当前位置:
X-MOL 学术
›
Inf. Technol. Manag.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
The effect of information security certification announcements on the market value of the firm
Information Technology and Management ( IF 2.310 ) Pub Date : 2019-01-01 , DOI: 10.1007/s10799-018-00297-3 Jason K. Deane , David M. Goldberg , Terry R. Rakes , Loren P. Rees
Information Technology and Management ( IF 2.310 ) Pub Date : 2019-01-01 , DOI: 10.1007/s10799-018-00297-3 Jason K. Deane , David M. Goldberg , Terry R. Rakes , Loren P. Rees
Information security management has increasingly been recognized as one of the major business challenges of the last decade. While security research has widely recognized that breaches are detrimental to business value, the other side of the equation has received little attention. The literature on the value impact of proactive financial investments into information security management infrastructure and policy is very limited. Unlike most information technology investments, reinforcements to information security management programs suggest a reduction of a firm’s risk of damages in future attacks rather than an improvement in a firm’s revenue generation. Furthermore, contemporary information security management represents a process-based shift in a firm’s operations. In light of the unique information security risks faced by modern firms, we posit several hypotheses related to the value created from information security management program investments. We then present an empirical examination of the effects of information security management program investments on shareholder value. We use a firm’s successful completion of the ISO 27001 certification requirements as evidence of its commitment to developing a robust information security management program. Based on 111 public announcements, we find that the associated abnormal stock market reaction is both positive and statistically significant. We further control for firms’ industries, sizes, and dates of certification, and we find that they all affect the mean abnormal returns observed. This study demonstrates the capacity for information security management program investments to generate value for firms and further offers guidance for practitioners seeking to maximize shareholder value.
中文翻译:
信息安全认证公告对公司市场价值的影响
在过去的十年中,信息安全管理已被日益视为主要的业务挑战之一。尽管安全研究已广泛认识到,破坏对业务价值有害,但等式的另一面却很少受到关注。关于积极的金融投资对信息安全管理基础架构和政策的价值影响的文献非常有限。与大多数信息技术投资不同,对信息安全管理计划的强化表明,降低了企业在未来攻击中遭受损害的风险,而不是提高了企业的创收能力。此外,当代的信息安全管理代表了公司运营中基于流程的转变。鉴于现代公司面临的独特信息安全风险,我们提出了几种与信息安全管理计划投资创造的价值有关的假设。然后,我们对信息安全管理计划投资对股东价值的影响进行实证检验。我们将公司成功完成ISO 27001认证要求作为其致力于开发强大的信息安全管理计划的证据。根据111则公开公告,我们发现相关的异常股市反应既积极又具有统计意义。我们进一步控制了公司的行业,规模和认证日期,我们发现它们都影响所观察到的平均异常收益。
更新日期:2019-01-01
中文翻译:
信息安全认证公告对公司市场价值的影响
在过去的十年中,信息安全管理已被日益视为主要的业务挑战之一。尽管安全研究已广泛认识到,破坏对业务价值有害,但等式的另一面却很少受到关注。关于积极的金融投资对信息安全管理基础架构和政策的价值影响的文献非常有限。与大多数信息技术投资不同,对信息安全管理计划的强化表明,降低了企业在未来攻击中遭受损害的风险,而不是提高了企业的创收能力。此外,当代的信息安全管理代表了公司运营中基于流程的转变。鉴于现代公司面临的独特信息安全风险,我们提出了几种与信息安全管理计划投资创造的价值有关的假设。然后,我们对信息安全管理计划投资对股东价值的影响进行实证检验。我们将公司成功完成ISO 27001认证要求作为其致力于开发强大的信息安全管理计划的证据。根据111则公开公告,我们发现相关的异常股市反应既积极又具有统计意义。我们进一步控制了公司的行业,规模和认证日期,我们发现它们都影响所观察到的平均异常收益。
京公网安备 11010802027423号