1 |
USER COMPENSATION AS A DATA BREACH RECOVERY ACTION: AN INVESTIGATION OF THE SONY PLAYSTATION NETWORK BREACHGoode, Sigi, Hoehle, Hartmut, Venkatesh, Viswanath, Brown, Susan A. 09 1900 (has links)
Drawing on expectation confirmation research, we develop hypotheses regarding the effect of compensation on key customer outcomes following a major data breach and consequent service recovery effort. Data were collected in a longitudinal field study of Sony customers during their data breach in 2011. A total of 144 customers participated in the two-phase data collection that began when the breach was announced and concluded after reparations were made. Using polynomial modeling and response surface analysis, we demonstrate that a modified assimilation-contrast model explained perceptions of service quality and continuance intention and a generalized negativity model explained repurchase intention. The results of our work contribute to research on data breaches and service failure by demonstrating the impacts of compensation on customer outcomes. We discuss theoretical and practical implications.
|
2 |
An Examination of the Privacy Impact Assessment as a Vehicle for Privacy Policy Implementation in U.S. Federal AgenciesPandy, Susan M. 13 February 2013 (has links)
The Privacy Act of 1974 was designed to protect personal privacy captured in the records held by government agencies. However, the scope of privacy protection has expanded in light of advances in technology, heightened security, ubiquitous threats, and the value of information. This environment has raised the expectations for public sector management of sensitive personal information and enhanced privacy protections. While the expanse of privacy policy implementation is broad, this study focuses specifically on how agencies implement privacy impact assessments (PIAs) as required under Section 208 of the E-Government Act of 2002. An enhanced understanding of the PIA implementation process serves as a portal into the strategic considerations and management challenges associated with broader privacy policy implementation efforts.
A case study of how the U.S. Postal Service and the U.S. Department of Veterans Affairs have implemented PIAs provides rich insights into privacy policy implementation and outcomes. Elite interviews enriched by process data and document analysis show how each organization undertook different approaches to PIA implementation over time. This study introduces the sociology of law literature using Lauren Edelman's conceptual framework to understand how organizations respond to and interpret law from within the organization, or endogenously. Building upon Edelman's model, certain characteristics of the PIA implementation are analyzed to provide rich description of the factors that influence the implementation process and lead to different policy outcomes.
The findings reflect valuable insights into the privacy policy implementation process and introduce the sociology of law literature to the field of public administration. This literature furthers our understanding of how organizations enact policy over time, how the implementation process unfolds and is impacted by critical factors, and for identifying emergent patterns in organizations. This study furthers our understanding how privacy policy, in particular, is implemented over time by examining the administrative capacities and levels of professionalism that are utilized to accomplish this effort. This research comes at a critical time in the context of the emerging legal and political environment for privacy that is characterized by new expectations by the public and the expanding role of government to manage and protect sensitive information. / Ph. D.
|
3 |
The Economics of Data Breach: Asymmetric Information and Policy InterventionsGarcia, Michael Erik 23 July 2013 (has links)
No description available.
|
4 |
Reducing Internal Theft and Loss in Small BusinessesLuster, Eric L 01 January 2018 (has links)
Every year, several documented data breaches happen in the United States, resulting in the exposure of millions of electronic records. The purpose of this single-case study was to explore strategies some information technology managers used to monitor employees and reduce internal theft and loss. The population for this study consisted of 5 information technology managers who work within the field of technology in the southwestern region of the United States. Participants were selected using purposeful sampling. The conceptual framework for this study included elements from information and communication boundary theories. Data were collected from semistructured interviews, company standard operating procedures, and policy memorandums, which provided detailed information about technology managers' experiences with data security. The collected data were transcribed, member checked, and triangulated to validate credibility and trustworthiness. Two themes emerged from data analysis: the development of policies, procedures, and standards on internal theft and loss, and the use of technology-driven systems to monitor employees and control theft and loss. Technology-based interventions allow leaders within an organization to protect the integrity of systems and networks while monitoring employee actions and behaviors. Study findings could be used by leaders of business organizations to identify and respond to theft and fraud in the workplace. Business leaders may also be able to use study findings to develop employee monitoring programs that help to prevent the loss of both organizational and customers' data, enhancing public trust as a potential implication for positive social change.
