[{"language":[{"iso":"eng"}],"date_updated":"2022-01-06T06:52:47Z","oa":"1","department":[{"_id":"277"}],"title":"Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements","citation":{"ieee":"E. Szubartowicz and G. Schryen, “Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements,” Journal of Information System Security, vol. 16, no. 1, pp. 3–31, 2020.","short":"E. Szubartowicz, G. Schryen, Journal of Information System Security 16 (2020) 3–31.","mla":"Szubartowicz, Eva, and Guido Schryen. “Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements.” Journal of Information System Security, vol. 16, no. 1, Information Institute Publishing, Washington DC, USA, 2020, pp. 3–31.","bibtex":"@article{Szubartowicz_Schryen_2020, title={Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements}, volume={16}, number={1}, journal={Journal of Information System Security}, publisher={Information Institute Publishing, Washington DC, USA}, author={Szubartowicz, Eva and Schryen, Guido}, year={2020}, pages={3–31} }","chicago":"Szubartowicz, Eva, and Guido Schryen. “Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements.” Journal of Information System Security 16, no. 1 (2020): 3–31.","ama":"Szubartowicz E, Schryen G. Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements. Journal of Information System Security. 2020;16(1):3-31.","apa":"Szubartowicz, E., & Schryen, G. (2020). Timing in Information Security: An Event Study on the Impact of Information Security Investment Announcements. Journal of Information System Security, 16(1), 3–31."},"type":"journal_article","year":"2020","page":"3 - 31","intvolume":" 16","_id":"16249","issue":"1","file":[{"access_level":"open_access","file_name":"Timing in Information Security - JISSEC format PREPUBLICATION.pdf","date_created":"2020-03-05T10:26:11Z","relation":"main_file","content_type":"application/pdf","date_updated":"2020-03-05T10:35:49Z","creator":"hsiemes","file_id":"16250","file_size":478056}],"author":[{"last_name":"Szubartowicz","full_name":"Szubartowicz, Eva","first_name":"Eva"},{"full_name":"Schryen, Guido","first_name":"Guido","id":"72850","last_name":"Schryen"}],"publisher":"Information Institute Publishing, Washington DC, USA","publication":"Journal of Information System Security","file_date_updated":"2020-03-05T10:35:49Z","keyword":["Event Study","Information Security","Investment Announcements","Stock Price Reaction","Value of Information Security Investments"],"status":"public","has_accepted_license":"1","date_created":"2020-03-05T10:29:00Z","volume":16,"abstract":[{"text":"Timing plays a crucial role in the context of information security investments. We regard timing in two dimensions, namely the time of announcement in relation to the time of investment and the time of announcement in relation to the time of a fundamental security incident. The financial value of information security investments is assessed by examining the relationship between the investment announcements and their stock market reaction focusing on the two time dimensions. Using an event study methodology, we found that both dimensions influence the stock market return of the investing organization. Our results indicate that (1) after fundamental security incidents in a given industry, the stock price will react more positively to a firm’s announcement of actual information security investments than to announcements of the intention to invest; (2) the stock price will react more positively to a firm’s announcements of the intention to invest after the fundamental security incident compared to before; and (3) the stock price will react more positively to a firm’s announcements of actual information security investments after the fundamental security incident compared to before. Overall, the lowest abnormal return can be expected when the intention to invest is announced before a fundamental information security incident and the highest return when actual investing after a fundamental information security incident in the respective industry.","lang":"eng"}],"user_id":"61579","ddc":["000"]},{"title":"Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning","department":[{"_id":"277"}],"date_updated":"2022-01-06T07:02:03Z","oa":"1","language":[{"iso":"eng"}],"abstract":[{"lang":"eng","text":"The need to protect resources against attackers is reflected by huge information security investments of firms worldwide. In the presence of budget constraints and a diverse set of assets to protect, organizations have to decide in which IT security measures to invest, how to evaluate those investment decisions, and how to learn from past decisions to optimize future security investment actions. While the academic literature has provided valuable insights into these issues, there is a lack of empirical contributions. To address this lack, we conduct a theory-based exploratory multiple case study. Our case study reveals that (1) firms? investments in information security are largely driven by external environmental and industry-related factors, (2) firms do not implement standardized decision processes, (3) the security process is perceived to impact the business process in a disturbing way, (4) both the implementation of evaluation processes and the application of metrics are hardly existent and (5) learning activities mainly occur at an ad-hoc basis."}],"extern":"1","user_id":"61579","ddc":["000"],"file":[{"file_id":"6022","creator":"hsiemes","file_size":809490,"relation":"main_file","date_updated":"2018-12-13T15:06:10Z","content_type":"application/pdf","file_name":"JOURNAL VERSION.pdf","date_created":"2018-12-07T11:26:53Z","access_level":"open_access"}],"file_date_updated":"2018-12-13T15:06:10Z","keyword":["Information Security Investments","Multiple Case Study","Organizations","Single Loop Learning","Double Loop Learning"],"publication":"Computers & Security","author":[{"full_name":"Weishäupl, Eva","first_name":"Eva","last_name":"Weishäupl"},{"full_name":"Yasasin, Emrah","first_name":"Emrah","last_name":"Yasasin"},{"id":"72850","last_name":"Schryen","full_name":"Schryen, Guido","first_name":"Guido"}],"publisher":"Elsevier","date_created":"2018-11-14T11:24:37Z","has_accepted_license":"1","status":"public","volume":77,"_id":"5586","intvolume":" 77","page":"807 - 823","type":"journal_article","year":"2018","citation":{"short":"E. Weishäupl, E. Yasasin, G. Schryen, Computers & Security 77 (2018) 807–823.","ieee":"E. Weishäupl, E. Yasasin, and G. Schryen, “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning,” Computers & Security, vol. 77, pp. 807–823, 2018.","apa":"Weishäupl, E., Yasasin, E., & Schryen, G. (2018). Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning. Computers & Security, 77, 807–823.","ama":"Weishäupl E, Yasasin E, Schryen G. Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning. Computers & Security. 2018;77:807-823.","chicago":"Weishäupl, Eva, Emrah Yasasin, and Guido Schryen. “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning.” Computers & Security 77 (2018): 807–23.","mla":"Weishäupl, Eva, et al. “Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning.” Computers & Security, vol. 77, Elsevier, 2018, pp. 807–23.","bibtex":"@article{Weishäupl_Yasasin_Schryen_2018, title={Information Security Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning}, volume={77}, journal={Computers & Security}, publisher={Elsevier}, author={Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}, year={2018}, pages={807–823} }"}}]