To see the other types of publications on this topic, follow the link: Breaches.
Journal articles on the topic 'Breaches'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Breaches.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Richardson, Vernon J., Rodney E. Smith, and Marcia Weidenmier Watson. "Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches." Journal of Information Systems 33, no. 3 (February 1, 2019): 227–65. http://dx.doi.org/10.2308/isys-52379.
Full textAbstract:
ABSTRACT In this paper, we examine the consequences of data breaches for a breached company. We find the economic consequences are, on average, very small for breached companies. On average, breaches result in less than −0.3 percent cumulative abnormal returns in the short window around the breach disclosure. Except for a few catastrophic breaches, the nominal difference in cumulative abnormal returns between breach companies and the matched companies disappears within days after the breach. We also test whether data breaches affect future accounting measures of performance, audit and other fees, and future Sarbanes-Oxley Section 404 reports of material internal control weaknesses, but find no differences between breach and matched companies. Our results address the question why companies are not spending more to reduce breaches. We conclude by providing a few explanations of why there appears to be an effect at the economy-wide level, but no noticeable effect on individual company performance.
2
Zafar, Humayun, Myung Ko, and Kweku-Muata Osei-Bryson. "Financial Impact of Information Security Breaches on Breached Firms and their Non-Breached Competitors." Information Resources Management Journal 25, no. 1 (January 2012): 21–37. http://dx.doi.org/10.4018/irmj.2012010102.
Full textAbstract:
Information security breaches pose a growing threat to organizations and individuals, particularly those that are heavily involved in e-business/e-commerce. An information security breach can have wide-ranging impacts, including influencing the behaviors of competitors and vice versa within the context of a competitive marketplace. Therefore, there is a need for further exploration of implications of information security breaches beyond the focus of the breached firm. This study investigates the financial impact of publicly announced information security breaches on breached firms and their non-breached competitors. While controlling for size and the industry the firm operates in, the authors focus on specific types of information security breaches (Denial of Service, Website Defacement, Data Theft, and Data Corruption). Unlike previous studies that have used event study methodology, the authors investigate information transfer effects that result from information security breaches using the matched sampling method. The study reveals statistically significant evidence of the presence of intra-industry information transfer for some types of security breaches. The authors also found evidence of contagion effects, but no similar evidence concerning competition effect.
3
Smith, Thomas J. (Tom), Julia L. Higgs, and Robert E. Pinsker. "Do Auditors Price Breach Risk in Their Audit Fees?" Journal of Information Systems 33, no. 2 (August 1, 2018): 177–204. http://dx.doi.org/10.2308/isys-52241.
Full textAbstract:
ABSTRACT Data security breaches have been shown in the literature to negatively affect firm operations. Auditors serve as an important, external governance mechanism with respect to a firm's overall risk management protocol. Consequently, our study examines whether auditors price breach risk into their fees and if a firm's internal governance can mitigate the potential increases in audit fees. Using a sample of breached firms ranging from 2005–2014, we adapt the Houston, Peters, and Pratt (2005) model to explore how auditors view audit risk related to breach risk. We find that breaches are associated with an increase in fees, but the result is driven by external breaches. Our evidence suggests the presence of board-level risk committees and more active audit committees may help mitigate the breach risk audit fee premium. Additional evidence suggests that both past breach disclosures as well as future disclosures are associated with audit fees.
4
Juma'h, Ahmad H., and Yazan Alnsour. "The effect of data breaches on company performance." International Journal of Accounting & Information Management 28, no. 2 (March 20, 2020): 275–301. http://dx.doi.org/10.1108/ijaim-01-2019-0006.
Full textAbstract:
Purpose This paper aims to analyze the effect of data breaches – whose concerns and implications can be legal, social and economic – on companies’ overall performance. Design/methodology/approach Information on data breaches was collected from online compilations, and financial data on breached companies was collected from the Mergent Online database. The financial variables used were related to profitability, liquidity, solvency and company size to analyze the financial performance of the breached companies before and after the data breach event. Nonfinancial data, such as the type and the size of the breaches, was also collected. The data was analyzed using multiple regression. Findings The results confirm that nonmandatory information related to announcements of data breaches is a signal of companies’ overall performance, as measured by profitability ratios, return on assets and return on equity. The study does not confirm a relationship between data breaches and stock market reaction when measuring quarterly changes in share prices. Research limitations/implications The main limitation of the study relates to ratio and trend analyses. Such analyses are commonly used when researching accounting information. However, they do not directly reflect the companies’ conditions and realities, and they rely on companies’ released financial reports. Another limitation concerns the confounding factors. The major confounding factors around the data breaches’ dates were identified; however, this was not enough to assure that other factors were not affecting the companies’ financial performance. Because of the nature of such events, this study needs to be replicated to include specific information about the companies using case studies. Therefore, the authors recommend replicating the research to validate the article’s findings when each industry makes more announcements available. Practical implications To remediate the risks and losses associated with data breaches, companies may use their reserved funds. Social implications Company data breach announcements signal internal deficiencies. Therefore, the affected companies become liable to their employees, customers and investors. Originality/value The paper contributes to both theory and practice in the areas of accounting finance, and information management.
5
Saleem, Hamza, and Muhammad Naveed. "SoK: Anatomy of Data Breaches." Proceedings on Privacy Enhancing Technologies 2020, no. 4 (October 1, 2020): 153–74. http://dx.doi.org/10.2478/popets-2020-0067.
Full textAbstract:
AbstractWe systematize the knowledge on data breaches into concise step-by-step breach workflows and use them to describe the breach methods. We present the most plausible workflows for 10 famous data breaches. We use information from a variety of sources to develop our breach workflows, however, we emphasize that for many data breaches, information about crucial steps was absent. We researched such steps to develop complete breach workflows; as such, our workflows provide descriptions of data breaches that were previously unavailable. For generalizability, we present a general workflow of 50 data breaches from 2015. Based on our data breach analysis, we develop requirements that organizations need to meet to thwart data breaches. We describe what requirements are met by existing security technologies and propose future research directions to thwart data breaches.
6
Johnson, Mark, Min Jung Kang, and Tolani Lawson. "Stock Price Reaction to Data Breaches." Journal of Finance Issues 16, no. 2 (December 31, 2017): 1–13. http://dx.doi.org/10.58886/jfi.v16i2.2263.
Full textAbstract:
Data Breaches occur in many forms that include bad security practices, hacking, insider attacks, stolen or lost equipment and computer or data theft. Data breaches happen to organizations of all types. In this paper, we present an analysis of the stock market’s assessment of the cost of data breaches through the examination of 467 heterogeneous data breach events that occurred at 261 publicly traded companies between year 2005 and 2014. Our event study findings indicate that publicly traded firms in the U.S. lost, on average, .37% of their equity value when a data breach occurs. Particularly, we find that breaches resulting from payment card fraud contributed more to negative announcement returns than the other breach types. Such negative announcement effects are most heavily felt when firms with card breaches are larger than the average, resulting in a 3% decline in firm equity value. Contrary to previous studies, we find that repeated breaches do not impact firm stock value differently than first-time-breaches. However, we find that there is a high correlation between firm sizeand the existence of multiple, repeat, data breaches. This implies that large firms hit by a data breach are more likely to experience subsequent breaches than small firms.
7
Wang, Tawei, Yen-Yao Wang, and Ju-Chun Yen. "It's Not My Fault." Journal of Database Management 30, no. 3 (July 2019): 18–37. http://dx.doi.org/10.4018/jdm.2019070102.
Full textAbstract:
This article investigates the transfer of information security breach information between breached firms and their peers. Using a large data set of information security incidents from 2003 to 2013, the results suggest that 1) the effect of information security breach information transfer exists between breached firms and non-breached firms that offer similar products and 2) the effect of information transfer is weaker when the information security breach is due to internal faults or is related to the loss of personally identifiable information. Additional tests demonstrate that the effect of information transfer exhibits consistent patterns across time and with different types of information security breaches. Finally, the effect does not depend on whether the firms are IT intensive. Implications, limitations, and future research are discussed.
8
Kude, Thomas, Hartmut Hoehle, and Tracy Ann Sykes. "Big data breaches and customer compensation strategies." International Journal of Operations & Production Management 37, no. 1 (January 3, 2017): 56–74. http://dx.doi.org/10.1108/ijopm-03-2015-0156.
