Paper Info
Title
Exploring the information content of cyber breach reports and the relationship to internal controls
Abstract
A number of institutions make reports available regarding the types, impacts, or origins of cybersecurity breaches. The information content of cyber breach reports is examined in light of Principle 15 of the 2017 Committee on Sponsoring Organizations Enterprise Risk Management (COSO ERM) information security control framework to understand the degree to which cyber breach reports reflect the established COSO internal control framework. This study utilizes the COSO ERM internal control framework to examine whether current cyber breach reports contain information that may influence a firm’s ability to assess substantial change within its industry due to external forces (COSO ERM Principle 15). As such, this study focuses on data breaches, a special type of cyber incident, which may result in the loss of confidential information. Cyber decision makers rely on this type of information to calibrate information security programs to ensure coverage of relevant threats and the efficient use of available funds. These reports may be used for the purposes of cybersecurity risk assessment and strategic planning. We compare, contrast, and analyzie the reports to identify their utility in such contexts. We also provide an overview of the current cybersecurity reporting environment and suggest revisions to US national cyber policy with the intent of increasing the benefit to reporters and consumers of the data.
Year
DOI
Venue
2022
10.1016/j.accinf.2022.100568
International Journal of Accounting Information Systems
Keywords
DocType
Volume
COSO,Computer Security,Computer Crime,Risk analysis,Security management,Incident,Breach
Journal
46
ISSN
Citations 
PageRank 
1467-0895
0
0.34
References 
Authors
0
3
Name
Order
Citations
PageRank
Benjamin Blakely100.34
Jim Kurtenbach200.34
Lovila Nowak300.34