Social engineering continues to be an increasing attack vector for the propagation of
malicious programs. For this article, we collected data on malware incidents and highlighted …

This paper reviews Information Systems (IS) literature that is relevant to Information
Technology Governance (ITG) and examines how it informs Accounting Information Systems …

When investing in cyber security resources, information security managers have to follow
effective decision-making strategies. We refer to this as the cyber security investment …

Lagging IT security investments in small and medium-sized enterprises (SME) point towards
a security divide between SME and large enterprises, yet our structured literature review …

This study identifies the effects of security investments that arise from previous failures or
external regulatory pressure. Building on organizational learning theory, the study focuses …

Security breaches adversely impact profit margins, market capitalization and brand image of
an organization. Global organizations resort to the use of technological devices to reduce …

This study investigates the risk of insider threats associated with different applications within
a financial institution. Extending routine activity theory (RAT) from criminology literature to …

Purpose The purpose of the study is to explore the factors associated with the extent of
security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the …

Firms often disclose information security risk factors in public filings such as 10-K reports.
The internal information associated with disclosures may be positive or negative. In this …

Purpose Employees must receive proper cybersecurity training so that they can recognize
the threats to their organizations and take the appropriate actions to reduce cyber risks …