Return to search

Three Essays on Information Security Risk Management

Today's environment is filled with the proliferation of cyber-attacks that result in losses for organizations and individuals. Hackers often use compromised websites to distribute malware, making it difficult for individuals to detect. The impact of clicking through a link on the Internet that is malware infected can result in consequences such as private information theft and identity theft. Hackers are also known to perpetrate cyber-attacks that result in organizational security breaches that adversely affect organizations' finances, reputation, and market value. Risk management approaches for minimizing and recovering from cyber-attack losses and preventing further cyber-attacks are gaining more importance. Many studies exist that have increased our understanding of how individuals and organizations are motivated to reduce or avoid the risks of security breaches and cyber-attacks using safeguard mechanisms. The safeguards are sometimes technical in nature, such as intrusion detection software and anti-virus software. Other times, the safeguards are procedural in nature such as security policy adherence and security awareness and training. Many of these safeguards fall under the risk mitigation and risk avoidance aspects of risk management, and do not address other aspects of risk management, such as risk transfer. Researchers have argued that technological approaches to security risks are rarely sufficient for providing an overall protection of information system assets. Moreover, others argue that an overall protection must include a risk transfer strategy. Hence, there is a need to understand the risk transfer approach for managing information security risks. Further, in order to effectively address the information security puzzle, there also needs to be an understanding of the nature of the perpetrators of the problem – the hackers. Though hacker incidents proliferate the news, there are few theory based hacker studies. Even though the very nature of their actions presents a difficulty in their accessibility to research, a glimpse of how hackers perpetrate attacks can be obtained through the examination of their knowledge sharing behavior. Gaining some understanding about hackers through their knowledge sharing behavior may help researchers fine-tune future information security research. The insights could also help practitioners design more effective defensive security strategies and risk management efforts aimed at protecting information systems. Hence, this dissertation is interested in understanding the hackers that perpetrate cyber-attacks on individuals and organizations through their knowledge sharing behavior. Then, of interest also is how individuals form their URL click-through intention in the face of proliferated cyber risks. Finally, we explore how and why organizations that are faced with the risk of security breaches, commit to cyberinsurance as a risk management strategy. Thus, the fundamental research question of this dissertation is: how do individuals and organizations manage information security risks?

Identiferoai:union.ndltd.org:unt.edu/info:ark/67531/metadc1157576
Date05 1900
CreatorsOgbanufe, Obiageli
ContributorsKim, Dan J., Evangelopoulos, Nick, Pavur, Robert, Rao, Raghav H.
PublisherUniversity of North Texas
Source SetsUniversity of North Texas
LanguageEnglish
Detected LanguageEnglish
TypeThesis or Dissertation
Formatviii, 169 pages, Text
RightsPublic, Ogbanufe, Obiageli, Copyright, Copyright is held by the author, unless otherwise noted. All rights Reserved.

Page generated in 0.0026 seconds