Vasant Raval

About the Future

(2000). About the Future…. Information Strategy: The Executives Journal: Vol. 17, No. 1, pp. 39-45.

Market Price Effects of Data Security Breaches

ABSTRACT This study examines the impact of reported breaches in computer security using event study analysis. We use the event-study methodology to measure the magnitude of the effect of data security breach events on the behavior of stock markets. Our data come from security breaches spanning a ten-year period and involving various industries. The findings of the study suggest that there exist abnormal negative stock price returns following the announcement of a breach. Such abnormal negative returns persist over the next several years. Moreover, the source of data breach may moderate the price effect; the market tends to punish more heavily those compromises that could have been avoided with reasonable precautions by the breached company.

Guidelines for Compliance with Sarbanes-Oxley

Abstract Over the past few years, cases of miserable failure in corporate governance have shocked the financial world. Enron and WorldCom are just two examples of how a few people in a position of power can cause unprecedented damage to hundreds of thousands of people, including investors, employees, and retirees. Lessons thus learned created a wave of regulations, the most significant being the Sarbanes-Oxley Act of 2002, the first major overhaul in the area of securities since the Securities Exchange Act of 1934.

Impact of information systems on customers

Abstract The distinction between “users” of information systems of an organization and “customers” of the organization has not surfaced clearly in the literature on information systems planning and implementation. Also, the impact of the organizations information system on its customer is neither assessed nor clarified. This paper seeks to expose and, to some extent, fill these gaps. Based on his experience, the author derives three classes of assumptions likely to be made by organizations in managing the interface with their customers. Possible implications of such assumptions are discussed, and suggestions for planning the interface are offered.

Private Ordering in Light of the Law: Achieving Consumer Protection Through Payment Card Security Measures

A private ordering regime has developed within the payment card industry to define appropriate security practices and to monitor compliance by network participants. Market demands for trustworthy systems upon which consumers and merchants could rely provide incentives for security, which the card brands supplement by privately designed fines and sanctions imposed through contract. Although private ordering has functioned sufficiently well to make payment cards a trusted payment method, the system is not completely secure, as data security breaches continue to occur. This is not surprising, as complete security is not a feasible goal. Nevertheless, some have questioned whether additional government regulation is necessary to protect consumers. This article explores the effects of legal intervention, including disclosure laws, on this private ordering system. It questions whether additional government intervention would enhance consumer welfare, particularly when consumers will likely bear the ultimate costs of such regulation. It recommends modifications in breach disclosure laws to eliminate individual notice requirements in favor of public notices, which may reduce costs and enhance consumer welfare. It challenges “bounty” enforcement regimes, such as FACTA, which offer little marginal benefit to consumers while substantially raising costs. It identifies practical and political problems presented by the different capacities of large and small firms to bear security costs, which are not easily solved under either private ordering or legislative approaches. Finally, it offers a set of policy issues as a possible agenda for consideration by policy makers and researchers in this domain.

Information Systems Audits: What's in It for Executives?

Companies in which executives and top managers view the IS audit as a critical success factor often achieve significant benefits that include decrease in cost, increase in profits, more robust and useful systems, enhanced company image, and ability to respond quickly to changing market needs and technology influences.

Risk Landscape of Autonomous Cars

Abstract This article presents a study of how automobile risks are changing over time as the level of automation shifts from the traditional to semi-autonomous to fully autonomous car. The study involves the concept of comparative advantage between the human driver and the driverless car to determine how the roles between the two have been changing and, in turn, how the change affects attendant risks. To develop a risk landscape across changes in levels of automation, the roles of human driver and driverless car are matched with the five levels of automation used to describe the phases of development of the driverless car. We conclude that the costs associated with fatal accidents will decrease sharply over time as the driverless cars are deployed on the road. And we offer implications for policy, regulation, and insurance based on our analysis of the changing risk landscape.

Security, Society, and Skepticism

Abstract Its nearly two years later, and the repercussions of 9/11 are still being felt in the security community. Heightened security awareness combined with tightened security measures brings more to the process of securing. Now, for air travelers, there are more questions to answer, longer lines for security clearance, and perhaps the need to unpack and pack bags that are selected for a search. The added steps are apparently viewed as more inconvenience, greater inefficiency, loss of productivity, and considerable additional stress. and the customer-friendly service that the airlines claim goes counter to the aim of physical security. The question is: to what degree can security measures be customer friendly?