UMD Theses and Dissertations

Permanent URI for this collectionhttp://hdl.handle.net/1903/3

New submissions to the thesis/dissertation collections are added automatically as they are received from the Graduate School. Currently, the Graduate School deposits all theses and dissertations from a given semester after the official graduation date. This means that there may be up to a 4 month delay in the appearance of a given thesis/dissertation in DRUM.

More information is available at Theses and Dissertations at University of Maryland Libraries.

Browse

Filters

20041

Settings

Author: search.filters.author.Zhou, LeiSubject: search.filters.subject.asymmetric information

Search Results

Now showing 1 - 1 of 1
  • Thumbnail Image
    Item
    The Value of Security Audits, Asymmetric Information and Market Impact of Security Breaches
    (2004-08-10) Zhou, Lei; Gordon, Lawrence A.; Loeb, Martin P.; Accounting and Information Assurance; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    This dissertation includes two essays on the economic aspects of information security. The first essay presents a principal-agent model for assessing the value of information security audits. The issue of information security investments is confounded by control problems arising from asymmetric information and conflicting managerial interests within the firm. By analyzing the impacts of asymmetric information and security audits, this study extends the literature in three ways. First, the degree of information asymmetry is formally measured, which allows one to study how different levels of information asymmetry affect information security investment decisions. Second, the intensity of an information security audit is explicitly modeled, and the interactions between information asymmetry and security audits are examined. This analysis provides conditions under which the benefit from security audits increases with the degree of information asymmetry. Third, the current research provides an analytic model that helps to explain existing empirical findings (e.g., Gordon and Smith, 1992) concerning the relation between information asymmetry and the value of audits. The second essay examines the economic costs of publicly announced information security breaches. Similar to Campbell et al. (2003), the current study applies the event study approach, but uses a larger sample and a more sophisticated market model (Fama and French, 1993). The results confirm those of Campbell et al. (2003) that security breaches involving confidential information cause significant market reactions and security breaches not involving confidential information only cause insignificant market reactions. Further investigations also suggest that the insignificance of market reactions to non-confidential events does not seem to vary with the nature of those events.