Effects ◽

Study Methodology ◽

Types Of Information ◽

Event Study Methodology

Information security breaches pose a growing threat to organizations and individuals, particularly those that are heavily involved in e-business/e-commerce. An information security breach can have wide-ranging impacts, including influencing the behaviors of competitors and vice versa within the context of a competitive marketplace. Therefore, there is a need for further exploration of implications of information security breaches beyond the focus of the breached firm. This study investigates the financial impact of publicly announced information security breaches on breached firms and their non-breached competitors. While controlling for size and the industry the firm operates in, the authors focus on specific types of information security breaches (Denial of Service, Website Defacement, Data Theft, and Data Corruption). Unlike previous studies that have used event study methodology, the authors investigate information transfer effects that result from information security breaches using the matched sampling method. The study reveals statistically significant evidence of the presence of intra-industry information transfer for some types of security breaches. The authors also found evidence of contagion effects, but no similar evidence concerning competition effect.

Download Full-text

A Theory of Sex Differences in Technical Aptitude and Some Supporting Evidence

Perspectives on Psychological Science ◽

10.1177/1745691611419670 ◽

2011 ◽

Vol 6 (6) ◽

pp. 560-573 ◽

Cited By ~ 30

Author(s):

Frank L. Schmidt

Keyword(s):

Sex Differences ◽

Job Performance ◽

Large Data ◽

Future Research ◽

Mental Ability ◽

Supporting Evidence ◽

Data Set ◽

Aptitude Tests ◽

General Mental Ability ◽

Technical Aptitude

In this article, I present a theory that explains the origin of sex differences in technical aptitudes. The theory takes as proven that there are no sex differences in general mental ability (GMA), and it postulates that sex differences in technical aptitude (TA) stem from differences in experience in technical areas, which is in turn based on sex differences in technical interests. Using a large data set, I tested and found support for four predictions made by this theory: (a) the construct level correlation between technical aptitude and GMA is larger for females than males, (b) the observed and true score variability of technical aptitude is greater among males than females, (c) at every level of GMA females have lower levels of technical aptitude, and (d) technical aptitude measures used as estimates of GMA for decision purposes would result in underestimation of GMA levels for girls and women. Given that GMA carries the weight of prediction of job performance, the support found for this last prediction suggests that, for many jobs, technical aptitude tests may underpredict the job performance of female applicants and employees. Future research should examine this question.

Download Full-text

Organisational Information Security Strategy: Review, Discussion and Future Research

Australasian Journal of Information Systems ◽

10.3127/ajis.v21i0.1427 ◽

2017 ◽

Vol 21 ◽

Cited By ~ 1

Author(s):

Craig A. Horne ◽

Sean B. Maynard ◽

Atif Ahmad

Keyword(s):

Information Security ◽

Future Research ◽

Security Strategy ◽

Security Breaches ◽

Antecedent Conditions ◽

Comprehensive Information ◽

Future Research Directions ◽

Definition Of ◽

Definition Of Information ◽

Information Security Strategy

Dependence on information, including for some of the world’s largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their associated consequences indicate that attacks are escalating on organisations conducting these information-based activities. Organisations need to formulate strategy to secure their information, however gaps exist in knowledge. Through a thematic review of academic security literature, (1) we analyse the antecedent conditions that motivate the adoption of a comprehensive information security strategy, (2) the conceptual elements of strategy and (3) the benefits that are enjoyed post-adoption. Our contributions include a definition of information security strategy that moves from an internally-focussed protection of information towards a strategic view that considers the organisation, its resources and capabilities, and its external environment. Our findings are then used to suggest future research directions.

