The Value of Security Audits, Asymmetric Information and Market Impact of Security Breaches

dc.contributor.advisorGordon, Lawrence A.en_US
dc.contributor.advisorLoeb, Martin P.en_US
dc.contributor.authorZhou, Leien_US
dc.contributor.departmentAccounting and Information Assuranceen_US
dc.contributor.publisherDigital Repository at the University of Marylanden_US
dc.contributor.publisherUniversity of Maryland (College Park, Md.)en_US
dc.date.accessioned2004-08-27T05:22:36Z
dc.date.available2004-08-27T05:22:36Z
dc.date.issued2004-08-10en_US
dc.description.abstractThis dissertation includes two essays on the economic aspects of information security. The first essay presents a principal-agent model for assessing the value of information security audits. The issue of information security investments is confounded by control problems arising from asymmetric information and conflicting managerial interests within the firm. By analyzing the impacts of asymmetric information and security audits, this study extends the literature in three ways. First, the degree of information asymmetry is formally measured, which allows one to study how different levels of information asymmetry affect information security investment decisions. Second, the intensity of an information security audit is explicitly modeled, and the interactions between information asymmetry and security audits are examined. This analysis provides conditions under which the benefit from security audits increases with the degree of information asymmetry. Third, the current research provides an analytic model that helps to explain existing empirical findings (e.g., Gordon and Smith, 1992) concerning the relation between information asymmetry and the value of audits. The second essay examines the economic costs of publicly announced information security breaches. Similar to Campbell et al. (2003), the current study applies the event study approach, but uses a larger sample and a more sophisticated market model (Fama and French, 1993). The results confirm those of Campbell et al. (2003) that security breaches involving confidential information cause significant market reactions and security breaches not involving confidential information only cause insignificant market reactions. Further investigations also suggest that the insignificance of market reactions to non-confidential events does not seem to vary with the nature of those events.en_US
dc.format.extent724071 bytes
dc.format.mimetypeapplication/pdf
dc.identifier.urihttp://hdl.handle.net/1903/1736
dc.language.isoen_US
dc.subject.pqcontrolledBusiness Administration, Accountingen_US
dc.subject.pquncontrolledPrincipal-agenten_US
dc.subject.pquncontrolledasymmetric informationen_US
dc.subject.pquncontrolledvalue of auditingen_US
dc.subject.pquncontrolledsecurity breachesen_US
dc.subject.pquncontrolledmarket reactionen_US
dc.subject.pquncontrolledevent studyen_US
dc.titleThe Value of Security Audits, Asymmetric Information and Market Impact of Security Breachesen_US
dc.typeDissertationen_US

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
umi-umd-1709.pdf
Size:
707.1 KB
Format:
Adobe Portable Document Format