|
5 |
Exploring Data Security Management Strategies for Preventing Data BreachesOfori-Duodu, Michael Samuel 01 January 2019 (has links)
Insider threat continues to pose a risk to organizations, and in some cases, the country at large. Data breach events continue to show the insider threat risk has not subsided. This qualitative case study sought to explore the data security management strategies used by database and system administrators to prevent data breaches by malicious insiders. The study population consisted of database administrators and system administrators from a government contracting agency in the northeastern region of the United States. The general systems theory, developed by Von Bertalanffy, was used as the conceptual framework for the research study. The data collection process involved interviewing database and system administrators (n = 8), organizational documents and processes (n = 6), and direct observation of a training meeting (n = 3). By using methodological triangulation and by member checking with interviews and direct observation, efforts were taken to enhance the validity of the findings of this study. Through thematic analysis, 4 major themes emerged from the study: enforcement of organizational security policy through training, use of multifaceted identity and access management techniques, use of security frameworks, and use of strong technical control operations mechanisms. The findings of this study may benefit database and system administrators by enhancing their data security management strategies to prevent data breaches by malicious insiders. Enhanced data security management strategies may contribute to social change by protecting organizational and customer data from malicious insiders that could potentially lead to espionage, identity theft, trade secrets exposure, and cyber extortion.
|
6 |
Strategies to Prevent Security Breaches Caused by Mobile DevicesGriffin, Tony 01 January 2017 (has links)
Data breaches happen almost every day in the United States and, according to research, the majority of these breaches occur due to a lack of security with organizations' mobile devices. Although most of the security policies related to mobile devices currently in place may meet the guidelines required by law, they often fail to prevent a data breach caused by a mobile device. The main purpose of this qualitative single case study was to explore the strategies used by security managers to prevent data breaches caused by mobile devices. The study population consisted of security managers working for a government contractor located in the southeastern region of the United States. Ludwig von Bertalanffy's general systems theory was used as the conceptual framework of this study. The data collection process included interviews with organization security managers (n = 5) and company documents and procedures (n = 13) from the target organization related to mobile device security. Data from the interviews and organizational documents were coded using thematic analysis. Methodological triangulation of the data uncovered 4 major themes: information security policies and procedures, security awareness, technology management tools, and defense-in-depth. The implications for positive social change from this study include the potential to enhance the organizations' security policies, cultivate a better security awareness training program, and improve the organizations data protection strategies. In addition, this study outlines some strategies for preventing data breaches caused by mobile devices while still providing maximum benefit to its external and internal customers.
|
7 |
Three Essays in Corporate FinanceLiao, Wei-Ju January 2023 (has links)
This thesis examines three important topics in corporate finance: the relation between the dividend-paying status of a firm and its investment and operating performance following a seasoned equity offering (SEO), the market's view on one-dollar CEO salary announcements, and the value of corporate social responsibility (CSR) in the event of a data breach. First, I provide an in-depth analysis of the connection between dividend payouts and corporate investment of SEO firms. Empirical studies have documented the decline in post-issue operating performance of SEO firms, and the potential overinvestment of SEO proceeds seems to be a critical factor. Studies on dividend payouts argue that the agency cost of overinvestment could be lowered when dividends are paid to reduce free cash flows held by managers. To examine the connection, I utilize two post-issue dividend policies, paying consecutive dividends or nothing, to separate my sample of SEO firms and compare the two groups' post-issue investment and operating performance. I find that non-dividend-paying SEO firms overinvest more, leading to the deterioration of asset turnover and worse post-issue operating performance compared with dividend-paying ones. The results suggest a beneficial effect of consistent dividend payouts on post-SEO business operations. Second, I examine the market reaction