Papers by Lawrence Gordon
Journal of information security, 2016
Given the importance of cybersecurity to the survival of an organization, a fundamental economics... more Given the importance of cybersecurity to the survival of an organization, a fundamental economics-based question that must be addressed by all organizations is: How much should be invested in cybersecurity related activities? Gordon and Loeb [1] presented a model to address this question, and that model has received a significant amount of attention in the academic and practitioner literature. The primary objective of this paper is to discuss the Gordon-Loeb Model with a focus on gaining insights for the model's use in a practical setting.
Transactions on Machine Learning and Artificial Intelligence, 2018
Journal of Information Security, 2018
Investments in cybersecurity are critical to the national and economic security of a nation. Ther... more Investments in cybersecurity are critical to the national and economic security of a nation. There is, however, a strong tendency for firms in the private sector to underinvest in cybersecurity activities. This paper reports the results of a survey designed to empirically assess whether treating cybersecurity as an important component of a firm's internal control system for financial reporting purposes serves as a driver for private sector firms to invest in cybersecurity activities. The findings, in this regard, are significantly positive. The study also shows that a firm's concern over the risk of incurring a large loss due to a cybersecurity breach and the degree the firm treats cybersecurity investments as generating a competitive advantage are drivers of the level of private sector investment in cybersecurity activities. The implications of the empirical results for designing public policies to mitigate the tendency of private sector firms to underinvest in cybersecurity are also explored.
Journal of Cybersecurity, 2015
The primary objective of this article is to develop an economics-based analytical framework for a... more The primary objective of this article is to develop an economics-based analytical framework for assessing the impact of government incentives/regulations designed to offset the tendency to underinvest in cybersecurity related activities by private sector firms. The analysis provided in the article shows that the potential for government incentives/regulations to increase cybersecurity investments by private sector firms is dependent on the following two fundamental issues: (i) whether or not firms are utilizing the optimal mix of inputs to cybersecurity, and (ii) whether or not firms are able, and willing, to increase their investments in cybersecurity activities. The implications of these findings are also discussed in this article, as well as a formal analysis of these implications. In addition, this article provides a discussion of existing actions by the US federal government that should be more effectively utilized before, or at least in conjunction with, considering new government incentives/regulations for increasing cybersecurity investments by private sector firms.
Capital budgeting and the value of information
Management Accounting Research, Mar 1, 1990
... but it is beneficial in our extended Capital Budgeting 31 analysis (ie one where the superior... more ... but it is beneficial in our extended Capital Budgeting 31 analysis (ie one where the superior uses communication for planning as well as control purposes).1 Acknowledgements: The authors would like to thank Joel Demski, Emmett Griner, George Monahan, George Pinches ...
Journal of Accounting and Public Policy, 1999
The use of activity-based costing (ABC) has been steadily, if not rapidly, spreading on an intern... more The use of activity-based costing (ABC) has been steadily, if not rapidly, spreading on an international level. This fact notwithstanding, the economic benefit associated with adopting ABC is suspect, at best. In an effort to shed additional light on this apparent dilemma, this paper empirically investigates the stock market effects of announcing the adoption of an ABC system. The research methodology includes both parametric and non-parametric tests for excess market returns from a seemingly unrelated regressions model with a matched pairs sample of firms. The analysis indicates that the installation of an ABC system in the United States is not associated with a significant (either positive or negative) stock market reaction.
❒ Unauthorized use of computer systems is on the decline, as is the reported dollar amount of ann... more ❒ Unauthorized use of computer systems is on the decline, as is the reported dollar amount of annual financial losses resulting from security breaches. ❒ In a shift from previous years, both virus attacks and denial of service outpaced the former top cost, theft of proprietary information. Virus costs jumped to $55 million. ❒ The percentage of organizations reporting computer intrusions to law enforcement over the last year is on the decline. The key reason cited for not reporting intrusions to law enforcement is the concern for negative publicity. ❒ Most organizations conduct some form of economic evaluation of their security expenditures, with 55 percent using Return on Investment (ROI), 28 percent using Internal Rate of Return (IRR), and 25 percent using Net Present Value (NPV). ❒ Over 80 percent of the organizations conduct security audits. ❒ The majority of organizations do not outsource computer security activities. Among those organizations that do outsource some computer security activities, the percentage of security activities outsourced is quite low. ❒ The Sarbanes-Oxley Act is beginning to have an impact on information security in some industries. ❒ The vast majority of the organizations view security awareness training as important, although (on average) respondents from all sectors do not believe their organization invests enough in this area. KEY FINDINGS Some of the key findings from the participants in this year's survey are summarized here. The findings discussed below emphasize changes taking place in the computer security arena, as well as items not considered in previous CSI/FBI surveys.
The impact of information security breaches: Has there been a downward shift in costs?