Download Full-text

The Impact of Information Security Events on the Stock Value of Firms: The Effect of Contingency Factors

Journal of Information Technology ◽

10.1057/jit.2010.4 ◽

2011 ◽

Vol 26 (1) ◽

pp. 60-77 ◽

Cited By ~ 52

Author(s):

Ali Alper Yayla ◽

Qing Hu

Keyword(s):

Information Security ◽

Stock Market ◽

Negative Impact ◽

Denial Of Service ◽

Future Research ◽

Event Analysis ◽

Market Reactions ◽

Security Breaches ◽

Stock Market Reactions ◽

The Impact

The stock market reactions to information technology (IT)-related events have often been used as proxies to the value or cost of these events in the information systems literature. In this paper, we study the stock market reactions to information-security-related events using the event analysis methodology with consideration of the effects of a number of contingency factors, including business type, industry, type of breach, event year, and length of event window. We found that pure e-commerce firms experienced higher negative market reactions than traditional bricks-and-mortar firms in the event of security breach. We also found that denial of service attacks had higher negative impact than other types of security breaches. Finally, security events occurred in recent years were found to have less significant impact than those occurred earlier, suggesting that investors may have become less sensitive to the security events. Most interestingly, our analyses showed that the magnitude and longevity of security breaches vary with time across sub-samples. This raises some serious questions regarding the validity of analyzing only short-term stock market reactions as an indicator of the cost of security breaches, and in general, an indicator of the value of IT-related events. The implications of these results are discussed and potential future research directions are proposed.

Download Full-text

Collecting and evaluating large volumes of bibliographic metadata aggregated in the WorldCat database: a proposed methodology to overcome challenges

The Electronic Library ◽

10.1108/el-11-2020-0316 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Vyacheslav I. Zavalin ◽

Shawne D. Miksa

Keyword(s):

Data Collection ◽

Large Scale ◽

Large Data ◽

Study Data ◽

Lessons Learned ◽

Future Research ◽

Data Set ◽

Content Type ◽

Large Data Set ◽

Smart Data

Purpose This paper aims to discuss the challenges encountered in collecting, cleaning and analyzing the large data set of bibliographic metadata records in machine-readable cataloging [MARC 21] format. Possible solutions are presented. Design/methodology/approach This mixed method study relied on content analysis and social network analysis. The study examined subject representation in MARC 21 metadata records created in 2020 in WorldCat – the largest international database of “big smart data.” The methodological challenges that were encountered and solutions are examined. Findings In this general review paper with a focus on methodological issues, the discussion of challenges is followed by a discussion of solutions developed and tested as part of this study. Data collection, processing, analysis and visualization are addressed separately. Lessons learned and conclusions related to challenges and solutions for the design of a large-scale study evaluating MARC 21 bibliographic metadata from WorldCat are given. Overall recommendations for the design and implementation of future research are suggested. Originality/value There are no previous publications that address the challenges and solutions of data collection and analysis of WorldCat’s “big smart data” in the form of MARC 21 data. This is the first study to use a large data set to systematically examine MARC 21 library metadata records created after the most recent addition of new fields and subfields to MARC 21 Bibliographic Format standard in 2019 based on resource description and access rules. It is also the first to focus its analyzes on the networks formed by subject terms shared by MARC 21 bibliographic records in a data set extracted from a heterogeneous centralized database WorldCat.

Download Full-text

Incorporating home healthcare nurses’ admission information needs to inform data standards

Journal of the American Medical Informatics Association ◽

10.1093/jamia/ocaa087 ◽

2020 ◽

Vol 27 (8) ◽

pp. 1278-1286 ◽

Cited By ~ 1

Author(s):

Paulina S Sockolow ◽

Kathryn H Bowles ◽

Christine Wojciechowicz ◽

Ellen J Bass

Keyword(s):

Focus Groups ◽

Home Health Care ◽

Information Transfer ◽

Information Needs ◽

Home Healthcare ◽

Data Standards ◽

Information Gap ◽

Types Of Information ◽

Transfer Of Information ◽

Available Information

Abstract Objective Patient transitions into home health care (HHC) often occur without the transfer of information needed for critical clinical decisions and the plan of care. Owing to a lack of universally implemented standards, there is wide variation in information transfer. We sought to characterize missing information at HHC admission. Materials and Methods We conducted a mixed methods study with 3 diverse HHC agencies. Focus groups with nurses at each agency identified what information supports patient care decisions at admission. Thirty-six in-home admissions with associated documentation review determined the available information. To inform information standards development for the HHC admission process, we compared the types of information desired and available to an international standard for transitions in care information, the Continuity of Care Document (CCD) enhanced with Office of the National Coordinator for Healthcare Information Technology summary terms (CCD/S). Results Three-quarters of the items from the focus groups mapped to the CCD/S. Regarding available information at admission, no observation included all CCD/S data items. While medication information was needed and often available for 4 important decisions, concepts related to patient medication self-management appeared in neither the CCD/S nor the admission documentation. Discussion The CCD/S mostly met HHC nurses’ information needs and is recommended to begin to fill the current information gap. Electronic health record recommendations include use of a data standard: the CCD or the proposed, more parsimonious U.S. Core Data for Interoperability. Conclusions Referral source and HHC agency adoption of data standards is recommended to support structured, consistent data and information sharing.