Full textAbstract:
Purpose Big Data Analytics provides a multitude of opportunities for organizations to improve service operations, but it also increases the threat of external parties gaining unauthorized access to sensitive customer data. With data breaches now a common occurrence, it is becoming increasingly plain that while modern organizations need to put into place measures to try to prevent breaches, they must also put into place processes to deal with a breach once it occurs. Prior research on information technology security and services failures suggests that customer compensation can potentially restore customer sentiment after such data breaches. The paper aims to discuss these issues. Design/methodology/approach In this study, the authors draw on the literature on personality traits and social influence to better understand the antecedents of perceived compensation and the effectiveness of compensation strategies. The authors studied the propositions using data collected in the context of Target’s large-scale data breach that occurred in December 2013 and affected the personal data of more than 70 million customers. In total, the authors collected data from 212 breached customers. Findings The results show that customers’ personality traits and their social environment significantly influences their perceptions of compensation. The authors also found that perceived compensation positively influences service recovery and customer experience. Originality/value The results add to the emerging literature on Big Data Analytics and will help organizations to more effectively manage compensation strategies in large-scale data breaches.
9
Cheng, Xu (Joyce), and Stephanie Walton. "Do Nonprofessional Investors Care About How and When Data Breaches are Disclosed?" Journal of Information Systems 33, no. 3 (March 1, 2019): 163–82. http://dx.doi.org/10.2308/isys-52410.
Full textAbstract:
ABSTRACT While prior research suggests that the market responds negatively to data breach disclosures, how nonprofessional investors assess factors surrounding these disclosures has only been assessed anecdotally. We examine whether investor judgments are influenced by whether a breached company is the first to disclose a data breach and whether a significant amount of time has lapsed between the breach and disclosure. We find evidence that investors respond to a company originating disclosure with lower investment judgments than if disclosure comes from an external source, without consistent regard to the timing of disclosure. We also find that investors make the least favorable investment judgments when the breached company initiates the data breach disclosure and when there is a significant delay between the data breach and initial public disclosure. Our study provides a greater understanding of one consequence of data breaches, that is, how timing and disclosure initiative influence nonprofessional investors' judgments. JEL Classifications: G41; M41.
10
Sebastian, Glorin. "Cyber Kill Chain Analysis of Five Major US Data Breaches." International Journal of Cyber Warfare and Terrorism 12, no. 1 (January 1, 2022): 1–15. http://dx.doi.org/10.4018/ijcwt.315651.
Full textAbstract:
Data breaches are a major concern for both US and global corporations. With more companies allowing their employees to be working remote, providing them a secure work environment has been a priority for employers. The Interpol 2020 report on cyber breaches mentions that the number of cyber-attacks has multiplied in the last year. The IBM Data Breach Report of 2021 notes that data breach costs rose from USD 3.86 million to USD 4.24 million, while the average cost was USD 1.07 Mil higher in breaches where remote work was a factor in causing the breach. Given this environment of increased cyber breaches, it is important to learn from previous major data breaches to understand the root cause which led to the compromise of information security and the steps which could have effectively prevented the same. This paper evaluates five major data breaches in US history using Lockheed's Cyber Kill Chain Analysis, since the details of these breaches have never been documented for research and also proposes an eight-step cyber-attack prevention plan.
11
Mahlaola, Tintswalo B., and Barbara Van Dyk. "Reasons for Picture Archiving and Communication System (PACS) data security breaches: Intentional versus non-intentional breaches." Health SA Gesondheid 21 (October 11, 2016): 271–79. http://dx.doi.org/10.4102/hsag.v21i0.966.
Full textAbstract:
Background: The Picture Archiving and Communication System (PACS) has led to an increase in breached health records and violation of patient confidentiality. The South African constitution makes provision for human dignity and privacy, virtues which confidentiality seeks to preserve. Confidentiality thus constitutes a human right which is challenged by the use of technology. Humans, as managers of information technology, constitute the weakest link in safeguarding confidentiality. Nonetheless, it is argued that most security breaches are nonintentionally committed by well-meaning employees during routine activities.Objective: The purpose of this article is to explore the nature of and reasons for confidentiality breaches by PACS users in a South African context.Methods: A closed-ended questionnaire was used to collect quantitative data from 115 health professionals employed in a private hospital setting, including its radiology department and a second independent radiology department. The questionnaire sought to explore the attitudes of participants towards confidentiality breeches and reasons for suchbehaviour.Results: Breach incidences were expressed as percentage compliance and classified according to the nature and reasons provided by Sarkar's breach classification. Cross tabulations indicated a statistical significance (p < 0.00) between the expected and observed confidentiality practices of participants and also the adequacy of training, system knowledge and policy awareness.Conclusion: Our study supports previous findings that, in the absence of guidelines, most security breaches were non-intentional acts committed due to ignorance. Of concern are incidents in which sensitive information was intentionally shared via social media.
12
Raasck, Kyle, Jason Khoury, Ahmed Aoude, Benjamin Beland, Alexander Munteanu, Michael H. Weber, and Jeff Golan. "The Effect of Thoracolumbar Pedicle Isthmus on Pedicle Screw Accuracy." Global Spine Journal 10, no. 4 (May 20, 2019): 393–98. http://dx.doi.org/10.1177/2192568219850143.
Full textAbstract:
Study Design: Retrospective analysis. Objectives: Aberrant pedicle screws can cause serious neurovascular complications. We propose that a predominant factor of pedicle screw breach is the vertebral anatomy at a given spinal level. We aim to investigate the inverse correlation between breach incidence and vertebral isthmus width. Methods: The computed tomography scans of patients undergoing thoracolumbar surgery were retrospectively reviewed. Breaches were categorized as minor (<2 mm) or major (>2 mm). Breach incidence was stratified by spinal level. Average isthmus width was then compared to the collected breach incidences. A regression analysis and Pearson’s correlation were performed. Results: A total of 656 pedicle screws were placed in 91 patients with 233 detected breaches. Incidence of major breach was 6.3%. Four patients developed post-operative radiculopathy due to breach. Breach incidence was higher in the thoracic than lumbar spine (Fisher’s exact test, P < .0001). The 2 spinal levels with the thinnest isthmus width (T4 and T5) were breached most often (73.7% and 73.9%, respectively). The 2 spinal levels with the thickest isthmus width (L4 and L5) were breached least often (20.5% and 11.8%). Breach incidence and isthmus width were shown to have a significant inverse correlation (Pearson’s correlation, R2 = 0.7, P < .0001). Conclusions: Thinner vertebral isthmus width increases pedicle screw breach incidence. Image-guided assistance may be most useful where breach incidence is highest and isthmus width is lowest (T2 to T6). Despite high incidence of cortical bone violation, there was little correlation with clinical symptoms. A breach is not automatically a clinical problem, provided the screw is structurally sound and the patient is symptomless.
13
Higgs, Julia L., Robert E. Pinsker, Thomas J. Smith, and George R. Young. "The Relationship between Board-Level Technology Committees and Reported Security Breaches." Journal of Information Systems 30, no. 3 (January 1, 2016): 79–98. http://dx.doi.org/10.2308/isys-51402.
Full textAbstract:
ABSTRACT After several high-profile data security breaches (e.g., Target Corporation, Michaels Stores, Inc., The Home Depot), corporate boards are prioritizing the oversight of Information Technology (IT) risk. Firms are also increasingly faced with disclosure decisions regarding IT security breaches. This study proposes that firms can use the creation of a board-level technology committee as part of the firm's information technology governance (ITG) to signal the firm's ability to detect and respond to security breaches. Using reported security breaches during the time period 2005–2014, results indicate that firms with technology committees are more likely to have reported breaches in a given year than are firms without the committee. Further analysis suggests that this positive association is driven by relatively young technology committees and external source breaches. Specifically, as a technology committee becomes more established, its firm is not as likely to be breached. To obtain further evidence on the perceived value of a technology committee, this study uses a returns analysis and finds that the presence of a technology committee mitigates the negative abnormal stock returns arising from external breaches. Findings add to the evolving ITG literature, as well to the signaling theory and disclosure literatures.
14
Grandi, Laurie D., and Joanna R. Adler. "A Study into Breaches of Youth Justice Orders and the Young People Who Breach Them." Youth Justice 16, no. 3 (July 31, 2016): 205–25. http://dx.doi.org/10.1177/1473225415618463.
Full textAbstract:
This study concerns the incidence and aetiology of breach of youth community sentences. A between-groups archival study compared those who breached with those who did not, on socio-demographic and criminogenic factors. Breachers were a minority, likely to breach repeatedly and were similar to those who re-offended. Whether they breach or re-offend may depend on something other than the characteristics of the Order and the young person’s situation. Youth Justice Professionals should be mindful of the identified areas of need and responsivity when considering compliance.
15
Lee, Jinhyung, and Sung J. Choi. "Hospital Productivity After Data Breaches: Difference-in-Differences Analysis." Journal of Medical Internet Research 23, no. 7 (July 6, 2021): e26157. http://dx.doi.org/10.2196/26157.
Full textAbstract:
Background Data breaches are an inevitable risk to hospitals operating with information technology. The financial costs associated with data breaches are also growing. The costs associated with a data breach may divert resources away from patient care, thus negatively affecting hospital productivity. Objective After a data breach, the resulting regulatory enforcement and remediation are a shock to a hospital’s patient care delivery. Exploiting this shock, this study aimed to investigate the association between hospital data breaches and productivity by using a generalized difference-in-differences model with multiple prebreach and postbreach periods. Methods The study analyzed the hospital financial data of the California Office of Statewide Health Planning and Development from 2012 to 2016. The study sample was an unbalanced panel of hospitals with 2610 unique hospital-year observations, including general acute care hospitals. California hospital data were merged with breach data published by the US Department of Health and Human Services. The dependent variable was hospital productivity measured as value added. The difference-in-differences model was estimated using fixed effects regression. Results Hospital productivity did not significantly differ from the baseline for 3 years after a breach. Data breaches were not significantly associated with a reduction in hospital productivity. Before a breach, the productivity of hospitals that experienced a data breach maintained a parallel trend with control hospitals. Conclusions Hospital productivity was resilient against the shocks from a data breach. Nonetheless, data breaches continue to threaten hospitals; therefore, health care workers should be trained in cybersecurity to mitigate disruptions.
16
Wang, Michael Y., Guillermo Pineiro, and Praveen V. Mummaneni. "Stimulus-evoked electromyography testing of percutaneous pedicle screws for the detection of pedicle breaches: a clinical study of 409 screws in 93 patients." Journal of Neurosurgery: Spine 13, no. 5 (November 2010): 600–605. http://dx.doi.org/10.3171/2010.5.spine09536.
Full textAbstract:
Object Percutaneous pedicle screws have recently become popularized for lumbar spinal fixation. However, successful anatomical hardware placement is highly dependent on intraoperative imaging. In traditional open surgery, stimulus-evoked electromyography (EMG) responses can be useful for detecting pedicle screw breaches. The use of insulated sleeves for percutaneous screws has allowed for EMG testing in minimally invasive surgery; however, no reports on the reliability of this testing modality have been published. Methods A total of 409 lumbar percutaneous pedicle screws were placed in 93 patients. Levels of instrumentation included L-1 (in 12 patients), L-2 (in 34), L-3 (in 44), L-4 (in 120), L-5 (in 142), and S-1 (in 57 patients). Intraoperative EMG stimulation thresholds were obtained using insulating sleeves over a metallic tap prior to final screw placement. Data were compared with postoperative fine-cut CT scans to assess pedicle screw placement. Data were collected prospectively and analyzed retrospectively. Results There were 5 pedicle breaches (3 medial and 2 lateral; 3 Grade 1 and 2 Grade 2 breaches) visualized on postoperative CT scans (1.2%). Two of these breaches were symptomatic. In 2 instances, intraoperative thresholds were the sole basis for screw trajectory readjustment, which resulted in proper placement on postoperative imaging. Thirty-five screw trajectories were associated with a threshold of less than 12 mA. However, all breaches were associated with thresholds of greater than 12 mA. Using thresholds below 12 mA as the indicator of a screw breach, this resulted in a sensitivity of 0.0, specificity of 90.3, positive predictive value of 0.0, and negative predictive value of 0.98. Utilizing a threshold of any decreased stimulus (< 20 mA) would have detected 60% of breaches, with a mean threshold of 16.25 mA. Conclusions While these data are limited by the low number of radiographic breaches, it appears that tap stimulation with an insulating sleeve may not be reliable for detecting low-grade radiographically breached pedicles using typical stimulation thresholds (< 12 mA). Imaging-based modalities remain more reliable for assessing percutaneous pedicle screw trajectories until more robust and sensitive electrophysiological testing methods can be devised.
17
Gwebu, Kholekile, and Clayton W. Barrows. "Data breaches in hospitality: is the industry different?" Journal of Hospitality and Tourism Technology 11, no. 3 (August 24, 2020): 511–27. http://dx.doi.org/10.1108/jhtt-11-2019-0138.
Full textAbstract:
Purpose The purpose of this study is to expand on the existing literature by specifically examining data security incidents within the hospitality industry, assessing origins and causes, comparing breaches within the industry with those of other industries and identifying areas of concern. Design/methodology/approach A sample of data breach incidents is drawn from the Verizon VERIS Community Database (VCDB). Statistical comparisons between hospitality and non-hospitality industry firms are conducted following the Verizon A4 threat framework. Findings The results reveal that breaches between hospitality and non-hospitality firms differ significantly in terms of actors, actions, assets and attributes. Specifically, proportions of breaches in the hospitality industry are larger in terms of external actors, hacking and malware, user devices compromised and integrity violations. Additionally, compared to other industries, point-of-sales (POS) system breaches occur at a higher rate in the hospitality industry. The study finds that company size, hacking and malware predict the likelihood of a POS breach. Research limitations/implications The study uses secondary data and does not include the entire universe of data breaches. Originality/value In the quest to reduce data breach incidents, it is imperative to identify and assess the nature of data breach incidents between industries. Doing so permits the development of targeted industry-specific solutions rather than generic ones. This study systematically identifies differences between hospitality and non-hospitality data security incidents and then suggests areas where hospitality companies should focus future attention to mitigate breach incidents.
18
D'Arcy, John, and Asli Basoglu. "The Influences of Public and Institutional Pressure on Firms’ Cybersecurity Disclosures." Journal of the Association for Information Systems 23, no. 3 (2022): 779–805. http://dx.doi.org/10.17705/1jais.00740.
Full textAbstract:
Cybersecurity disclosures in reports filed with the US Securities and Exchange Commission (SEC) inform investors about firms’ cybersecurity incidents, risks, and related risk management efforts. Firms have traditionally chosen to communicate such information on a quarterly or annual basis, if at all, and prior research on the topic has largely focused on regulatory factors as driving forces. In this paper, we focus on timely disclosures (via 8-K filings) and derive hypotheses regarding the influences of two alternate forms of pressure as drivers of cybersecurity disclosures—(1) public pressure following a firm’s data breach and (2) pressure arising from the breaches of industry peers, which we cast as “institutional pressure.” We also theorize on how the source of the breach (internal or external) influences these forms of pressure. Our results suggest that firms’ cybersecurity disclosure practices are influenced by public pressure following a data breach and that this pressure is more acute for external breaches than for internal breaches. By contrast, breaches by industry peers, as a form of institutional pressure, appear to prompt fewer cybersecurity disclosures, except when the focal firm suffers its own external breach. From a theoretical perspective, our study supports a nuanced application of legitimacy theory in the cybersecurity disclosure context, especially in the midst of public and institutional pressure, such that the source of a data breach determines whether firms attempt to address the resultant legitimacy gap. From a practical perspective, our results may be viewed as alarming in that firms are not reacting to internal breaches with the same degree of communicative effort about cybersecurity as for external breaches, at least in terms of the timely disclosures we consider in this study. Our findings also point to certain levers that can promote timely cybersecurity disclosures, and thus have important policy implications.
19
Hile, Jack. "Dude, Where’s My Data? The Effectiveness of Laws Governing Data Breaches in Australia." Journal of Telecommunications and the Digital Economy 9, no. 2 (June 29, 2021): 47–68. http://dx.doi.org/10.18080/jtde.v9n2.381.
Full textAbstract:
The increasing prevalence of large-scale data breaches prompted Australia to strengthen the Privacy Act by enacting the Privacy Amendment (Notifiable Data Breaches) Act to regulate the behaviour of entities entrusted with personal data. However, this paper argues that these legislative instruments are ineffective when dealing with data breaches and their associated problems. In supporting this conclusion, this paper first develops a criterion for effective data breach law, and then evaluates the Australian framework against this criterion to determine its operational effectiveness. In addition, this paper analyses practical developments in the area of data-breach law to garner insights as to how the Australian framework can be made more effective. Ultimately, this paper concludes that the Australian framework is ineffective when dealing with large-scale data breaches, and recommends future legislative amendment as a means of bolstering its effectiveness.
20
Cross, Cassandra, Megan Parker, and Daniel Sansom. "Media discourses surrounding ‘non-ideal’ victims: The case of the Ashley Madison data breach." International Review of Victimology 25, no. 1 (February 20, 2018): 53–69. http://dx.doi.org/10.1177/0269758017752410.
Full textAbstract:
Data breaches are an increasingly common event across businesses globally. Many companies have been subject to large-scale breaches. Consequently, the exposure of 37 million customers of the Ashley Madison website is not an extraordinary event in and of itself. However, Ashley Madison is an online dating website predominantly known for facilitating extramarital affairs. Therefore, the nature of this website (and business) is very different from those that have previously been breached. This article examines one of the media discourses surrounding the victims of the Ashley Madison data breach. It particular, it illustrates examples of victim blaming evident in the print media towards individuals (or customers) who had their personal details exposed. Importantly, it highlights the emerging tension within this particular case, of the strong victim blaming narrative contrasted against those who attempted to challenge this discourse and refocus attention on the actual offenders, and the criminality of the act. The article concludes that victims of this data breach were exposed to victim blaming, based on the perceived immorality of the website they were connected to and their actions in subscribing, rather than focusing on the data breach itself, and the blatant criminality of the offenders who exposed the sensitive information.
21
Whigham, Kerry. "States of conception: Renegotiating the mnemonic order amid crisis." Memory Studies 14, no. 6 (December 2021): 1333–46. http://dx.doi.org/10.1177/17506980211054339.
Full textAbstract:
A memory breach is an action, statement, or sociopolitical crisis that calls into dispute the mnemonic order, which is defined as an underlying orientation toward the past that serves to justify the political order and social order within a society. Following a memory breach, the society enters a “state of conception.” Related to the “state of exception” commonly associated with political crisis, the state of conception is a liminal space that follows a memory breach in which a society reexamines the mnemonic order. This article examines three recent memory breaches in Argentina, Germany, and the United States. By comparing three different breaches, each with different outcomes, it offers a framework for understanding memory breaches and the states of conception that they produce.
22
Neto, Nelson Novaes, Stuart Madnick, Anchises Moraes G. De Paula, and Natasha Malara Borges. "Developing a Global Data Breach Database and the Challenges Encountered." Journal of Data and Information Quality 13, no. 1 (January 28, 2021): 1–33. http://dx.doi.org/10.1145/3439873.
Full textAbstract:
If the mantra “data is the new oil” of our digital economy is correct, then data leak incidents are the critical disasters in the online society. The initial goal of our research was to present a comprehensive database of data breaches of personal information that took place in 2018 and 2019. This information was to be drawn from press reports, industry studies, and reports from regulatory agencies across the world. This article identified the top 430 largest data breach incidents among more than 10,000 data breach incidents. In the process, we encountered many complications, especially regarding the lack of standardization of reporting. This article should be especially interesting to the readers of JDIQ because it describes both the range of data quality and consistency issues found as well as what was learned from the database created. The database that was created, available at https://www.databreachdb.com, shows that the number of data records breached in those top 430 incidents increased from around 4B in 2018 to more than 22B in 2019. This increase occurred despite the strong efforts from regulatory agencies across the world to enforce strict rules on data protection and privacy, such as the General Data Protection Regulation (GDPR) that went into effect in Europe in May 2018. Such regulatory effort could explain the reason why there is such a large number of data breach cases reported in the European Union when compared to the U.S. (more than 10,000 data breaches publicly reported in the U.S. since 2018, while the EU reported more than 160,000 1 data breaches since May 2018). However, we still face the problem of an excessive number of breach incidents around the world. This research helps to understand the challenges of proper visibility of such incidents on a global scale. The results of this research can help government entities, regulatory bodies, security and data quality researchers, companies, and managers to improve the data quality of data breach reporting and increase the visibility of the data breach landscape around the world in the future.
23
Ali, Syed Emad Azhar, Fong-Woon Lai, Ameenullah Aman, Muhammad Furquan Saleem, and Salaheldin Hamad. "Do Information Security Breach and Its Factors Have a Long-Run Competitive Effect on Breached Firms’ Equity Risk?" Journal of Competitiveness 14, no. 1 (March 31, 2022): 23–42. http://dx.doi.org/10.7441/joc.2022.01.02.
Full textAbstract:
A breach in information security (infosec) can materially impact a firm’s long-term competitiveness. For publicly listed firms, an infosec breach can have a long-lasting effect on their competitive stock performance, including their equity risk. Despite its significance, past research has focused primarily on examining the short-term effect of infosec breaches while ignoring its long-term effect on the firm’s equity risk. Therefore, in this research, we examined the long-run effect of 276 infosec breaches at publicly traded firms on equity risk from 2009 to 2018. We analyzed each firm’s equity risk compared to its competitive control firms of similar sizes and performances for three years, from one year before to two years after the breach, using a one-to-one matching methodology. The univariate analysis of infosec breaches on equity risk indicated that breach firms have a 7% higher equity risk than competitive control firms. Additionally, the quantile regression analysis of the effect of infosec breach factors on long-run equity risk showed that the rise in equity risk is higher if the breach involves the compromise of confidential information and is a repeat breach for the same firm. The findings provide a valuable resource for investors, managers, and researchers interested in understanding the long-term relationship between infosec breaches and a firm’s stock competitiveness.
24
Li, You Tang, Zhi Yuan Rui, and Chang Feng Yan. "Uniform Model and Fracture Criteria of Annularly Breached Bars under Bending." Key Engineering Materials 321-323 (October 2006): 751–54. http://dx.doi.org/10.4028/www.scientific.net/kem.321-323.751.
Full textAbstract:
A uniform model, in which the crack, V-notch, U-notch and arc are described as breach uniformly, is put forward in this paper. The tip radius, depth and field angle of breach are regarded as the parameter of annularly breached bar. The stress field and displacement field near the tip of the annularly breached bar under bending, in which takes fα(a/b) as its descriptive parameter, was given. All forms of breaches according to the change of tip radius, depth and field angle were discussed. The effects of parameters on fα(a/b) in bending were analyzed. The criteria for the safety design and fracture design both of which on fα(a/b) were obtained. The results not only can be applied widely to anti-fracture design but also be used for reference in anti-fatigued design in product lifecycle management.
25
Holtfreter, Robert E., and Adrian Harrington. "Data breach trends in the United States." Journal of Financial Crime 22, no. 2 (May 5, 2015): 242–60. http://dx.doi.org/10.1108/jfc-09-2013-0055.
Full textAbstract:
Purpose – The main purpose of this paper is to analyze the trends of various types of data breaches and their compromised records in the USA using a new model recently developed by the authors. Design/methodology/approach – The 2,280 data breaches and over 512 million related compromised records tracked by the Privacy Rights Clearinghouse from 2005 through 2010 were analyzed and classified into four external, five internal and one non-traceable data breach categories, after which trends were determined for each. Findings – The findings indicate that although the trends for the annual number of data breaches and each of the internal and external categories and their related compromised records have increased over the six-year period, the changes have not been consistent from year to year. Practical implications – By classifying data breaches into internal and external categories with the use of this new data breach model provides an excellent methodological framework for organizations to use to develop more workable strategies for safeguarding personal information of consumers, clients, employees and other entities. Originality/value – The topic of data breaches remains salient to profit and nonprofit organizations, researchers, legislators, as well as criminal justice practitioners and consumer advocate groups.
26
Ko, Dongwoo, Joongu Kang, Sungjoong Kim, and Yonguk Ryu. "Experimental study on the performance analysis of river levee using new substance for improving earth surface resistance." E3S Web of Conferences 40 (2018): 03022. http://dx.doi.org/10.1051/e3sconf/20184003022.
Full textAbstract:
The reasons why levee breaches during floods are largely due to overtopping, seepage, and structurally induced piping. According to an analysis of domestic and overseas reported cases of levee breaches, overtopping was found to be the cause for approximately 40% of all cases of breach. Despite such efforts of previous research to establish disaster prevention plans associated with levee breaches, to enhance our understanding of the processes and reasons, further research regarding the prediction of levee breaches must be undertaken by accumulating test data under several different conditions and further verification of the data using numerical models must also be undertaken. In this study, development of technologies regarding a new environmentally friendly bio-polymer capable of protecting levees from erosion is being undertaken. Breach mechanisms was assessed using an image measurement system that collected data regarding the breach progress of the levee, close-up views of the breaching surface, and the formation of the final breaching cross-sections. Further, levee slopes were covered with a bio-soil mixed with a new substance for the purpose of analyzing the stability and the time delay effect.
27
Seh, Adil Hussain, Mohammad Zarour, Mamdouh Alenezi, Amal Krishna Sarkar, Alka Agrawal, Rajeev Kumar, and Raees Ahmad Khan. "Healthcare Data Breaches: Insights and Implications." Healthcare 8, no. 2 (May 13, 2020): 133. http://dx.doi.org/10.3390/healthcare8020133.
Full textAbstract:
The Internet of Medical Things, Smart Devices, Information Systems, and Cloud Services have led to a digital transformation of the healthcare industry. Digital healthcare services have paved the way for easier and more accessible treatment, thus making our lives far more comfortable. However, the present day healthcare industry has also become the main victim of external as well as internal attacks. Data breaches are not just a concern and complication for security experts; they also affect clients, stakeholders, organizations, and businesses. Though the data breaches are of different types, their impact is almost always the same. This study provides insights into the various categories of data breaches faced by different organizations. The main objective is to do an in-depth analysis of healthcare data breaches and draw inferences from them, thereby using the findings to improve healthcare data confidentiality. The study found that hacking/IT incidents are the most prevalent forms of attack behind healthcare data breaches, followed by unauthorized internal disclosures. The frequency of healthcare data breaches, magnitude of exposed records, and financial losses due to breached records are increasing rapidly. Data from the healthcare industry is regarded as being highly valuable. This has become a major lure for the misappropriation and pilferage of healthcare data. Addressing this anomaly, the present study employs the simple moving average method and the simple exponential soothing method of time series analysis to examine the trend of healthcare data breaches and their cost. Of the two methods, the simple moving average method provided more reliable forecasting results.
28
Avery, Atiya. "After the disclosure: measuring the short-term and long-term impacts of data breach disclosures on the financial performance of organizations." Information & Computer Security 29, no. 3 (April 8, 2021): 500–525. http://dx.doi.org/10.1108/ics-10-2020-0161.
Full textAbstract:
Purpose This study aims to evaluate changes to the financial performance of organizations in the 1–4 quarters following a data breach event. The study introduces two new variables, “intangible assets” and “extraordinary losses” to the discussion on the impact of data breaches on an organization’s financial performance. Intangible assets allow us to gauge the data breach’s impact on the organization’s brand reputation and intellectual capital reserves. Extraordinary losses allow us to gauge if organizations considered data breaches truly detrimental to their operations that they rose to the level of “extraordinary” and not an event that could be incorporated into its usual operating expenses. Design/methodology/approach This study uses a matched sample comparison analysis of 47 organizations to understand the short-term and long-term impacts of data breach events on an organization’s financial performance. Findings Data breach events have some negative impacts on the organization’s profitability more than likely leading to a depletion of the organization’s assets. However, organizations do not perform better or worse in the short-term or long-term due to a data breach event; the organizations can be considered financially sustainable in the 1–4 quarters following a data breach disclosure. Originality/value This study takes two approaches to theory development. The first approach extends the current literature on data breach events as negative, value declining events to the organization’s performance, which is referred to as the “traditional view.” The second view posits that a data breach event may be a catalyst for enhanced long-term organization performance; this is referred to as the organizational sustainability and resiliency view.
29
Aivazpour, Zahra, Rohit Valecha, and Rajarshi Chakraborty. "Data Breaches." ACM SIGMIS Database: the DATABASE for Advances in Information Systems 53, no. 4 (November 15, 2022): 65–82. http://dx.doi.org/10.1145/3571823.3571829.
Full textAbstract:
Recent events have shown that online booking is vulnerable to hacking incidents such as data breaches. The primary purpose of this study is to investigate the effect of the risky decision-making factors on consumer post breach behavior. After a data breach, most of the companies offer monitoring services to restore customer trust and encourage them for future purchases. However, little research has been done to understand the impact of these monitoring services on consumer behavior. In this study, we examine whether monitoring services can mitigate the impact of risk perception on online booking. We utilized the Marriott data breach of November 2018 as the context. We manipulate data breach severity in our vignettes. The research model was tested using data gathered from 298 Mechanical Turk respondents. Our vignette-based survey design allowed us to incorporate situational details thought to be important in risky decision-making in a data breach context. We found strong support for our research model including the positive moderating effect of company suggested monitoring on online booking intention. The findings of this study could help firms in developing more influential post-breach monitoring services.
30
Kamoun, Faouzi, and Mathew Nicho. "Human and Organizational Factors of Healthcare Data Breaches." International Journal of Healthcare Information Systems and Informatics 9, no. 1 (January 2014): 42–60. http://dx.doi.org/10.4018/ijhisi.2014010103.
Full textAbstract:
Over the past few years, concerns related to healthcare data privacy have been mounting since healthcare information has become more digitized, distributed and mobile. However, very little is known about the root cause of data breach incidents; making it difficult for healthcare organizations to establish proper security controls and defenses. Through a systematic review and synthesis of data breaches literature, and using databases of earlier reported healthcare data breaches, the authors re-examine and analyze the causal factors behind healthcare data breaches. The authors then use the Swiss Cheese Model (SCM) to shed light on the technical, organizational and human factors of these breaches. The author's research suggests that incorporating the SCM concepts into the healthcare security policies and procedures can assist healthcare providers in assessing the vulnerabilities and risks associated with the maintenance and transmission of protected health information.
31
Bisogni, Fabio, and Hadi Asghari. "More Than a Suspect: An Investigation into the Connection Between Data Breaches, Identity Theft, and Data Breach Notification Laws." Journal of Information Policy 10, no. 1 (May 1, 2020): 45–82. http://dx.doi.org/10.5325/jinfopoli.10.1.0045.
Full textAbstract:
Abstract This article investigates the relationship between data breaches and identity theft, including the impact of Data Breach Notification Laws (DBNL) on these incidents (using empirical data and Bayesian modeling). We collected incident data on breaches and identity thefts over a 13-year timespan (2005–2017) in the United States. Our analysis shows that the correlation is driven by the size of a state. Enacting a DBNL still slightly reduces rates of identity theft; while publishing breaches notifications by Attorney Generals helps the broader security community learning about them. We conclude with an in-depth discussion on what the European Union can learn from the US experience.
32
Hao, Jianqiang, and Hongying Dai. "Social media content and sentiment analysis on consumer security breaches." Journal of Financial Crime 23, no. 4 (October 3, 2016): 855–69. http://dx.doi.org/10.1108/jfc-01-2016-0001.
Full textAbstract:
Purpose Security breaches have been arising issues that cast a large amount of financial losses and social problems to society and people. Little is known about how social media could be used a surveillance tool to track messages related to security breaches. This paper aims to fill the gap by proposing a framework in studying the social media surveillance on security breaches along with an empirical study to shed light on public attitudes and concerns. Design/methodology/approach In this study, the authors propose a framework for real-time monitoring of public perception to security breach events using social media metadata. Then, an empirical study was conducted on a sample of 1,13,340 related tweets collected in August 2015 on Twitter. By text mining a large number of unstructured, real-time information, the authors extracted topics, opinions and knowledge about security breaches from the general public. The time series analysis suggests significant trends for multiple topics and the results from sentiment analysis show a significant difference among topics. Findings The study confirms that social media monitoring provides a supplementary tool for the traditional surveys which are costly and time-consuming to track security breaches. Sentiment score and impact factors are good predictors of real-time public opinions and attitudes to security breaches. Unusual patterns/events of security breaches can be detected in the early stage, which could prevent further destruction by raising public awareness. Research limitations/implications The sample data were collected from a short period of time on Twitter. Future study could extend the research to a longer period of time or expand key words search to observe the sentiment trend, especially before and after large security breaches, and to track various topics across time. Practical implications The findings could be useful to inform public policy and guide companies responding to consumer security breaches in shaping public perception. Originality/value This study is the first of its kind to undertake the analysis of social media (Twitter) content and sentiment on public perception to security breaches.
33
Spasenko, К. "SIGNIFICANT INVESTIGATIONS OF SITUATION AND VERSIONS IN INVESTIGATION VIOLATION OF SAFETY RULES DURING WORKS WITH HIGH-RISK." Theory and Practice of Forensic Science and Criminalistics 20, no. 2 (December 4, 2019): 62–71. http://dx.doi.org/10.32353/khrife.2.2019.04.
Full textAbstract:
The article proposes a system of typical investigative versions in the process of investigating breaches of security rules when performing high-risk work. An investigator’s program of verification of the proposed versions has been opened.
Separate depending on the content of the above elements of group 3 of typical investigative situations of breaches of security rules at the initial stage of the investigation. In the first investigative situation, the fact and manner of breach of the security rules, as well as the person who committed the breach, was established, the notification of the offense was received in the procedure of scheduled inspection. In the second investigative situation — the fact and method of violation of the security rules is established, information on the identity of the offender — is missing, the notification of the offense was received in the procedure of accident investigation. In the third investigative situation — the fact and the identity of the breach of security rules is established, information about the method of breach of security rules — is not available, proceedings for breach of security rules are initiated on the basis of a statement of the victim or his relatives. This differentiation of situations is related to the peculiarities of the departmental investigation of security breaches.
34
Burke, Ivan D., and Renier P. van Heerden. "The World is Polluted With Leaked Cyber Data." International Journal of Cyber Warfare and Terrorism 7, no. 4 (October 2017): 35–51. http://dx.doi.org/10.4018/ijcwt.2017100104.
Full textAbstract:
Data breaches are becoming more common and numerous every day, where huge amount of data (corporate and personal) are leaked more frequently than ever. Corporate responses to data breaches are insufficient, when commonly remediation is minimal. This research proposes that a similar approach to physical pollution (environmental pollution) can be used to map and identify data leaks as Cyber pollution. Thus, IT institutions should be made aware of their contribution to Cyber pollution in a more measurable method. This article defines the concept of cyber pollution as: security vulnerable (such as unmaintained or obsolete) devices that are visible through the Internet and corporate networks. This paper analyses the recent state of data breach disclosures Worldwide by providing statistics on significant scale data breach disclosures from 2014/01 to 2016/12. Ivan Burke and Renier van Heerden model security threat levels similar to that of pollution breaches within the physical environment. Insignificant security openings or vulnerabilities can lead to massive exploitation of entire systems. By modelling these breaches as pollution, the aim is to introduce the concept of cyber pollution. Cyber pollution is a more tangible concept for IT managers to relay to staff and senior management. Using anonymised corporate network traffic with Open Source penetration testing software, the model is validated.
35
Algarni, Abdullah M., Vijey Thayananthan, and Yashwant K. Malaiya. "Quantitative Assessment of Cybersecurity Risks for Mitigating Data Breaches in Business Systems." Applied Sciences 11, no. 8 (April 19, 2021): 3678. http://dx.doi.org/10.3390/app11083678.
Full textAbstract:
The evaluation of data breaches and cybersecurity risks has not yet been formally addressed in modern business systems. There has been a tremendous increase in the generation, usage and consumption of industrial and business data as a result of smart and computational intensive software systems. This has resulted in an increase in the attack surface of these cyber systems. Consequently, there has been a consequent increase in the associated cybersecurity risks. However, no significant studies have been conducted that examine, compare, and evaluate the approaches used by the risk calculators to investigate the data breaches. The development of an efficient cybersecurity solution allows us to mitigate the data breaches threatened by the cybersecurity risks such as cyber-attacks against database storage, processing and management. In this paper, we develop a comprehensive, formal model that estimates the two components of security risks: breach cost and the likelihood of a data breach within 12 months. The data used in this model are taken from the industrial business report, which provides the necessary information collected and the calculators developed by the major organizations in the field. This model integrated with the cybersecurity solution uses consolidated factors that have a significant impact on the data breach risk. We propose mathematical models of how the factors impact the cost and the likelihood. These models allow us to conclude that results obtained through the models mitigate the data breaches in the potential and future business system dynamically.
36
&NA;. "Privacy breaches." Nursing 34, no. 9 (September 2004): 35. http://dx.doi.org/10.1097/00152193-200409000-00035.
Full text
37
Pham, Martin H., Joshua Bakhsheshian, Patrick C. Reid, Ian A. Buchanan, Vance L. Fredrickson, and John C. Liu. "Evaluation of C2 pedicle screw placement via the freehand technique by neurosurgical trainees." Journal of Neurosurgery: Spine 29, no. 3 (September 2018): 235–40. http://dx.doi.org/10.3171/2018.1.spine17875.
Full textAbstract:
OBJECTIVEFreehand placement of C2 instrumentation is technically challenging and has a learning curve due the unique anatomy of the region. This study evaluated the accuracy of C2 pedicle screws placed via the freehand technique by neurosurgical resident trainees.METHODSThe authors retrospectively reviewed all patients treated at the LAC+USC Medical Center undergoing C2 pedicle screw placement in which the freehand technique was used over a 1-year period, from June 2016 to June 2017; all procedures were performed by neurosurgical residents. Measurements of C2 were obtained from preoperative CT scans, and breach rates were determined from coronal reconstructions on postoperative scans. Severity of breaches reflected the percentage of screw diameter beyond the cortical edge (I = < 25%; II = 26%–50%; III = 51%–75%; IV = 76%–100%).RESULTSNeurosurgical residents placed 40 C2 pedicle screws in 24 consecutively treated patients. All screws were placed by or under the guidance of Pham, who is a postgraduate year 7 (PGY-7) neurosurgical resident with attending staff privileges, with a PGY-2 to PGY-4 resident assistant. The authors found an average axial pedicle diameter of 5.8 mm, axial angle of 43.1°, sagittal angle of 23.0°, spinal canal diameter of 25.1 mm, and axial transverse foramen diameter of 5.9 mm. There were 17 screws placed by PGY-2 residents, 7 screws placed by PGY-4 residents, and 16 screws placed by the PGY-7 resident. The average screw length was 26.0 mm, with a screw diameter of 3.5 mm or 4.0 mm. There were 7 total breaches (17.5%), of which 4 were superior (10.0%) and 3 were lateral (7.5%). There were no medial breaches. The breaches were classified as grade I in 3 cases (42.9%), II in 3 cases (42.9%), III in 1 case (14.3%), and IV in no cases. There were 3 breaches that occurred via placement by a PGY-2 resident, 3 breaches by a PGY-4 resident, and 1 breach by the PGY-7 resident. There were no clinical sequelae due to these breaches.CONCLUSIONSFreehand placement of C2 pedicle screws can be done safely by neurosurgical residents in early training. When breaches occurred, they tended to be superior in location and related to screw length choice, and no breaches were found to be clinically significant. Controlled exposure to this unique anatomy is especially pertinent in the era of work-hour restrictions.
38
Mohammed, Zareef. "Data breach recovery areas: an exploration of organization's recovery strategies for surviving data breaches." Organizational Cybersecurity Journal: Practice, Process and People 2, no. 1 (November 9, 2021): 41–59. http://dx.doi.org/10.1108/ocj-05-2021-0014.
Full textAbstract:
PurposeData breaches are an increasing phenomenon in today's digital society. Despite the preparations an organization must take to prevent a data breach, it is still necessary to develop strategies in the event of a data breach. This paper explores the key recovery areas necessary for data breach recovery.Design/methodology/approachStakeholder theory and three recovery areas (customer, employee and process recovery) are proposed as necessary theoretical lens to study data breach recovery. Three data breach cases (Anthem, Equifax, and Citrix) were presented to provide merit to the argument of the proposed theoretical foundations of stakeholder theory and recovery areas for data breach recovery research.FindingsInsights from these cases reveal four areas of recovery are necessary for data breach recovery – customer recovery, employee recovery, process recovery and regulatory recovery.Originality/valueThese areas are presented in the data recovery areas model and are necessary for: (1) organizations to focus on these areas when resolving data breaches and (2) future data breach recovery researchers in developing their research in the field.
39
Diers-Lawson, Audra, and Amelia Symons. "Mind the gap: Understanding stakeholder reactions to different types of data security." Proceedings of the International Crisis and Risk Communication Conference 3 (March 11, 2020): 25–28. http://dx.doi.org/10.30658/icrcc.2020.6.
Full textAbstract:
Data security breaches are an increasingly common problem for organizations, yet there are critical gaps in our understanding of how different stakeholders understand and evaluate organizations that have experienced these kinds of security breaches. While organizations have developed relatively standard approaches to responding to security breaches that: (1) acknowledge the situation; (2) highlight how much they value their stakeholders’ privacy and private information; and (3) focus on correcting and preventing the problem in the future, the effectiveness of this response strategy and factors influencing it have not been adequately explored. This experiment focuses on a 2 (type of organization) x 2 (prior knowledge of breach risk) with a control group design. Findings suggest that perceptions of competence is the most important factor influencing outcome variables like behavioral intention and social responsibility evaluations.
40
Petrie, Nicholas. "Reforming the Remedy: Getting the Right Remedial Structure to Protect Personal Privacy." Deakin Law Review 17, no. 1 (October 1, 2012): 121. http://dx.doi.org/10.21153/dlr2012vol17no1art71.
Full textAbstract:
Politicians, journalists and academics have exhausted many hours over the last decade debating the question of whether Australia should have a statutory cause of action for invasion of personal privacy. In the midst of this ongoing debate, a simple question has often been overlooked: what remedies should be available to a person whose privacy been breached? In posing and answering that question, it is argued that a wide range of remedies for intrusions of personal privacy should be available to the courts. Perhaps most controversially, the author asserts that exemplary damages, which aim to punish defendants and deter future breaches of the law, should be available for the most heinous breaches of personal privacy.
41
Gaikwad, Ujjwala Nitin, Oshrika Bose, Abhishek Padhi, Atul Jindal, Keshao Nagpure, Anudita Bhargava, and Padma Das. "A retrospective observational insight into COVID-19 exposures resulting from personal protective equipment (PPE) breaches." PLOS ONE 17, no. 5 (May 17, 2022): e0268582. http://dx.doi.org/10.1371/journal.pone.0268582.
Full textAbstract:
Background Healthcare workers (HCWs) stand the risk of acquiring infection directly, while attending to patients or indirectly while handling and testing patient specimens. Considering this, the present study was planned to assess Personal Protective Equipment (PPE) breaches and exposures among HCWs working in COVID-19 wards/ screening areas and to evaluate their COVID-19 positivity rates post-exposure concerning the level of exposure, type of PPE breach, and the cadre of HCWs exposed in COVID-19 wards. Methods This retrospective cross-sectional study involved the analysis of all instances of PPE breaches which occurred during a period of nine months from June 2020 to February 2021 at a tertiary care level hospital in Central India. The analysis included all exposures involving any cadre of HCWs that occurred while handling the patients or while doffing the contaminated PPE in COVID -19 wards. Results A total of 347 PPE breaches were analyzed from the available records of the Hospital Infection Control team repository. Amongst the 347 breaches, 268 (77.2%) were classified as low-risk exposures and 79 (22.8%) as high-risk exposures. Cadre wise distribution of high and low-risk exposures revealed that, PPE breaches occurred most commonly in the category of nursing officers (n = 174, 50.1%). Among all of the breaches, 15.2% of high-risk exposures and 2.6% of low-risk exposures resulted in COVID-19 positivity with a cumulative positivity of 5.4%. Collectively, non-mask related breaches accounted for the majority (63.2%) of the positive COVID-19 cases. Conclusion Appropriate use of PPE by HCWs is vital for their protection. However, breaches in the use of PPE may occur while managing COVID-19 patients due to physical and mental exhaustion among HCWs resulting from work overload. Early identification and appropriate management of HCWs with high-risk exposures can help prevent transmission to other hospital staff and patients, thus preserving resources and workforce.
42
Cha, Sandra E., Sung Soo Kim, Patricia Faison Hewlin, and D. Scott DeRue. "Turning a Blind or Critical Eye to Leader Value Breaches: The Role of Value Congruence in Employee Perceptions of Leader Integrity." Journal of Leadership & Organizational Studies 27, no. 3 (February 26, 2020): 286–306. http://dx.doi.org/10.1177/1548051820906981.
Full textAbstract:
How do employees react when an organizational leader commits a value breach (i.e., behaves in a way that employees perceive as inconsistent with the organization’s espoused values)? Prior research provides a mixed view: Employees may conclude that the leader lacks integrity, or they may maintain their perception of the leader’s integrity, despite the breach. We focus on the role of person–organization value congruence in determining employee reactions and propose competing predictions that value congruence is positively (“blind eye effect”) or negatively (“critical eye effect”) associated with employee perceptions of leader behavioral integrity following a breach. In Study 1, field survey data suggested that value congruence was positively associated with the perceived integrity of a leader who had committed a breach. However, two follow-up studies using an experimental vignette methodology revealed additional nuance. An integration of our three studies indicated that before the occurrence of any breaches, employees with high value congruence perceive leaders as higher in integrity than do employees with low value congruence (pre-breach sacralization), but when leaders commit one or more value breaches, high value congruence employees react more harshly—lowering their integrity perceptions to a greater extent (the critical eye effect). As a result, as leaders commit more and more breaches, the initially positive relationship between value congruence and perceived leader integrity weakens and eventually becomes negative. Our findings offer important contributions to theory, research, and practice related to organizational values and leadership.
43
Canan, Mustafa, Omer Ilker Poyraz, and Anthony Akil. "A Monte-Carlo Analysis of Monetary Impact of Mega Data Breaches." International Journal of Cyber Warfare and Terrorism 11, no. 3 (July 2021): 58–81. http://dx.doi.org/10.4018/ijcwt.2021070105.
Full textAbstract:
The monetary impact of mega data breaches has been a significant concern for enterprises. The study of data breach risk assessment is a necessity for organizations to have effective cybersecurity risk management. Due to the lack of available data, it is not easy to obtain a comprehensive understanding of the interactions among factors that affect the cost of mega data breaches. The Monte Carlo analysis results were used to explicate the interactions among independent variables and emerging patterns in the variation of the total data breach cost. The findings of this study are as follows: The total data breach cost varies significantly with personally identifiable information (PII) and sensitive personally identifiable information (SPII) with unique patterns. Second, SPII must be a separate independent variable. Third, the multilevel factorial interactions between SPII and the other independent variables elucidate subtle patterns in the total data breach cost variation. Fourth, class action lawsuit (CAL) categorical variables regulate the variation in the total data breach cost.
44
Sciubba, Daniel M., Joseph C. Noggle, Ananth K. Vellimana, Hassan Alosh, Matthew J. McGirt, Ziya L. Gokaslan, and Jean-Paul Wolinsky. "Radiographic and clinical evaluation of free-hand placement of C-2 pedicle screws." Journal of Neurosurgery: Spine 11, no. 1 (July 2009): 15–22. http://dx.doi.org/10.3171/2009.3.spine08166.
