Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - April 2, 2026

Available Issues

April 10, 2013 - April 2, 2026

The Association Between the Disclosure and the Realization of Information Security Risk Factors

Published Online:5 Oct 2012https://doi.org/10.1287/isre.1120.0437

References

  • Abrahamson E, Park C. Concealment of negative organizational outcomes: An agency theory perspective. Acad. Management J. (1994) 37(5):1302–1334CrossrefGoogle Scholar
  • Acquisti A, Friedman A, Telang R. Is there a cost to privacy breaches? An event study. The Fifth Workshop on the Econom. Inform. Security (WEIS) (2006) Robinson College, University of Cambridge, LondonGoogle Scholar
  • Baesens B, Setiono R, Mues C, Vanthienen J. Using neural network rule extraction and decision tables for credit-risk evaluation. Management Sci. (2003) 49(3):312–329LinkGoogle Scholar
  • Bagnoli M, Watts SG. Financial reporting and supplemental voluntary disclosures. J. Accounting Res. (2007) 45(5):885–913CrossrefGoogle Scholar
  • Balakrishnan K, Ghose A, Ipeirotis P. The impact of information disclosure on stock market returns: The Sarbanes-Oxley act and the role of media as an information intermediary. Proc. Seventh Workshop on the Econom. Inform. Security (2008) WEIS 2008Hanover, New HampshireGoogle Scholar
  • Bamber L, Barron OE, Stober TL. Differential interpretations and trading volume. J. Financial Quant. Anal. (1999) 34(3):369–386CrossrefGoogle Scholar
  • Basel Commitee on Banking Supervision (BCBS)Operational risk (2001a) . Supporting Document to the New Basel Capital Accord. Bank for International Settlement, retrieved November 3, 2010 from http://www.bis.org/publ/bcbsca07.pdfGoogle Scholar
  • Basel Commitee on Banking Supervision (BCBS)Overview of the new Basel Capital Accord (2001b) . Bank for International Settlement, retrieved November 3, 2010 from http://www.bis.org/publ/bcbsca02.pdfGoogle Scholar
  • Bettman JR, Weitz BA. Attributions in the board room: Causal reasoning in corporate annual reports. Admin. Sci. Quart. (1983) 28(2):165–183CrossrefGoogle Scholar
  • Breslow NE, Day NE. The analysis of case-control studies. Statistical Methods in Cancer Research (1980) (IARC Scientific Publications, Lyonm, France) . Chap. 1Google Scholar
  • Brown S, Warner J. Using daily stock returns: The case of event studies. J. Financial Econom. (1985) 14(1):3–31CrossrefGoogle Scholar
  • Cameron AC, Trivedi PK. Microeconometrics: Methods and Applications (2007) (Cambridge University Press, New York) Google Scholar
  • Campbell K, Gordon LA, Loeb MP, Zhou L. The economic cost of publicly announced information security breaches: Empirical evidences from the stock market. J. Comput. Security (2003) 11(3):431–448CrossrefGoogle Scholar
  • Casey E. Reporting security breaches: A risk to be avoided or responsibility to be embraced? Digital Investigation (2004) 1(3):159–161CrossrefGoogle Scholar
  • Cavusoglu H, Mishra B, Raghunathan S. The effect of Internet security breach announcements on market value of breached firms and Internet security developers. Internat. J. Electronic Commerce (2004) 9(1):69–105CrossrefGoogle Scholar
  • Cecchini M, Aytug H, Koehler GJ, Pathak P. Detecting management fraud in public companies. MIS Quart. (2010) 56(7):1146–1160Google Scholar
  • Cosslett SR. Maximum likelihood estimator for choice based samples. Econometrica (1981) 49(5):1289–1316CrossrefGoogle Scholar
  • Crouhy M, Galai D, Mark R. The Essentials of Risk Management (2006) (McGraw Hill, New York) Google Scholar
  • Davis A, Piger J, Sedor L. Beyond the numbers: Managers' use of optimistic and pessimistic tone in earnings press releases. AAA Financial Accounting and Reporting (FARS) Mid-Year Meeting (2008) Phoenix, AZGoogle Scholar
  • Dye RA. Disclosure of nonproprietary information. J. Accounting Res. (1985) 12(1):123–145CrossrefGoogle Scholar
  • Dye RA. An evaluation of “essays on disclosure” and the disclosure literature in accounting. J. Accounting Econom. (2001) 32(1–3):181–235CrossrefGoogle Scholar
  • Ettredge ML, Richardson VJ. Information transfer among Internet firms: The case of hacker attacks. J. Inform. Systems (2003) 17(2):71–82CrossrefGoogle Scholar
