Cyber Security and Risk Management
Attacks to computer systems can lead to detrimental effects to an organization because it can lead to loss of important information and worse, breakdown of the entire organization system. For this reason, Information security measures must be implemented using vigilant approaches in order to control the pervasive effects of cyber threats and vulnerabilities.
2. What are the needs of the security industry? To answer that question one must first know what the security industry is. Security is not easily defined and can even be considered being the national military defence.
According to National Institute of Standards & Technology (NIST), the overall aim of an organization’s risk management framework is to provide an effective means of fulfilling the mission of the organization. This risk management strategy extends beyond the protection of IT assets. It’s both a technical and managerial function of the IT and security departments (Stoneburner, Goguen, & Feringa, 2002). If effective security principles can be modeled to center around business objectives, then organizations will learn to incorporate security as a core component of their corporate culture.
Another avenue for future research is to examine the time-series change of firms’ cybersecurity risk disclosures. While the essay demonstrates that such disclosure is informative in a cross-sectional setting, it is possible that the change in a firm’s disclosure from year to year may also convey useful information.
Brandel, M. (2007, October 16). Harland Clarke Rechecks Risk Management.
Stoneburner, G. , Goguen, A. , & Feringa, A. (2002). Risk Management
Guide for Information Technology Systems. Falls Church, US: National Institute of Standards & Technology. VeriSign.
Brown, S. V., & Tucker, J. W. (2011). Large‐sample evidence on firms' year‐over‐year MD&A modifications. Journal of Accounting Research, 49(2), 309-346.
Benaroch, M., Chernobai, A., & Goldstein, J. (2012). An internal control perspective on the market value consequences of IT operational risk events. International Journal of Accounting Information Systems, 13(4), 357-381.