---
_id: '16249'
abstract:
- lang: eng
text: Timing plays a crucial role in the context of information security investments.
We regard timing in two dimensions, namely the time of announcement in relation
to the time of investment and the time of announcement in relation to the time
of a fundamental security incident. The financial value of information security
investments is assessed by examining the relationship between the investment announcements
and their stock market reaction focusing on the two time dimensions. Using an
event study methodology, we found that both dimensions influence the stock market
return of the investing organization. Our results indicate that (1) after fundamental
security incidents in a given industry, the stock price will react more positively
to a firm’s announcement of actual information security investments than to announcements
of the intention to invest; (2) the stock price will react more positively to
a firm’s announcements of the intention to invest after the fundamental security
incident compared to before; and (3) the stock price will react more positively
to a firm’s announcements of actual information security investments after the
fundamental security incident compared to before. Overall, the lowest abnormal
return can be expected when the intention to invest is announced before a fundamental
information security incident and the highest return when actual investing after
a fundamental information security incident in the respective industry.
author:
- first_name: Eva
full_name: Szubartowicz, Eva
last_name: Szubartowicz
- first_name: Guido
full_name: Schryen, Guido
id: '72850'
last_name: Schryen
citation:
ama: 'Szubartowicz E, Schryen G. Timing in Information Security: An Event Study
on the Impact of Information Security Investment Announcements. Journal of
Information System Security. 2020;16(1):3-31.'
apa: 'Szubartowicz, E., & Schryen, G. (2020). Timing in Information Security:
An Event Study on the Impact of Information Security Investment Announcements.
Journal of Information System Security, 16(1), 3–31.'
bibtex: '@article{Szubartowicz_Schryen_2020, title={Timing in Information Security:
An Event Study on the Impact of Information Security Investment Announcements},
volume={16}, number={1}, journal={Journal of Information System Security}, publisher={Information
Institute Publishing, Washington DC, USA}, author={Szubartowicz, Eva and Schryen,
Guido}, year={2020}, pages={3–31} }'
chicago: 'Szubartowicz, Eva, and Guido Schryen. “Timing in Information Security:
An Event Study on the Impact of Information Security Investment Announcements.”
Journal of Information System Security 16, no. 1 (2020): 3–31.'
ieee: 'E. Szubartowicz and G. Schryen, “Timing in Information Security: An Event
Study on the Impact of Information Security Investment Announcements,” Journal
of Information System Security, vol. 16, no. 1, pp. 3–31, 2020.'
mla: 'Szubartowicz, Eva, and Guido Schryen. “Timing in Information Security: An
Event Study on the Impact of Information Security Investment Announcements.” Journal
of Information System Security, vol. 16, no. 1, Information Institute Publishing,
Washington DC, USA, 2020, pp. 3–31.'
short: E. Szubartowicz, G. Schryen, Journal of Information System Security 16 (2020)
3–31.
date_created: 2020-03-05T10:29:00Z
date_updated: 2022-01-06T06:52:47Z
ddc:
- '000'
department:
- _id: '277'
file:
- access_level: open_access
content_type: application/pdf
creator: hsiemes
date_created: 2020-03-05T10:26:11Z
date_updated: 2020-03-05T10:35:49Z
file_id: '16250'
file_name: Timing in Information Security - JISSEC format PREPUBLICATION.pdf
file_size: 478056
relation: main_file
file_date_updated: 2020-03-05T10:35:49Z
has_accepted_license: '1'
intvolume: ' 16'
issue: '1'
keyword:
- Event Study
- Information Security
- Investment Announcements
- Stock Price Reaction
- Value of Information Security Investments
language:
- iso: eng
oa: '1'
page: 3 - 31
publication: Journal of Information System Security
publisher: Information Institute Publishing, Washington DC, USA
status: public
title: 'Timing in Information Security: An Event Study on the Impact of Information
Security Investment Announcements'
type: journal_article
user_id: '61579'
volume: 16
year: '2020'
...
---
_id: '5586'
abstract:
- lang: eng
text: The need to protect resources against attackers is reflected by huge information
security investments of firms worldwide. In the presence of budget constraints
and a diverse set of assets to protect, organizations have to decide in which
IT security measures to invest, how to evaluate those investment decisions, and
how to learn from past decisions to optimize future security investment actions.
While the academic literature has provided valuable insights into these issues,
there is a lack of empirical contributions. To address this lack, we conduct a
theory-based exploratory multiple case study. Our case study reveals that (1)
firms? investments in information security are largely driven by external environmental
and industry-related factors, (2) firms do not implement standardized decision
processes, (3) the security process is perceived to impact the business process
in a disturbing way, (4) both the implementation of evaluation processes and the
application of metrics are hardly existent and (5) learning activities mainly
occur at an ad-hoc basis.
author:
- first_name: Eva
full_name: Weishäupl, Eva
last_name: Weishäupl
- first_name: Emrah
full_name: Yasasin, Emrah
last_name: Yasasin
- first_name: Guido
full_name: Schryen, Guido
id: '72850'
last_name: Schryen
citation:
ama: 'Weishäupl E, Yasasin E, Schryen G. Information Security Investments: An Exploratory
Multiple Case Study on Decision-Making, Evaluation and Learning. Computers
& Security. 2018;77:807-823.'
apa: 'Weishäupl, E., Yasasin, E., & Schryen, G. (2018). Information Security
Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation
and Learning. Computers & Security, 77, 807–823.'
bibtex: '@article{Weishäupl_Yasasin_Schryen_2018, title={Information Security Investments:
An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning},
volume={77}, journal={Computers & Security}, publisher={Elsevier}, author={Weishäupl,
Eva and Yasasin, Emrah and Schryen, Guido}, year={2018}, pages={807–823} }'
chicago: 'Weishäupl, Eva, Emrah Yasasin, and Guido Schryen. “Information Security
Investments: An Exploratory Multiple Case Study on Decision-Making, Evaluation
and Learning.” Computers & Security 77 (2018): 807–23.'
ieee: 'E. Weishäupl, E. Yasasin, and G. Schryen, “Information Security Investments:
An Exploratory Multiple Case Study on Decision-Making, Evaluation and Learning,”
Computers & Security, vol. 77, pp. 807–823, 2018.'
mla: 'Weishäupl, Eva, et al. “Information Security Investments: An Exploratory Multiple
Case Study on Decision-Making, Evaluation and Learning.” Computers & Security,
vol. 77, Elsevier, 2018, pp. 807–23.'
short: E. Weishäupl, E. Yasasin, G. Schryen, Computers & Security 77 (2018)
807–823.
date_created: 2018-11-14T11:24:37Z
date_updated: 2022-01-06T07:02:03Z
ddc:
- '000'
department:
- _id: '277'
extern: '1'
file:
- access_level: open_access
content_type: application/pdf
creator: hsiemes
date_created: 2018-12-07T11:26:53Z
date_updated: 2018-12-13T15:06:10Z
file_id: '6022'
file_name: JOURNAL VERSION.pdf
file_size: 809490
relation: main_file
file_date_updated: 2018-12-13T15:06:10Z
has_accepted_license: '1'
intvolume: ' 77'
keyword:
- Information Security Investments
- Multiple Case Study
- Organizations
- Single Loop Learning
- Double Loop Learning
language:
- iso: eng
oa: '1'
page: 807 - 823
publication: Computers & Security
publisher: Elsevier
status: public
title: 'Information Security Investments: An Exploratory Multiple Case Study on Decision-Making,
Evaluation and Learning'
type: journal_article
user_id: '61579'
volume: 77
year: '2018'
...