资讯科技在资讯保安中的位置?IT投资、安全意识和数据泄露之间的相互关系

IF 7 2区管理学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Mis Quarterly Pub Date : 2023-03-01 DOI:10.25300/misq/2022/15713

Wilson Weixun Li, Alvin Chung Man Leung, Wei Thoo Yue

{"title":"资讯科技在资讯保安中的位置?IT投资、安全意识和数据泄露之间的相互关系","authors":"Wilson Weixun Li, Alvin Chung Man Leung, Wei Thoo Yue","doi":"10.25300/misq/2022/15713","DOIUrl":null,"url":null,"abstract":"Data breaches can severely damage a firm’s reputation and its customers’ confidence. Firms must therefore continuously invest in security measures to prevent such breaches. However, the effectiveness of security investment has been questioned by both practitioners and academics. We illustrate the bidirectional dynamic relationship between information technology (IT) investment and data breaches moderated by threat and countermeasure security awareness using an eight-year panel of 311 U.S.-listed firms to provide empirical evidence that threat awareness broadens firms’ scope for addressing data-breach issues by investing more in IT than in security. Countermeasure awareness equips firms with sufficient knowledge and experience to ensure effective implementation of IT, which provides more comprehensive protection than security investment alone. Our results suggest that firms should evolve beyond the reactive mindset of solely upgrading security and begin nurturing both threat awareness and countermeasure awareness to address the underlying IT system issues that are the cause of data breaches.","PeriodicalId":49807,"journal":{"name":"Mis Quarterly","volume":"12 3","pages":""},"PeriodicalIF":7.0000,"publicationDate":"2023-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Where is IT in Information Security? The Interrelationship among IT Investment, Security Awareness, and Data Breaches\",\"authors\":\"Wilson Weixun Li, Alvin Chung Man Leung, Wei Thoo Yue\",\"doi\":\"10.25300/misq/2022/15713\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Data breaches can severely damage a firm’s reputation and its customers’ confidence. Firms must therefore continuously invest in security measures to prevent such breaches. However, the effectiveness of security investment has been questioned by both practitioners and academics. We illustrate the bidirectional dynamic relationship between information technology (IT) investment and data breaches moderated by threat and countermeasure security awareness using an eight-year panel of 311 U.S.-listed firms to provide empirical evidence that threat awareness broadens firms’ scope for addressing data-breach issues by investing more in IT than in security. Countermeasure awareness equips firms with sufficient knowledge and experience to ensure effective implementation of IT, which provides more comprehensive protection than security investment alone. Our results suggest that firms should evolve beyond the reactive mindset of solely upgrading security and begin nurturing both threat awareness and countermeasure awareness to address the underlying IT system issues that are the cause of data breaches.\",\"PeriodicalId\":49807,\"journal\":{\"name\":\"Mis Quarterly\",\"volume\":\"12 3\",\"pages\":\"\"},\"PeriodicalIF\":7.0000,\"publicationDate\":\"2023-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Mis Quarterly\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.25300/misq/2022/15713\",\"RegionNum\":2,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Mis Quarterly","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.25300/misq/2022/15713","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 9

摘要

数据泄露会严重损害公司的声誉和客户的信心。因此，企业必须不断投资于安全措施，以防止此类违规行为。然而，证券投资的有效性一直受到实践者和学者的质疑。我们通过对311家美国上市公司进行为期8年的调查，说明了信息技术(IT)投资与数据泄露之间的双向动态关系，该关系受到威胁和对策安全意识的调节，并提供了经验证据，表明威胁意识通过在IT方面的投资多于在安全方面的投资，扩大了公司解决数据泄露问题的范围。对策意识为企业提供了足够的知识和经验，以确保有效实施IT，这比单独的安全投资提供了更全面的保护。我们的研究结果表明，企业应该超越仅仅升级安全的被动思维，并开始培养威胁意识和对策意识，以解决导致数据泄露的潜在IT系统问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Where is IT in Information Security? The Interrelationship among IT Investment, Security Awareness, and Data Breaches

Data breaches can severely damage a firm’s reputation and its customers’ confidence. Firms must therefore continuously invest in security measures to prevent such breaches. However, the effectiveness of security investment has been questioned by both practitioners and academics. We illustrate the bidirectional dynamic relationship between information technology (IT) investment and data breaches moderated by threat and countermeasure security awareness using an eight-year panel of 311 U.S.-listed firms to provide empirical evidence that threat awareness broadens firms’ scope for addressing data-breach issues by investing more in IT than in security. Countermeasure awareness equips firms with sufficient knowledge and experience to ensure effective implementation of IT, which provides more comprehensive protection than security investment alone. Our results suggest that firms should evolve beyond the reactive mindset of solely upgrading security and begin nurturing both threat awareness and countermeasure awareness to address the underlying IT system issues that are the cause of data breaches.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Mis Quarterly 工程技术-计算机：信息系统

CiteScore

13.30

自引率

4.10%

发文量

审稿时长

6-12 weeks

期刊介绍： Journal Name: MIS Quarterly Editorial Objective: The editorial objective of MIS Quarterly is focused on: Enhancing and communicating knowledge related to: Development of IT-based services Management of IT resources Use, impact, and economics of IT with managerial, organizational, and societal implications Addressing professional issues affecting the Information Systems (IS) field as a whole Key Focus Areas: Development of IT-based services Management of IT resources Use, impact, and economics of IT with managerial, organizational, and societal implications Professional issues affecting the IS field as a whole