Communications of the Association for Information Systems, 2014
Firms are under increasing regulatory pressures to protect consumers' confidential information. T... more Firms are under increasing regulatory pressures to protect consumers' confidential information. The focus of this article is to examine the impact of federal and state breach notification laws in coaxing organizations to improve security of customers' confidential information. Specifically, we use event-study methodology to examine the impact of security breach announcements on the market value of firms during the period before and after the enactment of this legislation. Our results show that the negative impacts of security breach announcements on stock prices have been reduced significantly after the enactment of federal and state security breach notification laws.
Diligent compliance with Information security Policies (ISP) can effectively deter threats but ca... more Diligent compliance with Information security Policies (ISP) can effectively deter threats but can also adversely impact organizational productivity, impeding organizational task completion during extreme events. This paper examines employees' job performance during extreme events. We use the conservation of resources (COR) theory to examine how psychological resources (individual resilience, job meaningfulness, self-efficacy) and organizational resources (incident command leadership, information availability, and perceived effectiveness of security and privacy controls) influence ISP compliance decisions and job performance during extreme events. The results show that a one-size-fits-all approach to ISP is not ideal during extreme events; ISP can distract employees from critical job tasks. We also observed that under certain conditions, psychological resources, such as individual resilience, are reserved for job performance, while others, such as self-efficacy, are reserved for ISP compliance. A post hoc analysis of data from respondents who experienced strain during a real extreme event while at work was conducted. Our discussion provides recommendations on how security and privacy policies can be designed to reflect disaster conditions by relaxing some policy provisions.
Insiders can engage in malicious activities against organizations such as data theft and sabotage... more Insiders can engage in malicious activities against organizations such as data theft and sabotage. Prior research on insider threat behavior indicates that once motivated to commit malicious activity, insiders seek opportunity where they can act without being detected. In this research we set up an experiment where we leverage this opportunistic behavior and present participants with messages signaling opportunity for data theft. In the experiment, students were engaged in routine tasks with a bonus based on their performance. While working on their assigned tasks, they were presented with opportunities (probes) to steal data that would increase their payout. Their pre and post probe behavior was observed to test if they engaged in behavior that was deemed suspicious when they received the probe. The goal of the project is to test whether the overclaiming personality trait is a predictor of malicious insider behavior and this was measured through the Over Claiming questionnaire developed by Paulhaus (Paulhaus et al. 2003) The results indicated that over claiming proved to be a strong predictor of malicious insider behavior.
Hackers pose a continuous and unrelenting threat to organizations. Industry and academic research... more Hackers pose a continuous and unrelenting threat to organizations. Industry and academic researchers alike can benefit from a greater understanding of how hackers engage in criminal behavior. A limiting factor of hacker research is the inability to verify that self-proclaimed hackers participating in research actually possess their purported knowledge and skills. This paper presents current work in developing and validating a conceptual-expertise based tool that can be used to discriminate between novice and expert hackers. The implications of this work are promising since behavioral information systems researchers operating in the information security space will directly benefit from the validation of this tool.
Insider attacks are able to evade traditional security controls because the perpetrators of the a... more Insider attacks are able to evade traditional security controls because the perpetrators of the attack often have legitimate access to protected systems and data. Massive logging of user online activity data (e.g. file access or transfer, use of data storage devices, email records) is collected and analyzed to detect insider attacks (e.g. data theft, fraud, policy violation, etc.). Such techniques are fraught with drawbacks and limitations: 1) the proverbial “needle in a haystack problem,” where very little useful information is found in massive data sets, especially where the incidence of malicious insider activities is very small compared to that of legitimate actors; 2) employee privacy issues may exist about the company monitoring employee behavior; and 3) these techniques are largely wanting in their accuracy, leading to notably high false positive rates. Perhaps the most salient limitation of these techniques is that the analyses are post-hoc, and by the time the activity is d...