Journal of Computer Security
ABSTRACT By analyzing evidence of stock returns using a sophisticated market model over a long pe... more ABSTRACT By analyzing evidence of stock returns using a sophisticated market model over a long period and over two distinct and naturally arising sub-periods, this study helps resolve conflicting evidence from previous studies concerning the effect of information security breaches on market returns of firms. This study has three major findings. First, the impact of the broad class of information security breaches on stock market returns of firms is significant. Second, when breaches are classified by their primary effect in terms of i confidentiality, ii availability or iii integrity, attacks associated with breaches of availability are seen to have the greatest negative effect on stock market returns. Third, there has been a significant downward shift in the impact of the security breaches in the sub-period following the 9/11/2001 attacks versus the impact in the pre-9/11 period. Apparently, with increased media reporting of information security breaches without apparent devastating effects on targeted corporations, investors lowered their assessment of the costs of such breaches. Two possible reasons for this downward shift are 1 more effective remediation and disaster recovery and 2 a perceived decrease in the tendency of customers to refrain from doing business with firms experiencing an information security breach.
Federal capital investment information: An assessment of Public Law 98-501
Journal of Accounting and Public Policy, 1994
Journal of Accounting and Public Policy, 1997
This special theme issue on environmental issues and accounting benefited from the work of Profes... more This special theme issue on environmental issues and accounting benefited from the work of Professors David Shields and Germain Boer, both of whom served as Special Associate Editors for this issue. We thank both David and Germain for their efforts. Some manuscripts relating to this topic are still under review at the Journal of Accounting and Public Policy. As David and Germain suggest in their accompanying Guest Editorial (Shields and Boer 1997, pp. 120-122), we encourage further submission of papers on the topic of environmental issues and accounting. In the future, we hope to publish other accepted papers on this topic in regular issues and/or another special theme issue (see Shields and Boer 1997, p. 120).
A contingency framework for the design of accounting systems
... of *The authors wish to thank all the participants at the 1975 McGill Symposium entitled &quo... more ... of *The authors wish to thank all the participants at the 1975 McGill Symposium entitled "Behavioral Models and Processing Accounting Information", for ... of events (eg financial vs nonfinancial data and external vs internal data), and valuation methods (eg historical cost vs ...
Program Definition and Assessment Overview
Thermal Energy Storage Fourth Annual Review Meeting, 1980
J Account Public Pol, 1983
The federal government's expenditures, like those of most businesses, states, and municipalities,... more The federal government's expenditures, like those of most businesses, states, and municipalities, can be classified as either current or capital in nature. Whereas current expenditures relate to items that benefit only the current fiscal year, capital expenditures relate to items that benefit future as well as current years. Thus capita1 expenditures are usually referred to as "capita1 investments." Federal capita1 investments help determine the future strength and direction of our overall economy. Therefore, it is important that the federal government's decision makers approach these investments with public policy goals in mind. Unfortunately, the public policy implications of capital investments are usually not explicitly considered and thus it is not surprising to find a haphazardly derived, and somewhat deteriorating, infrastructure with respect to federally owned fixed assets such as buildings, highways, and equipment. This situation, and the need for correcting it, has been noted by many and was recently the subject of an entire Genera1 Accounting Ofice (GAO) report. In discussing the need for improvement, the GAO (1981, p. 95) noted: Planning, budgeting, and controlling physical capital is a complex process. Y :, this process can be carried out successfully, as some of the organizations we studied demonstrate. We conclude that a policy-level approach to capital investment must be added to the Federal Government's decision-making, and that sound, up-to-date information is needed to support that approach.. The lack of a clear policy level approach toward federal capita1 expenditures is a complicated issue. One important aspect of this issue has to do with the federal government's budgeting practice. More to the point, a clear distinction betwcc,. current and capital expenditures during the budgeting process will, ceteris
Differential rate of return method for reporting holding gains earned by fixed assets
Account Bus Res, 1973
Managing Cybersecurity Resources (The Mcgraw-Hill Homeland Security Series)
The impact of IFRS adoption on foreign direct investment
Journal of Accounting and Public Policy, Jul 1, 2012
ABSTRACT By analyzing a panel data set of over 1300 observations covering 124 countries, for the ... more ABSTRACT By analyzing a panel data set of over 1300 observations covering 124 countries, for the period from 1996 through 2009, this paper tests the basic argument that the adoption of International Foreign Reporting Standards (IFRSs) by a country results in increased foreign direct investment (FDI) inflows. Analysis of the data using an ordinary least squares (OLSs) approach provides evidence that adoption of IFRS leads to increased FDI inflows. The analysis indicates, however, that the overall increase in FDI inflows from IFRS adoption is due to the increase in FDI inflows by countries with developing, as opposed to developed, economies. A difference-in-difference test confirms these findings. A key potential driver for IFRS adoption by countries with developing economies is the desire to receive financial aid from the World Bank. This factor is explicitly taken into account using a two-stage instrumental variable (IV) model. The results using the IV model provide strong confirmation of the OLS results.
A comparative experimental evaluation study of intrusion detection system performance in a gigabit environment
Journal of Computer Security, 2003
... devel-opments in passive surveillance mechanisms to monitor network traffic for signs of ... ... more ... devel-opments in passive surveillance mechanisms to monitor network traffic for signs of ... The insight gained through fielded network traffic monitors could also aid networks in ... Intrusion detection as an important component of a security system, complements other security ...
Cybersecurity, Capital Allocations and Management Control Systems
Http Dx Doi Org 10 1080 09638180701819972, Jun 27, 2008
Uploads
Papers by Lawrence Gordon