Cyber Security and Risk Management
According to this a consequence can be both positive and negative. 2. What are the needs of the security industry? To answer that question one must first know what the security industry is. Security is not easily defined and can even be considered being the national military defence.
This risk management strategy extends beyond the protection of IT assets. It’s both a technical and managerial function of the IT and security departments (Stoneburner, Goguen, & Feringa, 2002). If effective security principles can be modeled to center around business objectives, then organizations will learn to incorporate security as a core component of their corporate culture.
Another avenue for future research is to examine the time-series change of firms’ cybersecurity risk disclosures. While the essay demonstrates that such disclosure is informative in a cross-sectional setting, it is possible that the change in a firm’s disclosure from year to year may also convey useful information.
Brandel, M. (2007, October 16). Harland Clarke Rechecks Risk Management.
Stoneburner, G. , Goguen, A. , & Feringa, A. (2002). Risk Management
Guide for Information Technology Systems. Falls Church, US: National Institute of Standards & Technology. VeriSign.
Brown, S. V., & Tucker, J. W. (2011). Large‐sample evidence on firms' year‐over‐year MD&A modifications. Journal of Accounting Research, 49(2), 309-346.
Benaroch, M., Chernobai, A., & Goldstein, J. (2012). An internal control perspective on the market value consequences of IT operational risk events. International Journal of Accounting Information Systems, 13(4), 357-381.