Journal of the Association for Information Systems, 2017
An unexplored gap in IT adoption research concerns the positive role of shared benefits even when... more An unexplored gap in IT adoption research concerns the positive role of shared benefits even when personal information is exposed. To explore the evaluation paradigm of shared benefits versus the forfeiture of personal information, we analyze how utility consumers use smart metering technology (SMT). In this context, utility companies can monitor electricity usage and directly control consumers' appliances to disable them during peak load conditions. Such information could reveal consumers' habits and lifestyles and, thus, stimulating concerns about their privacy and the loss of control over their appliances. Responding to calls for theory contextualization, we assess the efficacy of applying extant adoption theories in this emergent context while adding the perspective of the psychological ownership of information. We use the factorial survey method to assess consumers' intentions to adopt SMT in the presence of specific conditions that could reduce the degree of their privacy or their control over their appliances and electricity usage data. Our findings suggest that, although the shared benefit of avoiding disruptions in electricity supply (brownouts) is a significant factor in electricity consumers' decisions to adopt SMT, concerns about control and information privacy are also factors. Our findings extend the previous adoption research by exploring the role of shared benefits and could provide utility companies with insights into the best ways to present SMT to alleviate consumers' concerns and maximize its adoption.
Journal of the Association for Information Systems, 2017
A leading cause of security breaches is a basic human vulnerability: our susceptibility to decept... more A leading cause of security breaches is a basic human vulnerability: our susceptibility to deception. Hackers exploit this vulnerability by sending phishing emails that induce users to click on malicious links that then download malware or trick the victim into revealing personal confidential information to the hacker. Past research has focused on human susceptibility to generic phishing emails or individually targeted spear-phishing emails. This study addresses how contextualization of phishing emails for targeted groups impacts their susceptibility to phishing. We manipulated the framing and content of email messages and tested the effects on users' susceptibility to phishing. We constructed phishing emails to elicit either the fear of losing something valuable (e.g., course registrations, tuition assistance) or the anticipation of gaining something desirable (e.g., iPad, gift card, social networks). We designed the emails' context to manipulate human psychological weaknesses such as greed, social needs, and so on. We sent fictitious (benign) emails to 7,225 undergraduate students and recorded their responses. Results revealed that contextualizing messages to appeal to recipients' psychological weaknesses increased their susceptibility to phishing. The fear of losing or anticipation of gaining something valuable increased susceptibility to deception and vulnerability to phishing. The results of our study provide important contributions to information security research, including a theoretical framework based on the heuristic-systematic processing model to study the susceptibility of users to deception. We demonstrate through our experiment that several situational factors do, in fact, alter the effectiveness of phishing attempts.
2015 International Conference on Connected Vehicles and Expo (ICCVE), 2015
In order to better manage the premiums and encourage safe driving, many commercial insurance comp... more In order to better manage the premiums and encourage safe driving, many commercial insurance companies (e.g., Geico, Progressive) are providing options for their customers to install sensors on their vehicles which collect individual vehicle's traveling data. The driver's insurance is linked to his/her driving behavior. At the other end, through analyzing the historical traveling data from a large number of vehicles, the insurance company could build a classifier to predict a new driver's driving style: aggressive or defensive. However, collection of such vehicle traveling data explicitly breaches the drivers' personal privacy. To tackle such privacy concerns, this paper presents a privacypreserving driving style recognition technique to securely predict aggressive and defensive drivers for the insurance company without compromising the privacy of all the participating parties. The insurance company cannot learn any private information from the vehicles, and vice-versa. Finally, the effectiveness and efficiency of the privacy-preserving driving style recognition technique are validated with experimental results.
Cybersecurity is a difficult and complex field. The technical, political and legal questions surr... more Cybersecurity is a difficult and complex field. The technical, political and legal questions surrounding it are complicated, often stretching a spectrum of diverse technologies, varying legal bodies, different political ideas and responsibilities. Cybersecurity is intrinsically interdisciplinary, and most activities in one field immediately affect the others. Technologies and techniques, strategies and tactics, motives and ideologies, rules and laws, institutions and industries, power and money-all of these topics have a role to play in cybersecurity, and all of these are tightly interwoven. The SpringerBriefs in Cybersecurity series is comprised of two types of briefs: topic-and country-specific briefs. Topic-specific briefs strive to provide a comprehensive coverage of the whole range of topics surrounding cybersecurity, combining whenever possible legal, ethical, social, political and technical issues. Authors with diverse backgrounds explain their motivation, their mindset, and their approach to the topic, to illuminate its theoretical foundations, the practical nuts and bolts and its past, present and future. Country-specific briefs cover national perceptions and strategies, with officials and national authorities explaining the background, the leading thoughts and interests behind the official statements, to foster a more informed international dialogue.
