Three essays on information technology security management in organizations
MetadataShow full item record
Increasing complexity and sophistication of ever evolving information technologies has spurred unique and unprecedented challenges for organizations to protect their information assets. Companies suffer significant financial and reputational damage due to ineffective information technology security management, which has extensively been shown to severely impact firm's performance and their market valuation. The dissertation comprises of three essays that address strategic and operational issues that organizations face in managing efficient and secure information technology environment. As organizations increasingly operate, compete and cooperate in a global context, business processes are also becoming global to generate benefits from coordination and standardization across geographical boundaries. In this context, security has gained significance due to increased threats, legislation and compliance issues. The first essay presents a framework for assessing the security of Internet technology components that support a globally distributed workplace. The framework uses component analysis to examine various aspects of a globally distributed system – the technology components, access channels, architecture and threats. Using a combination of scenarios, architectures and technologies, the paper presents the framework as a development tool for information security officers to evaluate the security posture of an information system 1 . The management and planning of large complex deployments are inherently difficult and time consuming, which are also widely evidenced to have unusually high failure rates. The second essay develops a risk-aware cost model to aid companies to transition to having a single sign on system using a multi-phase pattern of software implementation. The integer programming-based optimization model provides guidance on the software that should be implemented in each phase taking risk and budgetary constraints into account. The model provides a cost optimal path to migrating to a single sign-on system, while taking into account individual application characteristics as well as different learning aspects of organizational system implementation. The model can be used by managers and professionals in architecting their own software deployment plans in multiple stages to address resource constraint issues such as manpower and budget, while also effectively managing risks. The results of the model show significant cost benefits and effective risk management strategies. This will help organizations from an operational and tactical perspective during implementation of a distributed software system. There has been a tremendous increase in frequency and economic impact potential of security breaches. Numerous studies have shown that there is significant negative impact on market valuation of the firm that suffered security breach. Extensive literature review reveals that studies have not examined companies' response to security breaches in terms of media announcements about security initiatives and improvements. The third essay investigates whether security breaches lead to announcements of security investments / improvements by the affected companies; and the market reaction to these announcements. In addition, the essay also explores (a) how announcements of remediation and/or of positive investments or improvements in security relate to security breach announcements? (b) effective timing strategies to respond and to release announcements relating to security improvements/initiatives to maximize the favorable impact and (c) the effect of security breach announcements on competitor's market valuation and d) impact of announcements' content on stock price. The results of the research indicate that there is positive significant market reaction to announcements regarding security improvements made by companies that had a security breach incident. The study also reveals that impact on stock price of competitors is moderated by their industry. The research used event studies and time series analyses to uncover how timing impacts the stock performance, of companies making positive security related announcements in news media, in an attempt to restore image and reputation after a security breach. The results reveal that timing of the announcement, after a breach, significantly influences the impact on stock prices. 1 This paper is published as "Security Analysis of Internet Technology Components Enabling Globally Distributed Workplaces— A Framework" in ACM Transactions on Internet Technology, Vol. 8, No. 4, Article 17, November 2008.
Showing items related by title, author, creator and subject.
Shambhu Upadhyaya Principal Investigator (2014-04-02)The PIs have submitted a proposal to organize a workshop in secure knowledge management. The workshop will explore critical knowledge management security issues such as secure languages, secure knowledge sharing and secure ...
Kui Ren Principal Investigator (2014-04-02)The economics of Cloud Computing Cloud Computing impels a fundamental shift in how data services are deployed and delivered, enabling flexible, dynamic outsourcing while reducing capital cost commitments for hardware and ...
H. Raghav Rao Principal Investigator (2014-04-02)CNS-0420448<br/>Raghav Rao<br/>Institution: SUNY Buffalo<br/><br/>Title: ITWF: Women and Cyber Security: Gendered Tasks and Inequitable Outcomes<br/><br/>This ITWF project examines the ...