  • Fama E, French K. The cross-section of expected stock returns. J. Finance (1992) 47(2):427–465CrossrefGoogle Scholar
  • Fan W, Davidson I, Zadrozny B, Yu PS. An improved categorization of classifier's sensitivity on sample selection bias. 5th IEEE Internat. Conf. Data Mining (2005) HoustonGoogle Scholar
  • Fan W, Wallace L, Rich S, Zhang Z. Tapping the power of text mining. Comm. ACM (2006) 49(9):77–82CrossrefGoogle Scholar
  • Feldman R, Sanger J. The Text Mining Handbook: Advanced Approaches in Analyzing Unstructured Data (2006) (Cambridge University Press, UK) CrossrefGoogle Scholar
  • Field L, Lowry M, Shu S. Does disclosure deter or trigger litigation? J. Accounting Econom. (2005) 39(3):487–507CrossrefGoogle Scholar
  • Francis J, Philbrick D, Schipper K. Shareholder litigation and corporate disclosures. J. Accounting Res. (1994) 32(2):137–164CrossrefGoogle Scholar
  • Frey L, Fisher D, Heckerman D, Whittaker J. Modeling decision tree performance with the power law. Proc. 7th Internat. Workshop on Artificial Intelligence and Statist. (1999) Fort Lauderdale, FL:59–65Google Scholar
  • Gal-Or E, Ghose A. The economic incentives for sharing security information. Inform. Systems Res. (2005) 16(2):186–208LinkGoogle Scholar
  • Garg A, Curtis J, Halper H. Quantifying the financial impact of IT security breaches. Inform. Management Comput. Security (2003) 11(2):74–83CrossrefGoogle Scholar
  • Goodhue DL, Straub DW. Security concerns of system users: A study of perceptions of the adequacy of security. Inform. Management (1991) 20(1):13–27CrossrefGoogle Scholar
  • Gordon LA, Loeb MP. The economics of information security investment. ACM Transac. Inform. System Security (2002) 5(4):438–457CrossrefGoogle Scholar
  • Gordon LA, Loeb MP, Lucyshyn W. Sharing information on computer systems security: An economic analysis. J. Accounting and Public Policy (2003) 22(6):461–485CrossrefGoogle Scholar
  • Gordon L, Loeb M, Sohail T. Market value of voluntary disclosures concerning information security. MIS Quart. (2010) 34(3):567–594CrossrefGoogle Scholar
  • Gordon LA, Loeb MP, Lucyshyn W, Sohail T. The impact of the Sarbanes-Oxley act on the corporate disclosures of information security activities. J. Accounting and Public Policy (2006) 25(5):503–530CrossrefGoogle Scholar
  • Goto M, Kawamura T, Wakai K, Ando M, Endoh M, Tomino Y. Risk stratification for progression of IgA nephropathy using a decision tree induction algorithm. Nephrology Dialysis Transplantation (2008) 24(4):1242–1247CrossrefGoogle Scholar
  • Grossman SJ. The information role of warranties and private disclosure about product quality. J. Law Econom. (1981) 24(3):461–483CrossrefGoogle Scholar
  • Han J, Altman R, Kumar V, Mannila H, Pregibon D. Emerging scientific applications in data mining. Comm. ACM (2002) 45(8):54–58CrossrefGoogle Scholar
  • Herring RJ. The basel 2 approach to bank operational risk: Regulation on the wrong track. J. Risk Finance (2002) 4(1):42–45CrossrefGoogle Scholar
  • Hovav A, D'Arcy J. The impact of denial-of-service attack announcements on the market value of firms. Risk Management and Insurance Rev. (2003) 6(2):97–121CrossrefGoogle Scholar
  • Hsieh H, Shannon SE. Three approaches to qualitative content analysis. Qualitative Health Res. (2005) 15(9):1277–1288CrossrefGoogle Scholar
  • Hughes J, Pae S. Voluntary disclosure of precision information. J. Accounting Econom. (2004) 37(3):261–289CrossrefGoogle Scholar
  • Imai K, King G, Lau O. Toward a common framework for statistical analysis and development. J. Computational and Graphical Statist. (2008) 17(4):892–913CrossrefGoogle Scholar
  • Imai K, King G, Lau O. Zelig: Everyone's statistical software. (2009) . Accessed November 3, 2010, http://gking.harvard.edu/zeligGoogle Scholar
  • Imbens G. An efficient method of moments estimator for discrete choice models with choice-based sampling. Econometrica (1992) 60(5):1187–1214CrossrefGoogle Scholar
  • Jobst A. Operational risk—The sting is still in the tail but the poison depends on the dose. J. Operational Risk (2007) 2(2):3–59CrossrefGoogle Scholar