Cyber warfare has been simmering for a long time and has gradually morphed into a key strategic w... more Cyber warfare has been simmering for a long time and has gradually morphed into a key strategic weapon in international conflicts. Doctrines of several countries consider cyber warfare capability as essential to gain strategic superiority or as a counterbalance to military inferiority. Countries are attempting to reach consensus on confidence building measures in cyber space while racing with each other to acquire cyber weaponry. These attempts are strongly influenced by the problem of clear attribution of cyber incidents as well as political imperatives. Game theory has been used in the past for such problems in international relations where players compete with each other and the actions of the players are interdependent. Problems in cyber warfare can benefit from similar game theoretic concepts. We discuss in this book chapter the state of cyber warfare, the key imperatives for the countries, and articulate how countries are jostling with each other in the cyber domain especially in the context of poor attribution and verification in the cyber domain. We present game theoretic models for a few representative problems in the cyber warfare domain.
Many governmental agencies and businesses organizations use networked systems to provide a number... more Many governmental agencies and businesses organizations use networked systems to provide a number of services. Such a service-oriented network can be implemented as an overlay on top of the physical network. It is well recognized that the performance of many of the networked computer systems is severely degraded under node and edge failures. The focus of our work is on the resilience of service-oriented networks. We develop a graph theoretic model for service-oriented networks. Using this model, we propose metrics that quantify the resilience of such networks under node and edge failures. These metrics are based on the topological structure of the network and the manner in which services are distributed over the network. Based on this framework, we address two types of problems. The first type involves the analysis of a given network to determine its resilience parameters. The second type involves the design of networks with a given degree of resilience. We present efficient algorithms for both types of problems. Our approach for solving analysis problems relies on known algorithms for computing minimum cuts in graphs. Our algorithms for the design problem are based on a careful analysis of the decomposition of the given graph into appropriate types of connected components.
Measuring the impact of security breaches on stock valuations of firms
Security breaches can have a significant impact on the financial performance of firms. Informatio... more Security breaches can have a significant impact on the financial performance of firms. Information has become the most valuable asset of an organization and security breaches can lead to loss of confidentiality, availability, and integrity of information as well as to disruption of critical services. With public disclosure laws in place, security breaches of personal private information of clients can cause damage to the firms’ reputation and also lead to legislative sanctions. The evidence on the impact of security breaches is clear. However, the impact is typically difficult to estimate. In this research, the impact of security breaches on an organization is gauged via the reaction of the market. The impact of public disclosure of security breaches on market valuations is estimated using the event study methodology. To conduct this study, incidents of security breaches were collected over the last three years. In addition, reports and news articles corresponding to these breaches were collected from public sources to accurately determine when the event was disclosed publicly. The study considers both severity and type of breach to more precisely calibrate market reaction. Data on stock returns of firms obtained from the CRSP database is used for the event study. This paper describes our research approach, data collection, and the work that will be conducted.
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2011
Use of intermediary hosts as stepping stones to conceal tracks is common in Internet misuse. It i... more Use of intermediary hosts as stepping stones to conceal tracks is common in Internet misuse. It is therefore desirable to find a method to detect whether the originating party is using an intermediary host. Such a detection technique would allow the activation of a number of countermeasures that would neutralize the effects of misuse, and make it easier to trace a perpetrator. This work explores a new approach in determining if a host communicating via TCP is the data originator or if it is acting as a mere TCP proxy. The approach is based on measuring the inter packet arrival time at the receiving end of the connection only, and correlating the observed results with the network latency between the receiver and the proxy. The results presented here indicate that determining the use of a proxy host is possible, if the network latency between the originator and proxy is larger than the network latency between the proxy and the receiver. We show that this technique has potential to be used to detect connections were data is sent through a TCP proxy, such as remote login through TCP proxies, or rejecting spam sent through a bot network.
