The deterrent and displacement effects of information security enforcement: International evidence

Journal of Management Information Systems

Volumn 25, Issue 2, 2008, Pages 125-144

  Png, Ivan P L ^a   Wang, Chen Yu ^b   Wang, Qiu Hong ^c  

^a NATIONAL UNIVERSITY OF SINGAPORE   (Singapore)

^b BNP PARIBAS   (France)

^c NONE

Author keywords

Economics; Information security; Security attacks; Security enforcement; Unemployment rate

Indexed keywords

ECONOMIC OPPORTUNITIES; EFFECTIVE TIME; EVENT STUDIES; FINANCIAL ECONOMICS; INFORMATION SECURITY; SECURITY ATTACKS; SECURITY ENFORCEMENT; UNEMPLOYMENT RATE; UNEMPLOYMENT RATES;

ECONOMICS;

EID: 63349088117     PISSN: 07421222     EISSN: None     Source Type: Journal    
DOI: 10.2753/MIS0742-1222250206     Document Type: Article

References (30)

1. Acquisti, A.; Friedman, A.; and Telang, R. Is there a cost to privacy breaches? An event study. Paper presented at the Fifth Workshop on the Economics of Information Security (WEIS), Cambridge, UK, June 26-28, 2006.
2. Aktas, N.; de Bodt, E.; and Cousin, J.G. Event studies with a contaminated estimation period. Journal of Corporate Finance, 13, 1 (2007), 129-145.
3. Arora, A.; Nandkumar, A.; and Telang, R. Does information security attack frequency increase with vulnerability disclosure? An empirical analysis. Information Systems Frontier, 8, 5 (2006), 350-362.
4. Becker, G. Crime and punishment: An economic approach. Journal of Political Economy, 76, 2 (March-April 1968), 169-217.
5. Bertrand, M.; Duflo, E.; and Mullainathan, S. How much should we trust differences-indifferences estimations? Quarterly Journal of Economics, 119, 1 (February 2004), 249-275.
6. Campbell, K.; Gordon, L.A.; Loeb, M.P.; and Zhou, L. The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11, 3 (2003), 431-448.
7. Cavusoglu, H.; Mishra, B.; and Raghunathan, S. The effect of Internet security breach announcements on market value: Capital market reactions for breached firms and Internet security developers. International Journal of Electronic Commerce, 9, 1 (Fall 2004), 70-104.
8. Choi, J.P.; Fershtman, C.; and Gandal, N. Internet security, vulnerability disclosure, and software provision. Working paper, Michigan State University, East Lansing, July 2006.
9. DoD hacker sentenced to 21 months hard Time. Information Week (May 12, 2005).
10. Donald, S.G., and Lang, K. Inference with difference-in-differences and other panel data. Review of Economics and Statistics, 89, 2 (2007), 221-233.
11. Fama, E.F.; Fisher, L.; Jensen, M.C.; and Roll, R. The adjustment of stock prices to new information. International Economic Review, 10, 1 (1969), 1-21.
12. Freeman, R.B. The economics of crime. In O. Ashenfelter and D.E. Card (eds.), Handbook of Labor Economics, volume 3C. Amsterdam: Elsevier, 1999, pp. 3529-3571.
13. Garderen, K.J.V., and Shah, C. Exact interpretation of dummy variables in semilogarithmic equations. Econometrics Journal, 5, 1 (2002), 149-159.
14. Heal, G., and Kunreuther, H. Interdependent security: A general model. Working paper 10706, National Bureau of Economic Research, Cambridge, MA, August 2004.
15. Jordan, T., and Taylor, P. A sociology of hackers. Sociological Review, 46, 4 (1998), 757-780.
16. Kannan, K., and Telang, R. Market for software vulnerabilities? Think again. Management Science, 51, 5 (2005), 726-740.
17. Kennedy, RE. Estimation with correctly interpreted dummy variables in semilogarithmic equations. American Economic Review, 71, 4 (1981), 801.
18. Koo, H.W., and Png, I.P.L. Private security: Deterrent or diversion? International Review of Law and Economics, 14, 1 (1994), 87-101.
19. Kshetri, N. The simple economics of cybercrimes. IEEE Security & Privacy, 4, 1 (January-February 2006), 33-39.
20. Kunreuther, H., and Heal, G. Interdependent security. Journal of Risk and Uncertainty, 26, 2-3(2003), 231-249.
21. Lee, D., and McCrary, J. Crime, punishment, and myopia. Working paper no. W11491, National Bureau of Economic Research, Cambridge, MA, July 2005.
22. Mackinlay, A.R. Event studies in economics and finance. Journal of Economic Literature, 35, 1 (1997), 13-39.
23. Mell, P.; Scarfone, K.; and Romansky, S. CVSS: A complete guide to the common vulnerability scoring system version 2.0. First.org (June 2007) (available at www.first.org/cvss/cvss-guide.html).
24. Png, I.P.L.; Tang, C.Q.; and Wang, Q.H. Hackers, users, information security: Welfare analysis. Paper presented at the Fifth Workshop on the Economics of Information Security (WEIS), Cambridge, UK, June 26-28, 2006.
25. Polinsky, A.M., and Shavell, S. The economic theory of public enforcement of law. Journal of Economic Literature, 38, 1 (March 2000), 45-77.
26. Raphael, S., and Winter-Ebmer, R. Identifying the effect of unemployment on crime. Journal of Law and Economics, 44, 1 (April 2001), 259-284.
27. Romania: New citadel of cybercrime. CBS News (October 20, 2003) (available at www.cbsnews.com/stories/2003/10/20/tech/main578965.shtml).
28. Symantec Internet security threat report: Trends for January 05-June 05, vol. VIII. Symantec, Cupertino, CA, September 2005 (available at http://eval.symantec.com/mktginfo/enterprise/white-papers/ent-whitepaper- symantec-internet-security-threat-report-viii.pdf).
29. Symantec Internet security threat report: Trends for July-December 06, vol. XI. Symantec, Cupertino, CA, March 2007 (available at http://eval.symantec. com/mktginfo/enterprise/white-papers/ent-whitepaper-internet-security-threat- report-xi-03-2007.en-us.pdf).
30. Wooldridge, J.M. Introductory Econometrics: A Modern Approach, 3d ed. Mason, OH: Thomson Higher Education, 2006.