  • John G, Langley P, Simoudis E, Han J, Fayyad U. Static versus dynamic sampling for data mining. Proc. 2nd Internat. Conf. Knowledge Discovery and Data Mining (1996) Portland, OR:367–370Google Scholar
  • Jorgensen BN, Kirschenheiter MT. Discretionary risk disclosures. The Accounting Rev. (2003) 78(2):449–469CrossrefGoogle Scholar
  • Kannan K, Rees J, Sridhar S. Market reactions to information security breach announcements: An empirical study. Internat. J. Electronic Commerce (2007) 12(1):69–91CrossrefGoogle Scholar
  • Kasznik R, Lev B. To warn or not to warn: Management disclosures in the face of an earnings surprise. The Accounting Rev. (1995) 70(1):113–134Google Scholar
  • King G, Zeng L. Logistic regression in rare events data. Political Anal. (2001) 9(2):137–163CrossrefGoogle Scholar
  • Kohavi R, Mellish C. A study of cross-validation and bootstrap for accuracy estimation and model selection. Proc. 14th Internat. Joint Conf. Artificial Intelligence (1995) Montréal, Québec, Canada:781–787Google Scholar
  • Kohl's Annual report for the year ended January 30, 2010. (2010) . Retrieved August 17, 2010 from http://www.sec.gov/Archives/edgar/data/885639/000119312510061795/d10k.htm#tx88612_3Google Scholar
  • Kothari S, Li X, Short J. The effect of disclosures by management, analysts, and financial press on cost of capital, return volatility, and analyst forecasts: A study using content analysis. The Accounting Rev. (2009) 84(5):1639–1674CrossrefGoogle Scholar
  • Krippendorff K. Content Analysis: An Introduction to Its Methodology (2003) (Sage Publications, Thousand Oaks, CA) Google Scholar
  • Lancaster T, Imbens G. Choice based sampling: Inference and optimality. (1991) . Working paper, Department of Economics, Brown University, Providence, RIGoogle Scholar
  • Larcker D, Rusticus T. On the use of instrumental variables in accounting research. J. Accounting Econom. (2010) 49(3):186–205CrossrefGoogle Scholar
  • Li F. Do stock market investors understand the risk sentiment of corporate annual reports? (2007) . Working paper, University of MichiganGoogle Scholar
  • Li F. Annual report readability, current earnings, and earnings persistent. J. Accounting Econom. (2008) 45(2–3):221–247CrossrefGoogle Scholar
  • Long WJ, Griffith JL, Selker HP, D'Agostino RB. A comparison of logistic regression to decision-tree induction in a medical domain. Comput. Biomedical Res. (1993) 26(1):74–97CrossrefGoogle Scholar
  • Loughran T, McDonald B. When is a liability not a liability? Textual analysis, dictionaries and 10-Ks. J. Finance (2011) 66(1):35–65CrossrefGoogle Scholar
  • Milgrom PR. Good news and bad news: Representation theorems and applications. Bell J. Econom. (1981) 12(2):380–391CrossrefGoogle Scholar
  • Morgan J, Daugherty R, Hilchie A, Carey B. Sample size and modeling accuracy with decision tree based data mining tools. Acad. Inform. Management Sci. J. (2003) 6(2):77–92Google Scholar
  • Painter J. SPSS macro for propensity score matching. (2004) . Accessed November 3, 2010, http://ssw.unc.edu/VRC/Lectures/index.htmGoogle Scholar
  • Patton MQ. Qualitative Research and Evaluation Methods (2002) (Sage Publications, Thousand Oaks, CA) Google Scholar
  • Pavlou PA, Liang H, Xue Y. Understanding and mitigating uncertainty in online exchange relationships: A principal–agent perspective. MIS Quart. (2007) 31(1):105–136CrossrefGoogle Scholar
  • Pinczowski D, Ekbom A, Baron J, Yuen J, Adami H. Risk factors for colorectal cancer in patients with ulcerative colitis: A case-control study. Gastroenterology (1994) 107(1):117–120CrossrefGoogle Scholar
  • Ramalho EA, Ramalho JJS. Bias-corrected moment-based estimators for parametric models under endogenous stratified sampling. Econom. Rev. (2006) 25(4):475–496CrossrefGoogle Scholar
  • Rogers J, Van Buskirk A, Zechman S. Disclosure tone and shareholder litigation. AAA Financial Accounting and Reporting (FARS) Mid-Year Meeting (2010) San Diego, CAGoogle Scholar
  • Rudolfer SM, Paliouras G, Peers IS. A comparison of logistic regression to decision tree induction in the diagnosis of carpal tunnel syndrome. Comput. Biomedical Res. (1999) 32(5):391–414CrossrefGoogle Scholar
