A Framework for Information Security Management in Capital Markets

Obtaining financial data is attractive to criminals. A recent increase in cybersecurity threats in the financial sector has seen capital markets targeted. With the rapid development in information technology, information security is a growing concern for the financial services industry in general, and keeping capital market operations efficient, expeditious, and reliable are some of its highest priorities. This paper forms part of a larger project which investigated the technical, behavioural, managerial, philosophical and organisational aspects of information security. Although not yet applied to real-world data, this paper outlines the methodological and theoretical foundation of a proposed framework to improve information security and risk management practices. The application of such a framework may contribute to improved management of information security in the capital markets sector.

[1]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[2]  Qingxiong Ma,et al.  ISO 17799: "Best Practices" in Information Security Management? , 2005, Commun. Assoc. Inf. Syst..

[3]  Yu Zhiwei,et al.  A Survey on the Evolution of Risk Evaluation for Information Systems Security , 2012 .

[4]  Tao Zhang,et al.  The impacts of organizational culture on information security culture: a case study , 2015, Information Technology and Management.

[5]  Princely Ifinedo,et al.  Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition , 2014, Inf. Manag..

[6]  Antoine Bouveret Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment , 2018 .

[7]  Abhishek Narain Singh,et al.  Identifying factors of "organizational information security management" , 2014, J. Enterp. Inf. Manag..

[8]  Lefteris Angelis,et al.  The impact of information security events to the stock market: A systematic literature review , 2016, Comput. Secur..

[9]  Markus K. Brunnermeier,et al.  Risk Management in Financial Institutions , 2017, The Journal of Finance.

[10]  W. Mischel,et al.  A cognitive-affective system theory of personality: reconceptualizing situations, dispositions, dynamics, and invariance in personality structure. , 1995, Psychological review.

[11]  G. Hofstede,et al.  Measuring organizational cultures: A qualitative and quantitative study across twenty cases. , 1990 .

[12]  Eve Mitleton-Kelly,et al.  A complexity theory approach to sustainability: A longitudinal study in two London NHS hospitals , 2011 .

[13]  M. Meek,et al.  IT risk management , 2014 .

[14]  Deborah Compeau,et al.  Social Cognitive Theory and Individual Reactions to Computing Technology: A Longitudinal Study , 1999, MIS Q..

[15]  Meikang Qiu,et al.  Security-aware optimization for ubiquitous computing systems with SEAT graph approach , 2013, J. Comput. Syst. Sci..

[16]  A. Bandura Social Foundations of Thought and Action: A Social Cognitive Theory , 1985 .

[17]  Anitesh Barua,et al.  Reexamining the Market Value of Information Technology Events , 2018, Inf. Syst. Res..

[18]  Martin Gilje Jaatun,et al.  Current practices and challenges in industrial control organizations regarding information security incident management - Does size matter? Information security incident management in large and small industrial control organizations , 2016, Int. J. Crit. Infrastructure Prot..

[19]  A. Goldberg General System Theory: Foundations, Development, Applications. , 1969 .

[20]  Ariana L. Johnson Cybersecurity for Financial Institutions: The Integral Role of Information Sharing in Cyber Attack Mitigation , 2016 .

[21]  L. Giddings Research Design: Qualitative, Quantitative, and Mixed Methods Approaches, 2d ed , 2005 .

[22]  Rabih Bashroush,et al.  The impact of repeated data breach events on organisations' market value , 2016, Inf. Comput. Secur..

[23]  Mincong Tang,et al.  Information Security Engineering: a Framework for Research and Practices , 2013, Int. J. Comput. Commun. Control.

[24]  David J Brooks,et al.  Do Security Systems Fail Because Of Entropy , 2014 .

[25]  Sunil Mithas,et al.  How Information Technology Strategy and Investments Influence Firm Performance: Conjecture and Empirical Evidence , 2016, MIS Q..

[26]  Meikang Qiu,et al.  Enabling Cloud Computing in Emergency Management Systems , 2014, IEEE Cloud Computing.

[27]  Sunil Mithas,et al.  Information Technology Investments and Firm Risk Across Industries: Evidence from the Bond Market , 2017, MIS Q..

[28]  J. Rosenzweig,et al.  General systems theory: applications for organization and management. , 1972, The Journal of nursing administration.

[29]  Fedinand Jaiventume Kongnso Best Practices to Minimize Data Security Breaches for Increased Business Performance , 2015 .