1 |
Hausken, K., "Returns to Information Security Investment: The Effect of Alternative Information Security Breach Functions on Optimal Investment and Sensitivity to Vulnerability," Information Systems Frontiers, Vol. 8, No. 5, pp. 338-349, 2006.
DOI
|
2 |
Hausken, K., "Information sharing among firms and cyber attacks," Journal Accounting Public Policy, Vol. 26, No. 6, pp. 639-688, 2007.
DOI
|
3 |
Hendricks, K. and McAfee, R. P., "Feints," Journal of Economics & Management Strategy, Vol. 15, No. 2, pp. 431-456, 2006.
DOI
|
4 |
Hui, K. L., Hui, W., and Yue, W. T., "Information Security Outsourcing with System Interdependency and Mandatory Security Requirement," Journal of Management Information Systems, Vol. 29, No. 3, pp. 117-155, 2012.
DOI
|
5 |
Keblawi, F. and Sullivan, D., "The Case for Flexible NIST Security Standards," IEEE Computer Society, June, pp. 19-26, 2007.
|
6 |
Krebs, R., Hackers Test Limits of Credit Card Security Standards, Washington Post, April 16, 2009, available at voices. washingtonpost.com/securityfix/2009/04/ the_number_scale_and_sophistic.html.
|
7 |
Lee, C. Geng, X., and Raghunathan, S., "Mandatory Standards and Organizational Information Security," Information Systems Research, Vol. 27, No. 1, pp. 70-86, 2016.
DOI
|
8 |
Lee, C., Geng, X., and Raghunathan, S., "Contracting Information Security in the Presence of Double Moral Hazard," Information Systems Research, Vol. 24, No. 2, pp. 295-311, 2013.
DOI
|
9 |
Loch, K., Carr, H., and Warkentin, M., "Threats to Information Systems: Today's Reality, Yesterday's Understanding," MIS Quarterly, Vol. 16, No. 2, pp. 173-186, 1992.
DOI
|
10 |
Miller, A. R. and Tucker, C. E., "Encryption and Data Loss, The Ninth Workshop on the Economics of Information Security," Harvard University, USA, p. 29, 2010.
|
11 |
Schwartz, R., "Legal Regimes, Audit Quality and Investment," The Accounting Review, Vol. 72, No. 3, pp. 385-406, 1997.
|
12 |
Narasimhan, H., Varadarajan, V., and Rangan, C. P., "Towards a Cooperative Defense Model Against Network Security Attacks," Tenth Workshop on the Economics of Information Security, 2010.
|
13 |
Romanosk, S., Telang, R., and Acquisti, A., "Do Data Breach Disclosure Laws Reduce Identity Theft?," Seventh Workshop on the Economics of Information Security, June 25-28, 2008.
|
14 |
Ross, R., "Managing Enterprise Security Risk with NIST Standards," IEEE Computer Society, August, pp. 88-91, 2007.
|
15 |
Rothke, B. and Mundhenk, D., Sue the Auditor and Shut Down the Firm (July 9), 2009, Available at http://www.csoonline.com/ar ticle/496923/Sue_the_Auditor_and_Shut_Down_the_Firm.
|
16 |
Schechter, S. E. and Smith, M. D., "How Much Security is Enough to Stop a Thief?," Lecture Notes in Computer Science, Vol. 2742, pp. 122-137, 2003.
|
17 |
Shim, W., "An Ex Ante Evaluation Method for Assessing a Government Enforced Security Measure," The Journal of Society for e-Business Studies, Vol. 20, No. 4, pp. 241-256, 2015.
DOI
|
18 |
Tirole, J., "Cognition and Incomplete Contracts," The American Economic Review, Vol. 99, No. 1, pp. 265-294, 2009.
DOI
|
19 |
Varian, H., "System Reliability and Free Riding," Economics of Information Security, Kluwer, pp 1-15, 2004.
|
20 |
Willekens, M., Steele, A., and Miltz, D., "Audit Standards and Auditor Liability: A Theoretical Model," Accounting and Business Research, Vol. 26, No. 3, pp. 249-264, 1996.
DOI
|
21 |
Morse, E. A. and Raval, V., "PCI DSS: Payment card industry data security standards in context," Computer Law& Security Report, Vol. 24, pp. 540-554, 2008.
DOI
|
22 |
Crawford, V., "Lying for Strategic Advantage: Rational and Boundedly Rational Misrepresentation of Intentions," The American Economic Review, Vol. 93, No. 1, pp. 133-149, 2003.
DOI
|
23 |
Adams, A. and Sasse, M. A., "Users are Not the Enemy," Communications of the ACM, Vol. 42, No. 12, pp. 41-46, 1999.
|
24 |
Battigalli, P. and Maggi, G., "Rigidity, Discretion, and the Costs of Writing Contracts," The American Economic Review, Vol. 92, No. 4, pp. 798-817, 2002.
DOI
|
25 |
Zetter, K., In Legal First, Data-Breach Suit Targets Auditor, Wired (June 2), 2009, Available at http://www.wired.com/ threatlevel/2009/06/auditor_sued/.
|
26 |
Zhao, X, Xue, L., and Whinston, A. B., "Managing Interdependent Information Security Risks: A Study of Cyberinsurance, Managed Security Service and Risk Pooling," International Conference on Information Systems, Phoenix, AZ, 2009.
|
27 |
Bernheim B. D. and Whinston, M. D., "Incomplete Contracts and Strategic Ambiguity," The American Economic Review, Vol. 88, No. 4, pp. 902-932, 1998.
|
28 |
Cavusoglu, H., Mishra, B., and Raghunathan, S., "The Value of Intrusion Detection Systems in Information Technology Security Architecture," Information Systems Research, Vol. 16, No. 1, pp. 28-46, 2005.
DOI
|
29 |
Cavusoglu, H., Raghunathan, S., and Cavusoglu, H., "Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems," Information Systems Research, Vol. 20, No. 2, pp. 198-217, 2009.
DOI
|
30 |
Culnan, M. J. and Williams, C. C., "How ethics can enhance organizational privacy: Lessons from the choicepoint and TJX data breaches," MIS Quarterly, Vol. 33, No. 4, pp. 673-687, 2009.
DOI
|
31 |
Dey, D., Fan, M., and Zhang, C., "Design and Analysis of Contracts for Software Outsourcing," Information Systems Research, Vol. 21, No. 1, pp. 93-114, 2010.
DOI
|
32 |
Dye, R. A., "Auditing Standards, Legal Liability, and Auditor Wealth," The Journal of Political Economy, Vol. 101, No. 5, pp. 887-914, 1993.
DOI
|
33 |
Ewert, R. and Wagenhofer, A., "Economic Effects of Tightening Accounting Standards to Restrict Earnings Management," The Accounting Review, Vol. 80, pp. 1101-1024, 2005.
DOI
|
34 |
Geng, X., Huang, Y., and Whinston, A. B., "Defending Wireless Infrastructure Against the Challenge of DDoS Attacks," ACM Journal on Mobile Networking and Applications, Vol. 7, No. 3, pp. 213-223, 2002.
DOI
|
35 |
Grossklags, J., Christin, N., and Chuang, J., "Secure or Insure? A Game-Theoretic Analysis of Information Security Games," Proceedings of the 17th International World Wide Web Conference, 2008.
|
36 |
Gordon, L. A., Loeb, M., and Lucyshyn, W., "Sharing Information on Computer Systems Security: An Economic Analysis," Journal of Accounting Public Policy, Vol. 22, No. 6, pp. 461-485, 2003.
DOI
|