Title: Reducing cyber harassment through de jure standards: a study on the lack of the information security management standard adoption in the USA

Authors: Gurvirender P.S. Tejay; Babak Shoraka

Addresses: Graduate School of Computer and Information Sciences, Nova Southeastern University, 3301 College Avenue, Fort Lauderdale – Davie, FL 33314, USA. ' Graduate School of Computer and Information Sciences, Nova Southeastern University, 3301 College Avenue, Fort Lauderdale – Davie, FL 33314, USA

Abstract: Organisational members constantly fall prey to social-engineering attacks divulging sensitive information, which could be used as a basis for cyber harassment. Such harassment could include corporate website defacement, negative campaign through social media, or even corporate sabotage. The potential threat of cyber-harassment is real and can be damaging for an organisation impacting its business performance. These information risks confronting organisations can be mitigated by the implementation of information security standards. In this study, we investigated the lacking adoption of the Information Security Management System (ISMS) standard in the USA. We argued that the primary cause for the low adoption level is the failure to financially justify ISMS related investments. Using the event study method, we examined whether organisations that have adopted the ISMS standard have realised any financial gains. Our results indicate that the adoption of the ISMS standard actually does not create financial value for certified organisations.

Keywords: de jure standards; event studies; information economics; USA; United States; standards adoption; social-engineering attacks; sensitive information; corporate websites; website defacement; negative campaigns; social media; corporate sabotage; business performance; information risks; security standards; adoption levels; financial justification; financial gains; ISMS standards; information security; management systems; information management; security management; financial value; certified organisations; decision making; cyber harassment; corporations; internet; world wide web.

DOI: 10.1504/IJMDM.2011.043407

International Journal of Management and Decision Making, 2011 Vol.11 No.5/6, pp.324 - 343

Available online: 27 Oct 2011 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article