International Journal of Information Management, 2007
Information system availability is contingent on a robust security infrastructure that provides p... more Information system availability is contingent on a robust security infrastructure that provides protection via preventive, detective, and corrective mechanisms. In this paper, we provide architecture inspired by biological metaphors from immunology and epidemiology for the security infrastructure of distributed information systems. The proposed architecture consists of an immunological model at the micro-level to detect and identify computer pathogens (e.g. viruses and worms), and an epidemiological model at the macro-level to identify distributed attacks.
Security breaches can have a significant economic impact on a firm. With public disclosure laws p... more Security breaches can have a significant economic impact on a firm. With public disclosure laws passed, security breaches involving disclosure of private client information can both damage the firms' reputation and lead to fines by US government agencies. We examined the impact of security breaches of US firms, as measured by their impact on the firm's market value. Data on security breaches were collected over the period 2004-2008. Reports and news articles corresponding to these breaches were obtained from public sources. Using event-study methodology, we estimate the impact of security breaches on the market value of publicly traded firms. Daily stock returns for firms impacted were obtained. Our results indicated that, on average, the announcement of a corporate security breach had a negative impact of about 1% of the market value of the firm during the days surrounding the event.
Resilience Metrics for Service-Oriented Networks: A Service Allocation Approach
IEEE Transactions on Services Computing, 2009
AbstractWe develop a graph-theoretic model for service-oriented networks and propose metrics tha... more AbstractWe develop a graph-theoretic model for service-oriented networks and propose metrics that quantify the resilience of such networks under node and edge failures. These metrics are based on the topological structure of the network and the manner in which services are ...
IEEE Journal on Selected Areas in Communications, 2005
If current trends continue, the next generation of enterprise networks is likely to become a more... more If current trends continue, the next generation of enterprise networks is likely to become a more complex mixture of hardware, communication media, architectures, protocols, and standards. One approach toward reducing the management burden caused by growing complexity is to integrate management support into the inherent function of network operation. In this paper, management support is provided in the form of network components that, simultaneously with their network function, collaboratively project and adjust projections of future state based upon actual network state. It is well known that more accurate predictions over a longer time horizon enables better control decisions. This paper focuses upon improving prediction; the many potential uses of predictive capabilities for predictive network control will be addressed in future work.
Communications of the Association for Information Systems, 2014
Firms are under increasing regulatory pressures to protect consumers' confidential information. T... more Firms are under increasing regulatory pressures to protect consumers' confidential information. The focus of this article is to examine the impact of federal and state breach notification laws in coaxing organizations to improve security of customers' confidential information. Specifically, we use event-study methodology to examine the impact of security breach announcements on the market value of firms during the period before and after the enactment of this legislation. Our results show that the negative impacts of security breach announcements on stock prices have been reduced significantly after the enactment of federal and state security breach notification laws.
Diligent compliance with Information security Policies (ISP) can effectively deter threats but ca... more Diligent compliance with Information security Policies (ISP) can effectively deter threats but can also adversely impact organizational productivity, impeding organizational task completion during extreme events. This paper examines employees' job performance during extreme events. We use the conservation of resources (COR) theory to examine how psychological resources (individual resilience, job meaningfulness, self-efficacy) and organizational resources (incident command leadership, information availability, and perceived effectiveness of security and privacy controls) influence ISP compliance decisions and job performance during extreme events. The results show that a one-size-fits-all approach to ISP is not ideal during extreme events; ISP can distract employees from critical job tasks. We also observed that under certain conditions, psychological resources, such as individual resilience, are reserved for job performance, while others, such as self-efficacy, are reserved for ISP compliance. A post hoc analysis of data from respondents who experienced strain during a real extreme event while at work was conducted. Our discussion provides recommendations on how security and privacy policies can be designed to reflect disaster conditions by relaxing some policy provisions.
Insiders can engage in malicious activities against organizations such as data theft and sabotage... more Insiders can engage in malicious activities against organizations such as data theft and sabotage. Prior research on insider threat behavior indicates that once motivated to commit malicious activity, insiders seek opportunity where they can act without being detected. In this research we set up an experiment where we leverage this opportunistic behavior and present participants with messages signaling opportunity for data theft. In the experiment, students were engaged in routine tasks with a bonus based on their performance. While working on their assigned tasks, they were presented with opportunities (probes) to steal data that would increase their payout. Their pre and post probe behavior was observed to test if they engaged in behavior that was deemed suspicious when they received the probe. The goal of the project is to test whether the overclaiming personality trait is a predictor of malicious insider behavior and this was measured through the Over Claiming questionnaire developed by Paulhaus (Paulhaus et al. 2003) The results indicated that over claiming proved to be a strong predictor of malicious insider behavior.
