Skip to content
University of Maryland LibrariesDigital Repository at the University of Maryland
    • Login
    View Item 
    •   DRUM
    • Theses and Dissertations from UMD
    • UMD Theses and Dissertations
    • View Item
    •   DRUM
    • Theses and Dissertations from UMD
    • UMD Theses and Dissertations
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    The Value of Security Audits, Asymmetric Information and Market Impact of Security Breaches

    Thumbnail
    View/Open
    umi-umd-1709.pdf (707.1Kb)
    No. of downloads: 2302

    Date
    2004-08-10
    Author
    Zhou, Lei
    Advisor
    Gordon, Lawrence A.
    Loeb, Martin P.
    Metadata
    Show full item record
    Abstract
    This dissertation includes two essays on the economic aspects of information security. The first essay presents a principal-agent model for assessing the value of information security audits. The issue of information security investments is confounded by control problems arising from asymmetric information and conflicting managerial interests within the firm. By analyzing the impacts of asymmetric information and security audits, this study extends the literature in three ways. First, the degree of information asymmetry is formally measured, which allows one to study how different levels of information asymmetry affect information security investment decisions. Second, the intensity of an information security audit is explicitly modeled, and the interactions between information asymmetry and security audits are examined. This analysis provides conditions under which the benefit from security audits increases with the degree of information asymmetry. Third, the current research provides an analytic model that helps to explain existing empirical findings (e.g., Gordon and Smith, 1992) concerning the relation between information asymmetry and the value of audits. The second essay examines the economic costs of publicly announced information security breaches. Similar to Campbell et al. (2003), the current study applies the event study approach, but uses a larger sample and a more sophisticated market model (Fama and French, 1993). The results confirm those of Campbell et al. (2003) that security breaches involving confidential information cause significant market reactions and security breaches not involving confidential information only cause insignificant market reactions. Further investigations also suggest that the insignificance of market reactions to non-confidential events does not seem to vary with the nature of those events.
    URI
    http://hdl.handle.net/1903/1736
    Collections
    • Accounting & Information Assurance Theses and Dissertations
    • UMD Theses and Dissertations

    DRUM is brought to you by the University of Maryland Libraries
    University of Maryland, College Park, MD 20742-7011 (301)314-1328.
    Please send us your comments.
    Web Accessibility
     

     

    Browse

    All of DRUMCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    LoginRegister
    Pages
    About DRUMAbout Download Statistics

    DRUM is brought to you by the University of Maryland Libraries
    University of Maryland, College Park, MD 20742-7011 (301)314-1328.
    Please send us your comments.
    Web Accessibility