This study measures the economic consequences of information security activities, in general, and more specifically the market value of disclosures of information security activities. Since information security activities are primarily non-revenue generating, management tends to view them as the...

This dissertation includes two essays on the economic aspects of information security. The first essay presents a principal-agent model for assessing the value of information security audits. The issue of information security investments is confounded by control problems arising from asymmetric...

This paper empirically examines the impact of the Sarbanes-Oxley Act (SOX) of 2002 on the voluntary disclosure of information security activities by corporations. The empirical evidence provided clearly indicates that SOX is having a positive impact on such disclosure. These findings provide...

The US federal government has fostered a movement toward sharing information concerning computer security, with particular emphasis on protecting critical infrastructure assets that are largely owned by the private sector. As information security is paramount to accurate financial reporting and...

The primary objective of this article is to develop an economics-based analytical framework for assessing the impact of government incentives/regulations designed to offset the tendency to under-invest in cybersecurity related activities by private sector firms. The analysis provided in the...