to the public announcement of a $1 CEO salary decision using explicit reasons for the decision and mechanisms for dealing with the base salary to disentangle possible explanations for the reaction. It shows that the market does not favour the so-called personal sacrifice when CEOs eliminate their salary to counter a downturn or crisis. When a firm is in a predicament or has poor performance, the market sees its CEO’s decision to give up the salary as a signal that the outlook for the firm is bleak and the CEO is attempting to save their position. However, when newly hired CEOs start with a $1 salary, the market reacts positively. The results ascertain that a $1 salary is not seen purely as a vehicle for interest alignment. Third, I investigate whether public firms' CSR activities pay off when they suffer a data breach that potentially harms their reputation and hurts firm value. I use a sample of US data breaches and two sources of environmental, social, and corporate governance (ESG) ratings to investigate whether CSR engagement by public firms mitigates the negative stock market reactions to their data breach announcements. I utilize pre-breach ESG scores to separate my sample of breached firms into high and low CSR groups. Using event study methodology, I find that the market reacts significantly negatively to only the low CSR group's announcements. Consistent with previous studies on how firms benefit from CSR activities when they face adversity and lose public trust, the results suggest that social performance protects firms against information leakage incidents. However, the extent to which the market assesses the ratings from different providers is still divergent, which is a concern for practitioners. / Thesis / Doctor of Philosophy (PhD)
|
8 |
Problematické aspekty ochrany osobních údajů / Problematic Aspects of Personal Data ProtectionVšetečková, Anna January 2018 (has links)
The thesis consists of five chapters, introduction and conclusion. The author of the thesis deals with introduction to the problematics of personal data protection and its relevance in the contemporary world in the introduction of the diploma thesis as well as with demarcation of the aims of the work. In the first chapter, the basic sources of legislation in the area of personal data protection are demarcated, both in Czech and in European and international level. In the second chapter, the attention is paid to the basics of the legislation in the area of personal data protection, whereas the author deals with demarcation of basic concepts, in the second subchapter she gives an overview of basic principles of personal data processing and in the third subchapter she summarizes legal titles for personal data processing. The institute of Data Protection Officer within the meaning of General Regulation is analysed in the third chapter. The first subchapter deals with demarcation of cases where the processor is obliged to designate the Data Protection Officer. The author pays attention to the problematics of requirements for qualification of the Data Protection Officer in the second subchapter. The major theme of third and fourth subchapter is demarcation of Data Protection Officers position to the controller...
|
9 |
Cyber Profiling for Insider Threat DetectionUdoeyop, Akaninyene Walter 01 August 2010 (has links)
Cyber attacks against companies and organizations can result in high impact losses that include damaged credibility, exposed vulnerability, and financial losses. Until the 21st century, insiders were often overlooked as suspects for these attacks. The 2010 CERT Cyber Security Watch Survey attributes 26 percent of cyber crimes to insiders. Numerous real insider attack scenarios suggest that during, or directly before the attack, the insider begins to behave abnormally. We introduce a method to detect abnormal behavior by profiling users. We utilize the k-means and kernel density estimation algorithms to learn a user’s normal behavior and establish normal user profiles based on behavioral data. We then compare user behavior against the normal profiles to identify abnormal patterns of behavior.
|
10 |
Cyber Profiling for Insider Threat DetectionUdoeyop, Akaninyene Walter 01 August 2010 (has links)
Cyber attacks against companies and organizations can result in high impact losses that include damaged credibility, exposed vulnerability, and financial losses. Until the 21st century, insiders were often overlooked as suspects for these attacks. The 2010 CERT Cyber Security Watch Survey attributes 26 percent of cyber crimes to insiders. Numerous real insider attack scenarios suggest that during, or directly before the attack, the insider begins to behave abnormally. We introduce a method to detect abnormal behavior by profiling users. We utilize the k-means and kernel density estimation algorithms to learn a user’s normal behavior and establish normal user profiles based on behavioral data. We then compare user behavior against the normal profiles to identify abnormal patterns of behavior.
|
Page generated in 0.0635 seconds