Hackers pose a continuous and unrelenting threat to organizations. Industry and academic research... more Hackers pose a continuous and unrelenting threat to organizations. Industry and academic researchers alike can benefit from a greater understanding of how hackers engage in criminal behavior. A limiting factor of hacker research is the inability to verify that self-proclaimed hackers participating in research actually possess their purported knowledge and skills. This paper presents current work in developing and validating a conceptual-expertise based tool that can be used to discriminate between novice and expert hackers. The implications of this work are promising since behavioral information systems researchers operating in the information security space will directly benefit from the validation of this tool.
Insider attacks are able to evade traditional security controls because the perpetrators of the a... more Insider attacks are able to evade traditional security controls because the perpetrators of the attack often have legitimate access to protected systems and data. Massive logging of user online activity data (e.g. file access or transfer, use of data storage devices, email records) is collected and analyzed to detect insider attacks (e.g. data theft, fraud, policy violation, etc.). Such techniques are fraught with drawbacks and limitations: 1) the proverbial “needle in a haystack problem,” where very little useful information is found in massive data sets, especially where the incidence of malicious insider activities is very small compared to that of legitimate actors; 2) employee privacy issues may exist about the company monitoring employee behavior; and 3) these techniques are largely wanting in their accuracy, leading to notably high false positive rates. Perhaps the most salient limitation of these techniques is that the analyses are post-hoc, and by the time the activity is d...
Journal of the Association for Information Systems, 2017
An unexplored gap in IT adoption research concerns the positive role of shared benefits even when... more An unexplored gap in IT adoption research concerns the positive role of shared benefits even when personal information is exposed. To explore the evaluation paradigm of shared benefits versus the forfeiture of personal information, we analyze how utility consumers use smart metering technology (SMT). In this context, utility companies can monitor electricity usage and directly control consumers' appliances to disable them during peak load conditions. Such information could reveal consumers' habits and lifestyles and, thus, stimulating concerns about their privacy and the loss of control over their appliances. Responding to calls for theory contextualization, we assess the efficacy of applying extant adoption theories in this emergent context while adding the perspective of the psychological ownership of information. We use the factorial survey method to assess consumers' intentions to adopt SMT in the presence of specific conditions that could reduce the degree of their privacy or their control over their appliances and electricity usage data. Our findings suggest that, although the shared benefit of avoiding disruptions in electricity supply (brownouts) is a significant factor in electricity consumers' decisions to adopt SMT, concerns about control and information privacy are also factors. Our findings extend the previous adoption research by exploring the role of shared benefits and could provide utility companies with insights into the best ways to present SMT to alleviate consumers' concerns and maximize its adoption.
Journal of the Association for Information Systems, 2017
A leading cause of security breaches is a basic human vulnerability: our susceptibility to decept... more A leading cause of security breaches is a basic human vulnerability: our susceptibility to deception. Hackers exploit this vulnerability by sending phishing emails that induce users to click on malicious links that then download malware or trick the victim into revealing personal confidential information to the hacker. Past research has focused on human susceptibility to generic phishing emails or individually targeted spear-phishing emails. This study addresses how contextualization of phishing emails for targeted groups impacts their susceptibility to phishing. We manipulated the framing and content of email messages and tested the effects on users' susceptibility to phishing. We constructed phishing emails to elicit either the fear of losing something valuable (e.g., course registrations, tuition assistance) or the anticipation of gaining something desirable (e.g., iPad, gift card, social networks). We designed the emails' context to manipulate human psychological weaknesses such as greed, social needs, and so on. We sent fictitious (benign) emails to 7,225 undergraduate students and recorded their responses. Results revealed that contextualizing messages to appeal to recipients' psychological weaknesses increased their susceptibility to phishing. The fear of losing or anticipation of gaining something valuable increased susceptibility to deception and vulnerability to phishing. The results of our study provide important contributions to information security research, including a theoretical framework based on the heuristic-systematic processing model to study the susceptibility of users to deception. We demonstrate through our experiment that several situational factors do, in fact, alter the effectiveness of phishing attempts.
2015 International Conference on Connected Vehicles and Expo (ICCVE), 2015
In order to better manage the premiums and encourage safe driving, many commercial insurance comp... more In order to better manage the premiums and encourage safe driving, many commercial insurance companies (e.g., Geico, Progressive) are providing options for their customers to install sensors on their vehicles which collect individual vehicle's traveling data. The driver's insurance is linked to his/her driving behavior. At the other end, through analyzing the historical traveling data from a large number of vehicles, the insurance company could build a classifier to predict a new driver's driving style: aggressive or defensive. However, collection of such vehicle traveling data explicitly breaches the drivers' personal privacy. To tackle such privacy concerns, this paper presents a privacypreserving driving style recognition technique to securely predict aggressive and defensive drivers for the insurance company without compromising the privacy of all the participating parties. The insurance company cannot learn any private information from the vehicles, and vice-versa. Finally, the effectiveness and efficiency of the privacy-preserving driving style recognition technique are validated with experimental results.
Cybersecurity is a difficult and complex field. The technical, political and legal questions surr... more Cybersecurity is a difficult and complex field. The technical, political and legal questions surrounding it are complicated, often stretching a spectrum of diverse technologies, varying legal bodies, different political ideas and responsibilities. Cybersecurity is intrinsically interdisciplinary, and most activities in one field immediately affect the others. Technologies and techniques, strategies and tactics, motives and ideologies, rules and laws, institutions and industries, power and money-all of these topics have a role to play in cybersecurity, and all of these are tightly interwoven. The SpringerBriefs in Cybersecurity series is comprised of two types of briefs: topic-and country-specific briefs. Topic-specific briefs strive to provide a comprehensive coverage of the whole range of topics surrounding cybersecurity, combining whenever possible legal, ethical, social, political and technical issues. Authors with diverse backgrounds explain their motivation, their mindset, and their approach to the topic, to illuminate its theoretical foundations, the practical nuts and bolts and its past, present and future. Country-specific briefs cover national perceptions and strategies, with officials and national authorities explaining the background, the leading thoughts and interests behind the official statements, to foster a more informed international dialogue.
Cyber warfare has been simmering for a long time and has gradually morphed into a key strategic w... more Cyber warfare has been simmering for a long time and has gradually morphed into a key strategic weapon in international conflicts. Doctrines of several countries consider cyber warfare capability as essential to gain strategic superiority or as a counterbalance to military inferiority. Countries are attempting to reach consensus on confidence building measures in cyber space while racing with each other to acquire cyber weaponry. These attempts are strongly influenced by the problem of clear attribution of cyber incidents as well as political imperatives. Game theory has been used in the past for such problems in international relations where players compete with each other and the actions of the players are interdependent. Problems in cyber warfare can benefit from similar game theoretic concepts. We discuss in this book chapter the state of cyber warfare, the key imperatives for the countries, and articulate how countries are jostling with each other in the cyber domain especially in the context of poor attribution and verification in the cyber domain. We present game theoretic models for a few representative problems in the cyber warfare domain.
Many governmental agencies and businesses organizations use networked systems to provide a number... more Many governmental agencies and businesses organizations use networked systems to provide a number of services. Such a service-oriented network can be implemented as an overlay on top of the physical network. It is well recognized that the performance of many of the networked computer systems is severely degraded under node and edge failures. The focus of our work is on the resilience of service-oriented networks. We develop a graph theoretic model for service-oriented networks. Using this model, we propose metrics that quantify the resilience of such networks under node and edge failures. These metrics are based on the topological structure of the network and the manner in which services are distributed over the network. Based on this framework, we address two types of problems. The first type involves the analysis of a given network to determine its resilience parameters. The second type involves the design of networks with a given degree of resilience. We present efficient algorithms for both types of problems. Our approach for solving analysis problems relies on known algorithms for computing minimum cuts in graphs. Our algorithms for the design problem are based on a careful analysis of the decomposition of the given graph into appropriate types of connected components.