  • Schuermann T. A review of recent books on credit risk. J. Appl. Econometrics (2005) 20(1):123–130CrossrefGoogle Scholar
  • Shadish WR, Cook TD, Campbell DT. Experimental and Quasi-Experimental Designs for Generalized Causal Inference (2002) (Houghton Mifflin Company, NY) Google Scholar
  • Shmueli G, Koppius O. The challenge of prediction in information systems research. (2010) . Working paper, University of MarylandGoogle Scholar
  • Siponen M. Information security standards focus on the existence of process, not its content. Comm. ACM (2006) 49(8):97–100CrossrefGoogle Scholar
  • Siponen M, Iivari J. Six design theories for IS security policies and guidelines. J. AIS (2006) 7(7):445–472Google Scholar
  • Skinner DJ. Why firms voluntarily disclose bad news. J. Accounting Res. (1994) 32(1):38–60CrossrefGoogle Scholar
  • Smyth P. Model selection for probabilistic clustering using crossvalidated likelihood. Statist. Comput. (2000) 10(1):63–72CrossrefGoogle Scholar
  • Sorenson O, Stuart T. Syndication networks and the spatial distribution of venture capital investment. Amer. J. Sociol. (2001) 106(6):1546–1588CrossrefGoogle Scholar
  • Steinberg GD, Carter BS, Beaty TH, Childs B, Walsh PC. Family history and the risk of prostate cancer. The Prostate (2006) 17(4):337–347CrossrefGoogle Scholar
  • Still S, Bialek W. How many clusters? An information-theoretic perspective. Neural Comput. (2004) 16(12):2483–2506CrossrefGoogle Scholar
  • Stock JH, Yogo M, Stock JH, Andrews DWK. Testing for weak instruments in linear IV regression. Identification and Inference for Econometric Models: Essays in Honor of Thomas J. Rothenberg (2005) (Cambridge University Press, UK) 80–108Chap. 5CrossrefGoogle Scholar
  • Stock JH, Wright JH, Yogo M. A survey of weak instruments and weak identification in generalized method of moments. J. Bus. Econom. Statist. (2002) 20(4):518–529CrossrefGoogle Scholar
  • Straub DW. Effective IS security: An empirical study. Inform. Systems Res. (1990) 1(3):255–276LinkGoogle Scholar
  • Straub DW, Welke R. Coping with systems risk: Security planning models for management decision making. MIS Quart. (1998) 22(4):441–469CrossrefGoogle Scholar
  • Tanaka H, Matsuura K, Sudoh O. Vulnerability and information security investment: An empirical analysis of e-local government in Japan. J. Accounting and Public Policy (2005) 24(1):37–59CrossrefGoogle Scholar
  • Tetlock P. Giving content to investor sentiment: The role of media in the stock market. J. Finance (2007) 62(3):1139–1168CrossrefGoogle Scholar
  • Tetlock P, Saar-Tsechansky M, Macskassy S. More than words: Quantifying language to measure firm's fundamentals. J. Finance (2008) 63(3):1437–1467CrossrefGoogle Scholar
  • Tibshirani R, Walther G, Hastie T. Estimating the number of clusters in a data set via the gap statistic. J. Royal Statist. Soc. B (2001) 63(2):411–423CrossrefGoogle Scholar
  • United States General Accounting Office (GAO) Information security risk assessment: Practices of leading organizations. (1999) . Accessed November 3, 2010, http://www.gao.gov/special.pubs/ai00033.pdfGoogle Scholar
  • Verrecchia RE. Discretionary disclosure. J. Accounting Econom. (1983) 5(3):179–194CrossrefGoogle Scholar
  • Verrecchia RE. Essays on disclosures. J. Accounting Econom. (2001) 32(1–3):97–180CrossrefGoogle Scholar
  • Wang J, Chaudhury A, Rao HR. A value-at-risk approach to information security investment. Inform. Systems Res. (2008) 19(1):106–120LinkGoogle Scholar
  • Weiss SM, Kapouleas L, Sridharan NS. An empirical comparison of pattern recognition, neural nets, and machine learning classification methods. Proc. 11th Internat. Joint Conf. Artificial Intelligence (1989) Detroit:781–787Google Scholar
  • Zadrozny B, Brodley CE. Learning and evaluating classifiers under sample selection bias. Proc. 21st Internat. Conf. Machine Learn. (2004) Banff, Canada:903–910CrossrefGoogle Scholar
  • Zhou Z, Jiang Y. NeC4.5: Neural ensemble based C4.5. IEEE Transac. Knowledge and Data Engrg. (2004) 16(6):770–773CrossrefGoogle Scholar
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree