Daniel Schatz

• Phd
• University of East London

This article describes how with information security steadily moving up on board room agendas, security programs are found to be under increasing scrutiny by practitioners. This level of attention by senior business leaders is new to many security professionals as their field has been of limited interest to non-executive directors so far. Currently...

Information Security is considered one of the main concerns for many organisations with no signs of decreasing urgency in the coming years. To address this concern a structured approach required, with the ISO 27000 series - Information Security Management Systems (ISMS) being one of the most popular practices for assessing and managing Information...

Information Security is considered one of the main concerns for many organisations with no signs of decreasing urgency in the coming years. To address this concern a structured approach required, with the ISO 27000 series - Information Security Management Systems (ISMS) being one of the most popular practices for assessing and managing Information...

Rapid changes in security threat landscapes cause uncertainty for IT operations and security professionals and may force changes to organizations' security strategy. Decision support data that help reduce ambiguity or even predict future developments in this regard can thus be of economic value. Based on over 200 security predictions published in 2...

Data is rapidly becoming one of the most important assets in global markets, and criminals are spotting opportunities to exploit new potential income sources. In response to this, organizations are dedicating increasing resources to information security programs. However, faced with unrelenting breach reports and rising costs, decision makers inevi...

With information security steadily moving up on board room agendas, security programs are found to be under increasing scrutiny by practitioners. This level of attention by senior business leaders is new to many security professionals as their field has been of limited interest to non-executive directors so far. Currently, they have to regularly re...

Research on technological aspects of information security risk is a well-established area and familiar territory for most information security professionals. The same cannot be said about the economic value of information security investments in organisations. While there is an emerging research base investigating suitable approaches measuring the...

In recent years, ‘Cyber Security’ has emerged as a widely-used term with increased adoption by practitioners and politicians alike. However, as with many fashionable jargon, there seems to be very little understanding of what the term really entails. Although this is may not be an issue when the term is used in an informal context, it can potential...

Purpose – This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic impact of such events. Design/methodology/approach – An event studies-based approach was used where a measure of the event’s economic impact can be constructed using securi...

Managing information security risks has become one of the top agenda points of almost every organization. Part of this is to understand the options available to handle the task and make an educated decision on the best option for the environment in question. Often the choice is to outsource this function to a company that specializes in managed sec...