We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Assessing Privacy and Security of Information Systems from Audit Data.
- Authors
Westland, J. Christopher
- Abstract
We investigated publicly reported security breaches of internal controls in corporate information systems to determine whether U.S. Securities and Exchange Commission (SEC) data are information bearing with respect to breaches of security and privacy. The issue has grown in importance as information systems breaches have steadily grown costlier and more frequent. Our analysis supports a high predictability for credit card breaches, portable device related breaches and breaches conducted by firm insiders. Our study also found evidence that employees are subverting particularly strict internal controls by using portable devices that can be carried outside the physical boundaries of the firm. In general, auditing and corporate data filed with the SEC was non-informative with regard to breaches involving unintended disclosures, physical losses, hacking and malware and workplace computers. Scope and fees associated with auditing are significant factors in predicting security breaches, whereas assessments of internal controls effectiveness was shown to be less significant for prediction.
- Subjects
UNITED States. Securities &; Exchange Commission; DATA privacy; SECURITY systems; INFORMATION storage &; retrieval systems; INFORMATION technology security; INTERNAL auditing; XBRL (Document markup language); COMPUTER hacking
- Publication
Information Systems Frontiers, 2022, Vol 24, Issue 5, p1417
- ISSN
1387-3326
- Publication type
Article
- DOI
10.1007/s10796-021-10129-5