References
- Ahmad, A., Maynard, S. B., & Shanks, G. (2015). A case analysis of information systems and security incident responses. International Journal of Information Management, 35(6), 717–723. https://doi.org/10.1016/j.ijinfomgt.2015.08.001
- Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behavior: A practice perspective. Computers & Security, 98(2020), 102003. https://doi.org/10.1016/j.cose.2020.102003
- Angst, C. M., Block, E. S., D’arcy, J., & Kelley, K. (2017). When do IT security investments matter? Accounting for the influence of institutional factors in the context of healthcare data breaches. MIS Quarterly, 41(3), 893–916. https://doi.org/10.25300/MISQ/2017/41.3.10
- Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448. https://doi.org/10.3233/JCS-2003-11308
- Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 69–104. https://doi.org/10.1080/10864415.2004.11044320
- Chen, P., Kataria, G., & Krishnan, R. (2011). Correlated failures, diversification, and information security risk management. MIS Quarterly, 35(2), 397–422. https://doi.org/10.2307/23044049
- Connolly, L. Y., & Wall, D. S. (2019). The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasures. 87. https://doi.org/10.1016/j.cose.2019.101568
- Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining Cybersecurity. Technology Innovation Management Review, 4(10), 13–21. https://doi.org/10.22215/timreview/835
- Da Veiga, A., Astakhova, L. V., Botha, A., & Herselman, M. (2020). Defining organizational information security culture—perspectives from academia and industry. Computers & Security, 92, 101713. https://doi.org/10.1016/j.cose.2020.101713
- Evangelopoulos, N., Zhang, X., & Prybutok, V. R. (2012). Latent semantic analysis: Five methodological recommendations. European Journal of Information Systems, 21(1), 70–86. https://doi.org/10.1057/ejis.2010.61
- Garg, A., Curtis, J., & Halper, H. (2003). Quantifying the financial impact of IT security breaches. Information Management & Computer Security, 11(2), 74–83. https://doi.org/10.1108/09685220310468646
- Gefen, D., Endicott, J. E., Fresneda, J. E., Miller, J., & Larsen, K. R. (2017). A guide to textual analysis with latent semantic analysis in R with annotated code: Studying online reviews and stack exchange community. Communications of the Association for Information Systems, 41(21), 450–496. https://doi.org/10.17705/1CAIS.04121
- Gerić, S., & Hutinski, Ž. (2007). Information system security threats classifications. Journal of Information and Organizational Sciences, 31(1), 51–61. https://hrcak.srce.hr/21445
- Glaser, A. (2019). Another 540 million Facebook users’ data has been exposed. Slate. Retrieved March 10, 2020, from https://slate.com/technology/2019/04/facebook-data-breach-540-million-users-privacy.html
- Goel, S., & Shawky, H. A. (2009). Estimating the market impact of security breach announcements on firm values. Information & Management, 46(7), 404–410. https://doi.org/10.1016/j.im.2009.06.005
- Gordon, L. A., Loeb, M. P., Sohail, T., Tseng, C., & Zhou, L. (2008). Cybersecurity, capital allocations and management control systems. European Accounting Review, 17(2), 215–241. https://doi.org/10.1080/09638180701819972
- Gressin, S. (2017). The equifax data breach: What to do. Federal Trade Commission. Retrieved March 10, 2019, from https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do
- Grobauer, B., Walloschek, T., & Stocker, E. (2010). Understanding cloud computing vulnerabilities. IEEE Security & Privacy, 9(2), 50–57. https://doi.org/10.1109/MSP.2010.115
- Gupta, B. B., Arachchilage, N. A. G., & Psannis, K. E. (2018). Defending against phishing attacks: Taxonomy of methods, current issues and future directions. Telecommunication Systems, 67(2), 247–267. https://doi.org/10.1007/s11235-017-0334-z
- Imran, M., Arif, T., & Shoab, M. (2018). A statistical and theoretical analysis of cyberthreats and its impact on industries. International Journal of Scientific Research in Computer Science Applications and Management Studies, 7(5), 1–7.
- Ising, E. A., & Acree, A. G. (2011). SEC issues guidance on cybersecurity disclosures. Insights, 25(4), 34–37.
- Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973–993. https://doi.org/10.1016/j.jcss.2014.02.005
- Jenab, K., & Moslehpour, S. (2016). Cyber security management: A review. Business Management Dynamics, 5(11), 16–39.
- Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489–496. https://doi.org/10.1016/j.procs.2014.05.452
- Kannan, K., Rees, J., & Sridhar, S. (2007). Market reactions to information security breach announcements: An empirical analysis. International Journal of Electronic Commerce, 12(1), 69–91. https://doi.org/10.2753/JEC1086-4415120103
- Kumar, R. L., Park, S., & Subramaniam, C. (2008). Understanding the value of countermeasure portfolios in information systems security. Journal of Management Information Systems, 25(2), 241–279. https://doi.org/10.2753/MIS0742-1222250210
- Kwon, J., & Johnson, M. E. (2013). Security practices and regulatory compliance in the healthcare industry. Journal of the American Medical Informatics Association, 20(1), 44–51. https://doi.org/10.1136/amiajnl-2012-000906
- Lala, C., & Panda, B. (2001). Evaluating damage from cyber attacks: A model and analysis. IEEE Transactions on Systems, Man, and Cybernetics—Part A: Systems and Humans, 31(4), 300–310. https://doi.org/10.1109/3468.935047
- Lezzi, M., Lazoi, M., & Corallo, A. (2018). Cybersecurity for industry 4.0 in the current literature: A reference framework. Computers in Industry, 103, 97–110. https://doi.org/10.1016/j.compind.2018.09.004
- Longley, A. (2019). Understanding and managing cyber security threats and countermeasures in process industries. Loss Prevention Bulletin, 268, 2–6.
- Lyles, T. (2020). Marriott discloses another security breach that may impact over 5 million guests. The Verge. Retrieved March 10, 2020, from https://www.theverge.com/2020/4/1/21203313/marriott-database-security-breach-5-million-guests
- McLaughlin, M., & Gogan, J. (2018). Challenges and best practices in information security management. MIS Quarterly Executive, 17(3), 237–262. https://aisel.aisnet.org/misqe/vol17/iss3/6
- McLeod, A., & Dolezel, D. (2018). Cyber-analytics: Modeling factors associated with healthcare data breaches. Decision Support Systems, 108, 57–68. https://doi.org/10.1016/j.dss.2018.02.007
- Mukhopadhyay, A., Chatterjee, S., Saha, D., Mahanti, A., & Sadhukhan, S. K. (2013). Cyber-risk Decision Models: To insure IT or not? Decision Support Systems, 56, 11–26. https://doi.org/10.1016/j.dss.2013.04.004
- Paoli, L., Visschers, J., & Verstraete, C. (2018). The impact of cybercrime on businesses: A novel conceptual framework and its application to Belgium. Crime Law Social Change, 70(4), 397–420. https://doi.org/10.1007/s10611-018-9774-y
- Paté-Cornell, M., Kuypers, M., Smith, M., & Keller, P. (2018). Cyber risk management for critical infrastructure: A risk analysis model and three case studies. Risk Analysis, 38(2), 226–241. https://doi.org/10.1111/risa.12844
- Paul, J. A., & Wang, X. (2019). Socially optimal IT investment for cybersecurity. Decision Support Systems, 122, 1–12. https://doi.org/10.1016/j.dss.2019.05.009
- Rees, L. P., Deane, J. K., Rakes, T. R., & Baker, W. H. (2011). Decision support for cybersecurity risk planning. Decision Support Systems, 51(3), 493–505. https://doi.org/10.1016/j.dss.2011.02.013
- Schatz, D., Bashroush, R., & Wall, J. (2017). Towards a more representative definition of cyber security. Journal of Digital Forensics, Security and Law, 12(2), 53–74. https://doi.org/10.15394/jdfsl.2017.1476
- Sen, R., & Borle, S. (2015). Estimating the contextual risk of data breach: An empirical approach. Journal of Management Information Systems, 32(2), 314–341. https://doi.org/10.1080/07421222.2015.1063315
- Shahzad, F. (2014). State-of-the-art survey on cloud computing security challenges, approaches and solutions. Procedia Computer Science, 37, 357–362. https://doi.org/10.1016/j.procs.2014.08.053
- Somani, G., Gaur, G. S., Sanghi, D., Conti, M., & Buyya, R. (2017). DDoS attacks in cloud computing: Issues, taxonomy, and future. Computer Communications, 107, 30–48. https://doi.org/10.1016/j.comcom.2017.03.010
- Telang, R., & Wattal, S. (2007). An empirical analysis of the impact of software vulnerability announcements on firm stock price. IEEE Transactions on Software Engineering, 33(8), 544–557. https://doi.org/10.1109/TSE.2007.70712
- Toch, E., Bettini, C., Shmueli, E., Radaelli, L., Lanzi, A., Riboni, D., & Lepri, B. (2018). The privacy implications of cyber security systems: A technological survey. ACM Computing Surveys, 51(2), Article 36, 1–27. https://doi.org/10.1145/3172869
- van Cleeff, A., Pieters, W., Wieringa, R., & van Tiel, F. (2011). Integrated assessment and mitigation of physical and digital security threats: Case studies on virtualization. Information Security Technical Report, 16(3–4), 142–149. https://doi.org/10.1016/j.istr.2011.08.003
- Yeh, Q., & Chang, A. J. (2007). Threats and countermeasures for information system security: A cross-industry study. Information & Management, 44(5), 480–491. https://doi.org/10.1016/j.im.2007.05.003