Full textAbstract:
Object Stabilization of the cervical spine can be challenging when instrumentation involves the axis. Fixation with C1–2 transarticular screws combined with posterior wiring and bone graft placement has yielded excellent fusion rates, but the technique is technically demanding and places the vertebral arteries (VAs) at risk. Placement of screws in the pars interarticularis of C-2 as described by Harms and Melcher has allowed rigid fixation with greater ease and theoretically decreases the risk to the VA. However, fluoroscopy is suggested to avoid penetration laterally, medially, and superiorly to avoid damage to the VA, spinal cord, and C1–2 joint, respectively. The authors describe how, after meticulous dissection of the C-2 pars interarticularis, such screws can be placed accurately and safely without the use of fluoroscopy. Methods Prospective follow-up was performed in 55 consecutive patients who underwent instrumented fusion of C-2 by a single surgeon. The causes of spinal instability and type and extent of instrumentation were documented. All patients underwent preoperative CT or MR imaging scans to determine the suitability of C-2 screw placement. Intraoperatively, screws were placed following dissection of the posterior pars interarticularis. Postoperative CT scans were performed to determine the extent of cortical breach. Patients underwent clinical follow-up, and complications were recorded as vascular or neurological. A CT-based grading system was created to characterize such breaches objectively by location and magnitude via percentage of screw diameter beyond the cortical edge (0 = none; I = < 25% of screw diameter; II = 26–50%; III = 51–75%; IV = 76–100%). Results One-hundred consecutive screws were placed in the pedicle of the axis by a single surgeon using external landmarks only. In 10 cases, only 1 screw was placed because of a preexisting VA anatomy or bone abnormality noted preoperatively. In no case was screw placement aborted because of complications noted during drilling. Early complications occurred in 2 patients and were limited to 1 wound infection and 1 transient C-2 radiculopathy. There were 15 total breaches (15%), 2 of which occurred in the same patient. Twelve breaches were lateral (80%), and 3 were superior (20%). There were no medial breaches. The magnitude of the breach was classified as I in 10 cases (66.7% of breaches), II in 3 cases (20% of breaches), III in 1 case (6.7%), and IV in 1 case (6.7%). Conclusions Free-hand placement of screws in the C-2 pedicle can be done safely and effectively without the use of intraoperative fluoroscopy or navigation when the pars interarticularis/pedicle is assessed preoperatively with CT or MR imaging and found to be suitable for screw placement. When breaches do occur, they are overwhelmingly lateral in location, breach < 50% of the screw diameter, and in the authors' experience, are not clinically significant.
45
Muir Wood, Robert, and William Bateman. "Uncertainties and constraints on breaching and their implications for flood loss estimation." Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences 363, no. 1831 (June 15, 2005): 1423–30. http://dx.doi.org/10.1098/rsta.2005.1576.
Full textAbstract:
Around the coasts of the southern North Sea, flood risk is mediated everywhere by the performance of natural and man-made flood defences. Under the conditions of extreme surge with tide water levels, the performance of the defences determines the extent of inland flooding. Sensitivity tests reveal the enormous increase in the volume of water that can pass through a defence once breaching is initiated, with a 1 m reduction in sill elevation doubling the loss. Empirical observations of defence performance in major storm surges around the North Sea reveal some of the principal controls on breaching. For the same defence type, the maximum size and depth of a breach is a function of the integral of the hydraulic gradient across the defence, which is in turn determined by the elevation of the floodplain and the degree to which water can continue to flow inland away from the breach. The most extensive and lowest floodplains thereby ‘generate’ the largest breaches. For surges that approach the crest height, the weaker the protection of the defence, the greater the number of breaches. Defence reinforcement reduces both the number and size of the breaches.
46
Risher, Paul, and Stanford Gibson. "Applying Mechanistic Dam Breach Models to Historic Levee Breaches." E3S Web of Conferences 7 (2016): 03002. http://dx.doi.org/10.1051/e3sconf/20160703002.
Full text
47
Donohue, Miriam L., Ross R. Moquin, Amit Singla, and Blair Calancie. "Is in vivo manual palpation for thoracic pedicle screw instrumentation reliable?" Journal of Neurosurgery: Spine 20, no. 5 (May 2014): 492–96. http://dx.doi.org/10.3171/2014.1.spine13197.
Full textAbstract:
Object Previous reports on the accuracy of manual palpation for thoracic pedicle screw placement have been restricted to cadaveric studies. Authors of the present novel study assessed the accuracy of manual palpation for the detection of medial and lateral pedicle breaches during thoracic spine surgery in living adult humans. Methods Pedicle tracks were created freehand and manually palpated using a ball-tipped probe. Postoperative CT scans of all implanted thoracic and L-1 screws were evaluated with respect to screw position and the pedicle wall. Results Five hundred twenty-five pedicle track/screw placements were compared. There were 21 pedicles with medial breaches measuring ≥ 2 mm. The surgeon correctly identified only 4 of these pedicle tracks as having a medial breach. The surgeon correctly identified 17 of 128 pedicles with a significant (≥ 2 mm) lateral breach. One hundred two screw placements had no measurable breach in any direction (medial, lateral, or foraminal). The surgeon correctly identified 98% of these ideally placed screws. Conclusions In this real-time study of thoracic pedicle screw placement, the accuracy of manual palpation for detecting medial or lateral breaches that were ≥ 2 mm was disturbingly low. These findings are consistent with those in recent cadaveric evaluations of palpation accuracy and point to the critical need for more reliable alternative methods to assess pedicle integrity during the placement of thoracic pedicle screws for spine instrumentation surgery.
48
Topa, Gabriela, Mercedes Aranda-Carmena, and Berta De-Maria. "Psychological Contract Breach and Outcomes: A Systematic Review of Reviews." International Journal of Environmental Research and Public Health 19, no. 23 (November 23, 2022): 15527. http://dx.doi.org/10.3390/ijerph192315527.
Full textAbstract:
A psychological contract is a set of individual beliefs that a person has about the reciprocal obligations and benefits established in an exchange relationship, such as an employment relationship in an organizational setting. A psychological contract breach is a subjective experience referred to the perception of one of the parties that the other has failed to adequately fulfill its obligations and promises. Breaches have been systematically connected to employees’ attitudes and behaviors that hamper the employment relationship. Despite its apparent clarity, some relevant topics about psychological contract breach, psychological contract fulfillment and the relationships with their consequences still remain unclear. The main objective of this review of reviews is to conduct a review of reviews on psychological contract breaches, considering both systematic reviews and metanalytical papers with the purpose of synthesizing the evidence to date under the psychological contract theory. Using the SPIDER tool, our systematic review of reviews focuses on: (a) Sample; (b) Phenomenon of Interest; (c) Design; (d) Evaluation; and (e) Research type. Finally, only eight systematic reviews and meta-analyses met the inclusion criteria. Of the eight reviews included, seven were meta-analyses while the other was a systematic quantitative review. This study describes the available empirical research on psychological contract breaches and fulfillment and summarizes the meta-analytical evidence on their relationships with attitudinal and behavioral outcomes, as well as the role of potential moderator variables. Due to the methodological caveats of the reviews themselves and of the primary studies they were based on, our conclusions about the impact of psychological contract breaches on outcomes still remain tentative.
49
Možina, Damjan. "Raskid ugovora: Skica i Zakon o obligacionim odnosima." Anali Pravnog fakulteta u Beogradu 70, no. 5 (December 29, 2022): 517–42. http://dx.doi.org/10.51204/anali_pfbu_22mk17a.
Full textAbstract:
The paper presents an analysis of the regulation of termination of contract due to a breach in the Yugoslav Law on Obligations (1978) and the Draft Code on Obligations and Contracts (1969), prepared by Mihailo Konstantinović. In the area of termination of contract, Konstantinović’s primary source of inspiration was the Uniform Law on the International Sale of Goods (ULIS, 1964). The regulation of breach of contract in the Draft Code is not based on a uniform notion of breach of contract, rather, there are different types of breaches: non-performance (debtor’s default), defective performance, and impossibility of performance. The Legislative Commission, making changes to the Draft Code, retained its structure, including the regulation of different types of breaches, but made changes with regard to termination of contract. Compared to modern model laws, these changes represent some of the key shortcomings of the regulation of this area in the Law on Obligations.
50
Schatz, Daniel, and Rabih Bashroush. "The impact of repeated data breach events on organisations’ market value." Information & Computer Security 24, no. 1 (March 14, 2016): 73–92. http://dx.doi.org/10.1108/ics-03-2014-0020.
Full textAbstract:
Purpose – This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic impact of such events. Design/methodology/approach – An event studies-based approach was used where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time. Findings – Based on the results, it is argued that, although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches. Research limitations/implications – One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information. Practical implications – One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps drive investment decisions on security programmes that are usually seen as cost rather than moneymaking initiatives. Originality/value – This study envisaged that as more breach event data become more widely available because of compliance and regulatory changes, this approach has the potential to emerge as an important tool for information security managers to help support investment decisions.