Rethinking The Future of Auditing: How an Integrated Continuous Auditing Approach Can Leverage the Full Potential of Continuous Auditing

The concept of Continuous Auditing has been around for more than three decades. The ongoing discussion on the benefits and models on adoption has made Continuous Auditing become a more critical issue. Although a lot of progress has been made in previous years, we argue that the entire potential of Continuous Auditing still remains unrevealed. This paper provides a new conceptual framework on how to bring Continuous Auditing to the next level. It goes beyond the existing technical concepts and solutions for implementation by developing a more holistic Integrated Continuous Auditing Approach. We illustrate how Continuous Auditing can be adopted in order to increase audit efficiency by enabling a new collaborative design between internal and external auditors as well as by readjusting the roles of different auditing parties

The Impact of Board Structure on Information Security Breaches

This paper investigates the association between the board structure of a firm and the possibility of information security breaches. Building on the agency theory and resource dependence theory, we hypothesize that the board structure could affect the guidance and advice capability of the board on the executives’ decision of information security management. Our results show that the board size and the number of independent directors could increase the possibility of security breaches while the average and heterogeneity of age/tenure could reduce it. Our findings shed lights on the crucial role played by the board when managing information security risks in organizations

Cross-border M&A and Information Security Breaches: An Institutional Distance Perspective

This research-in-progress paper examines the relation between information security breaches and cross-border mergers and acquisitions (M&A). Drawing from the institutional perspective, we use the concept of institutional distance to explain the impact of institutional differences on information security management at the transnational level. Using the secondary data collected from DataLossDB and SDC Platinum database, we empirically test the relation between institutional distances of two countries where the M&A firms register and the likelihood of information security breaches. The exploratory results indicate that institutional distance is positively associated with the likelihood of information security breaches. We conclude with theoretical implications and direction for further research

Too Busy to Monitor? Board Busyness and the Occurrence of Reported Information Security Incidents

This paper investigates the association between board busyness (i.e., directors with multiple positions) and the occurrence of reported information security incidents. Building on prior studies of board busyness, this paper argues that directors holding multiple board seats may fail to commit the time and effort necessary to ensure the appropriate information security strategy or investment plans are in place. Our results demonstrate that board busyness is positively associated with reported information security incidents. This effect is larger when independent directors are busy, thus suggesting the importance of the governance role played by independent directors in managing information security risks. The board of directors’ role has been emphasized in anecdotal evidence and IT governance frameworks, but our study empirically demonstrates the board’s relevance in information security strategy and management

The Invisible Risk: The Data-sharing Activities of Data Brokers and Information Leakage

Data brokers are the major players in the market for collecting, selling and sharing user information. This paper considers data brokers’ data sharing activities as a co-opetition between data brokers and investigates how the information collecting and sharing activities may lead to information leakage on the dark web. We find that S&P 1,500 firms experience higher information leakage when sharing more customer information with data brokers through third-party cookies. Further, using all the registered data brokers and their competitors as the sample, we observe that registered data brokers are more susceptible to information leakage with data sharing activities than unregistered data brokers. Our study provides initial evidence on the consequences of data brokers’ data sharing activities

Social Media Use Purposes and Psychological Wellbeing in Times of Crises

This study investigates the effect of social media (SM) use purposes and user characteristics on individual psychological wellbeing (PWB) during the coronavirus pandemic (COVID-19). Informed by the uses and gratifications theory and PWB research, this study analyzed survey data collected from 282 SM users aged 18 through 59 from a minority-serving university in the United States in March-April 2020. Our quantitative data analysis showed that social media can be used to improve the quality of personal experiences during the COVID-19 crisis through three mechanisms—connectedness (i.e., social), engagement (i.e., collaborative), and entertainment (i.e., hedonic). However, the effect varied by gender, SM usage level, and individual concern about COVID-19 risk. The findings contribute to the literature and offer implications in technology use for enhancing public mental health during crises

Introduction to Information Security and Privacy Minitrack

N/

Modern DRAM Memory Systems: Performance Analysis and Scheduling Algorithm

The performance characteristics of modern DRAM memory systems are impacted by two primary attributes: device datarate and row cycle time. Modern DRAM device datarates and row cycle times are scaling at different rates with each successive generation of DRAM devices. As a result, the performance characteristics of modern DRAM memory systems are becoming more difficult to evaluate at the same time that they are increasingly limiting the performance of modern computer systems. In this work, a performance evaluation framework that enables abstract performance analysis of DRAM memory systems is presented. The performance evaluation framework enables the performance characterization of memory systems while fully accounting for the effects of datarates, row cycle times, protocol overheads, device power constraints, and memory system organizations. This dissertation utilizes the described evaluation framework to examine the performance impact of the number of banks per DRAM device, the effects of relatively static DRAM row cycle times and increasing DRAM device datarates, power limitation constraints, and data burst lengths in future generations of DRAM devices. Simulation results obtained in the analysis provide insights into DRAM memory system performance characteristics including, but not limited to the following observations. The performance benefit of having a 16 banks over 8 banks increases with increasing datarate. The average performance benefit reaches 18% at 1 Gbps for both open-page and close-page systems. Close-page systems are greatly limited by DRAM device power constraints, while open-page systems are less sensitive to DRAM device power constraints. Increasing burst lengths of future DRAM devices can adversely impact cache-limited processors despite the increasing bandwidth. Performance losses of greater than 50% are observed. Finally, This dissertation also present a unique rank hopping DRAM command-scheduling algorithm designed to alleviate the bandwidth constraints in DDR2 and future DDRx SDRAM memory systems. The proposed rank hopping scheduling algorithm schedules DRAM transactions and command sequences to avoid the power limiting constraints and amortizes the rank-to-rank switching overhead. Execution based simulations show that some workloads are able to fully utilize the additional bandwidth and significant performance improvements are observed across a range of workloads