Download Full-text

Helminth species diversity of mammals: parasite species richness is a host species attribute

Parasitology ◽

10.1017/s0031182008005040 ◽

2008 ◽

Vol 135 (14) ◽

pp. 1701-1705 ◽

Cited By ~ 13

Author(s):

F. BORDES ◽

S. MORAND

Keyword(s):

Species Richness ◽

Host Species ◽

Parasite Species ◽

Regional Scale ◽

Large Data ◽

Helminth Species ◽

Future Research ◽

Data Set ◽

Parasite Species Richness ◽

Trade Offs

SUMMARYStudies investigating parasite diversity have shown substantial geographical variation in parasite species richness. Most of these studies have, however, adopted a local scale approach, which may have masked more general patterns. Recent studies have shown that ectoparasite species richness in mammals seems highly repeatable among populations of the same mammal host species at a regional scale. In light of these new studies we have reinvestigated the case of parasitic helminths by using a large data set of parasites from mammal populations in 3 continents. We collected homogeneous data and demonstrated that helminth species richness is highly repeatable in mammals at a regional scale. Our results highlight the strong influence of host identity in parasite species richness and call for future research linking helminth species found in a given host to its ecology, immune defences and potential energetic trade-offs.

Download Full-text

Comparisons of Bitcoin Cryptosystem with Other Common Internet Transaction Systems by AHP Technique

Journal of information and organizational sciences ◽

10.31341/jios.41.1.5 ◽

2017 ◽

Vol 41 (1) ◽

pp. 69-87

Author(s):

Davor Maček ◽

Dino Alagić

Keyword(s):

Information Security ◽

Future Research ◽

Critical Systems ◽

Payment Systems ◽

Security Risks ◽

Analytic Hierarchy ◽

Potential Case ◽

Types Of Information ◽

Criteria For Evaluation ◽

Vector Matrix

This paper describes proposed methodology for evaluation of critical systems and prioritization of critical risks and assets identified in highly secured information systems. For different types of information assets or security environments it is necessary to apply different techniques and methods for their prioritization and evaluation. In this article, VECTOR matrix method for prioritization of critical assets and critical risks is explained and integrated into AHP (Analytic Hierarchy Process) technique as a set of fixed criteria for evaluation of defined alternatives. Bitcoin cryptocurrency was compared and evaluated along with other common Internet transaction systems by information security professionals according to defined VECTOR criteria. Also, the newly proposed hybrid AHP model is presented with potential case studies for future research. This article tries to discover security posture of Bitcoin cryptocurrency in the context of information security risks related to the existing most common online payment systems like e-banking, m-banking, and e-commerce

Download Full-text

Gene Co-Expression in Mouse Embryo Tissues

International Journal of Intelligent Information Technologies ◽

10.4018/ijiit.2013100104 ◽

2013 ◽

Vol 9 (4) ◽

pp. 55-68 ◽

Cited By ~ 4

Author(s):

Simon Andrews ◽

Kenneth McLeod

Keyword(s):

Mouse Embryo ◽

Formal Concept Analysis ◽

Large Data ◽

Future Research ◽

Formal Concept ◽

Gene Expressions ◽

Data Set ◽

Disjoint Sets ◽

Managing Complexity ◽

A New Technique

This paper develops some existing ideas in Formal Concept Analysis (FCA) to provide an analysis of a large data set of gene expressions in mouse embryo tissues. It develops a new technique for managing complexity based on 'fault tolerance' and the identification of disjoint sets in data. Using this technique, distinct groups of co-expressed genes are identified. The work represents some early experiments with FCA, with many questions arising and much left as future research, although promising results are shown that are of interest to both FCA developers and geneticists. This work has been carried out as part the European CUBIST Project.

Download Full-text