بررسی ویژگی های رخنه های امنیتی اینترنت که ارزش بازار شرکت ها را تحت تاثیر قرار می دهد

The impact of Internet security breaches on firms has been a concern to both researchers and practitioners. One measure of the damage to the breached firm is the observed cumulative abnormal stock market return (CAR) when there is announcement of the attack in the public media. To develop effective Internet security investment strategies for preventing such damage, firms need to understand the factors that lead to the occurrence of CAR. While previous research have involved the use of regression analysis to explore the relationship between firm and attack characteristics and the occurrence of CAR, in this paper we use decision tree (DT) induction to explore this relationship. The results of our DT-based analysis indicate that both attack and firm characteristics determine CAR. While each of our results is consistent with that of at least one previous study, no previous single study has provided evidence that both firm and attack characteristics are determinants of CAR. Further, the DT-based analysis provides an interpretable model in the form of understandable and actionable rules that may be used by decision makers. The DT-based approach thus provides additional insights beyond what may be provided by the regression approach that has been employed in previous research. The paper makes methodological, theoretical and practical contribution to understanding the predictors of damage when a firm is breached.

In the information age, several businesses use the Internet to drive organizational performance and survivability. Amidst its benefits, the Internet opens and exposes organizational networks to security attacks, and in recent times several organizations have been hit with security breaches (i.e. confidentiality, integrity, or availability of a firm’s network, computers or information resources is compromised). An Internet security breach can have negative impacts on the firm’s performance including lower sales revenues, higher expenses, decrease in future profits and dividends, and a reduction in the market value (Gordon et al., 2003 and Power, 2003). The market value of a firm corresponds to the confidence that investors have in that firm. Measuring the market value of a firm that has been compromised is one way of calculating the impact of Internet security breaches. Hence, firm damage can be operationalized as the observed CAR that is attributed to the announcement of Internet security breach. In this paper we use CAR as our measure of firm damage.

In this section we present for each input variable, the sets of rules that include the given subject (e.g. Firm Type) variable as a predictor. Associated with each rule is the relative frequency of there being an abnormal event (i.e. negative CAR) or a normal event (i.e. non-negative CAR) as a result of the announcement of Internet security breach. For each input variable, where relevant, we describe its role in two possible ways described below. It should be noted that for some input variables, one or more of these roles might not apply.