IDEAS home Printed from https://ideas.repec.org/a/ids/ijmdma/v11y2011i5-6p324-343.html
   My bibliography  Save this article

Reducing cyber harassment through de jure standards: a study on the lack of the information security management standard adoption in the USA

Author

Listed:
  • Gurvirender P.S. Tejay
  • Babak Shoraka

Abstract

Organisational members constantly fall prey to social-engineering attacks divulging sensitive information, which could be used as a basis for cyber harassment. Such harassment could include corporate website defacement, negative campaign through social media, or even corporate sabotage. The potential threat of cyber-harassment is real and can be damaging for an organisation impacting its business performance. These information risks confronting organisations can be mitigated by the implementation of information security standards. In this study, we investigated the lacking adoption of the Information Security Management System (ISMS) standard in the USA. We argued that the primary cause for the low adoption level is the failure to financially justify ISMS related investments. Using the event study method, we examined whether organisations that have adopted the ISMS standard have realised any financial gains. Our results indicate that the adoption of the ISMS standard actually does not create financial value for certified organisations.

Suggested Citation

  • Gurvirender P.S. Tejay & Babak Shoraka, 2011. "Reducing cyber harassment through de jure standards: a study on the lack of the information security management standard adoption in the USA," International Journal of Management and Decision Making, Inderscience Enterprises Ltd, vol. 11(5/6), pages 324-343.
    • Handle: RePEc:ids:ijmdma:v:11:y:2011:i:5/6:p:324-343
    as

    Download full text from publisher

    File URL: http://www.inderscience.com/link.php?id=43407
    Download Restriction: Access to full text is restricted to subscribers.
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kaur, Harpreet & Gupta, Mahima & Singh, Surya Prakash, 2024. "Integrated model to optimize supplier selection and investments for cyber resilience in digital supply chains," International Journal of Production Economics, Elsevier, vol. 275(C).
    2. Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
    3. Bin Srinidhi & Jia Yan & Giri Kumar Tayi, 2008. "Firm-level Resource Allocation to Information Security in the Presence of Financial Distress," Working Papers 2008-17, School of Economic Sciences, Washington State University.
    4. Jaume Belles‐Sampera & Montserrat Guillén & Miguel Santolino, 2014. "Beyond Value‐at‐Risk: GlueVaR Distortion Risk Measures," Risk Analysis, John Wiley & Sons, vol. 34(1), pages 121-134, January.
    5. Adam Behrendt & Vineet M. Payyappalli & Jun Zhuang, 2019. "Modeling the Cost Effectiveness of Fire Protection Resource Allocation in the United States: Models and a 1980–2014 Case Study," Risk Analysis, John Wiley & Sons, vol. 39(6), pages 1358-1381, June.
    6. Linda J. Tallau & Manish Gupta & Raj Sharman, 2010. "Information security investment decisions: evaluating the Balanced Scorecard method," International Journal of Business Information Systems, Inderscience Enterprises Ltd, vol. 5(1), pages 34-57.
    7. Aniruddha Bagchi & Tridib Bandyopadhyay, 2018. "Role of Intelligence Inputs in Defending Against Cyber Warfare and Cyberterrorism," Decision Analysis, INFORMS, vol. 15(3), pages 174-193, September.
    8. Lu Xu & Yanhui Li & Qi Yao, 2022. "Information security investment and purchase decision for personalized products," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(6), pages 2619-2635, September.
    9. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2016. "Mandatory Standards and Organizational Information Security," Information Systems Research, INFORMS, vol. 27(1), pages 70-86, March.
    10. Daniel Schatz & Rabih Bashroush, 2017. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 19(5), pages 1205-1228, October.
    11. Fang Fang & Manoj Parameswaran & Xia Zhao & Andrew B. Whinston, 2014. "An economic mechanism to manage operational security risks for inter-organizational information systems," Information Systems Frontiers, Springer, vol. 16(3), pages 399-416, July.
    12. Guang Zhu & Hu Liu & Mining Feng, 2018. "An Evolutionary Game-Theoretic Approach for Assessing Privacy Protection in mHealth Systems," IJERPH, MDPI, vol. 15(10), pages 1-27, October.
    13. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
    14. Hamid Mohtadi & Swati Agiwal, 2012. "Optimal Security Investments and Extreme Risk," Risk Analysis, John Wiley & Sons, vol. 32(8), pages 1309-1325, August.
    15. Kjell Hausken, 2014. "Returns to information security investment: Endogenizing the expected loss," Information Systems Frontiers, Springer, vol. 16(2), pages 329-336, April.
    16. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    17. Schilling, Andreas & Werners, Brigitte, 2016. "Optimal selection of IT security safeguards from an existing knowledge base," European Journal of Operational Research, Elsevier, vol. 248(1), pages 318-327.
    18. Lawrence A. Gordon & Martin P. Loeb, 2006. "Economic aspects of information security: An emerging field of research," Information Systems Frontiers, Springer, vol. 8(5), pages 335-337, December.
    19. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    20. Mayadunne, Sanjaya & Park, Sungjune, 2016. "An economic model to evaluate information security investment of risk-taking small and medium enterprises," International Journal of Production Economics, Elsevier, vol. 182(C), pages 519-530.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:ids:ijmdma:v:11:y:2011:i:5/6:p:324-343. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sarah Parker (email available below). General contact details of provider: http://www.inderscience.com/browse/index.php?journalID=19 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.