Measuring the impact of security breaches on stock valuations of firms
Security breaches can have a significant impact on the financial performance of firms. Informatio... more Security breaches can have a significant impact on the financial performance of firms. Information has become the most valuable asset of an organization and security breaches can lead to loss of confidentiality, availability, and integrity of information as well as to disruption of critical services. With public disclosure laws in place, security breaches of personal private information of clients can cause damage to the firms’ reputation and also lead to legislative sanctions. The evidence on the impact of security breaches is clear. However, the impact is typically difficult to estimate. In this research, the impact of security breaches on an organization is gauged via the reaction of the market. The impact of public disclosure of security breaches on market valuations is estimated using the event study methodology. To conduct this study, incidents of security breaches were collected over the last three years. In addition, reports and news articles corresponding to these breaches were collected from public sources to accurately determine when the event was disclosed publicly. The study considers both severity and type of breach to more precisely calibrate market reaction. Data on stock returns of firms obtained from the CRSP database is used for the event study. This paper describes our research approach, data collection, and the work that will be conducted.
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2011
Use of intermediary hosts as stepping stones to conceal tracks is common in Internet misuse. It i... more Use of intermediary hosts as stepping stones to conceal tracks is common in Internet misuse. It is therefore desirable to find a method to detect whether the originating party is using an intermediary host. Such a detection technique would allow the activation of a number of countermeasures that would neutralize the effects of misuse, and make it easier to trace a perpetrator. This work explores a new approach in determining if a host communicating via TCP is the data originator or if it is acting as a mere TCP proxy. The approach is based on measuring the inter packet arrival time at the receiving end of the connection only, and correlating the observed results with the network latency between the receiver and the proxy. The results presented here indicate that determining the use of a proxy host is possible, if the network latency between the originator and proxy is larger than the network latency between the proxy and the receiver. We show that this technique has potential to be used to detect connections were data is sent through a TCP proxy, such as remote login through TCP proxies, or rejecting spam sent through a bot network.
International Journal of Information Management, 2007
Information system availability is contingent on a robust security infrastructure that provides p... more Information system availability is contingent on a robust security infrastructure that provides protection via preventive, detective, and corrective mechanisms. In this paper, we provide architecture inspired by biological metaphors from immunology and epidemiology for the security infrastructure of distributed information systems. The proposed architecture consists of an immunological model at the micro-level to detect and identify computer pathogens (e.g. viruses and worms), and an epidemiological model at the macro-level to identify distributed attacks.
Security breaches can have a significant economic impact on a firm. With public disclosure laws p... more Security breaches can have a significant economic impact on a firm. With public disclosure laws passed, security breaches involving disclosure of private client information can both damage the firms' reputation and lead to fines by US government agencies. We examined the impact of security breaches of US firms, as measured by their impact on the firm's market value. Data on security breaches were collected over the period 2004-2008. Reports and news articles corresponding to these breaches were obtained from public sources. Using event-study methodology, we estimate the impact of security breaches on the market value of publicly traded firms. Daily stock returns for firms impacted were obtained. Our results indicated that, on average, the announcement of a corporate security breach had a negative impact of about 1% of the market value of the firm during the days surrounding the event.
Resilience Metrics for Service-Oriented Networks: A Service Allocation Approach
IEEE Transactions on Services Computing, 2009
AbstractWe develop a graph-theoretic model for service-oriented networks and propose metrics tha... more AbstractWe develop a graph-theoretic model for service-oriented networks and propose metrics that quantify the resilience of such networks under node and edge failures. These metrics are based on the topological structure of the network and the manner in which services are ...
IEEE Journal on Selected Areas in Communications, 2005
If current trends continue, the next generation of enterprise networks is likely to become a more... more If current trends continue, the next generation of enterprise networks is likely to become a more complex mixture of hardware, communication media, architectures, protocols, and standards. One approach toward reducing the management burden caused by growing complexity is to integrate management support into the inherent function of network operation. In this paper, management support is provided in the form of network components that, simultaneously with their network function, collaboratively project and adjust projections of future state based upon actual network state. It is well known that more accurate predictions over a longer time horizon enables better control decisions. This paper focuses upon improving prediction; the many potential uses of predictive capabilities for predictive network control will be addressed in future work.
Uploads
Papers by Sanjay Goel