Catalogue Search | MBRL
Are you sure you want to remove the book from the shelf?
{{itemTitle}}
2,057,964
result(s) for
"Securities management"
Sort by:
A practical approach to XVA : the evolution of derivatives valuation after the financial crisis
\"The 2008 financial crisis shook the financial derivatives market to its core, revealing a failure to fully price the cost of doing business then. As a response to this, and to cope with regulatory demands for massively increased capital and other measures with funding cost, the pre-2008 concept of Credit Valuation Adjustment (CVA) has evolved into the far more complex hybrid Cross Valuation Adjustment (XVA). This book presents a clear and concise framework and provides key considerations for the computation of myriad adjustments to the price of financial derivatives, to fully reflect costs. XVA has been of great interest recently due to heavy funding costs (FVA), initial margin (MVA) and capital requirements (KVA) required to sustain a derivatives business since 2008, in addition to the traditional concepts of cost from counterparty default or credit deterioration (CVA), and its mirror image -- the cost of one own's default (DVA). The book takes a practitioner's perspective on the above concepts, and then provides a framework to implement such adjustments in practice. Models are presented too, taking note of what is computationally feasible in light of portfolios typical of investment banks, and the different instruments associated with these portfolios\"-- Provided by publisher.
Book
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness
Many organizations recognize that their employees, who are often considered the weakest link in information security, can also be great assets in the effort to reduce risk related to information security. Since employees who comply with the information security rules and regulations of the organization are the key to strengthening information security, understanding compliance behavior is crucial for organizations that want to leverage their human capital. This research identifies the antecedents of employee compliance with the information security policy (ISP) of an organization. Specifically, we investigate the rationality-based factors that drive an employee to comply with requirements of the ISP with regard to protecting the organization's information and technology resources. Drawing on the theory of planned behavior, we posit that, along with normative belief and self-efficacy, an employee's attitude toward compliance determines intention to comply with the ISP. As a key contribution, we posit that an employee's attitude is influenced by benefit of compliance, cost of compliance, and cost of noncompliance, which are beliefs about the overall assessment of consequences of compliance or noncompliance. We then postulate that these beliefs are shaped by the employee's outcome beliefs concerning the events that follow compliance or noncompliance: benefit of compliance is shaped by intrinsic benefit, safety of resources, and rewards, while cost of compliance is shaped by work impediment; and cost of noncompliance is shaped by intrinsic cost, vulnerability of resources, and sanctions. We also investigate the impact of information security awareness (ISA) on outcome beliefs and an employee's attitude toward compliance with the ISP. Our results show that an employee's intention to comply with the ISP is significantly influenced by attitude, normative beliefs, and self-efficacy to comply. Outcome beliefs significantly affect beliefs about overall assessment of consequences, and they, in turn, significantly affect an employee's attitude. Furthermore, ISA positively affects both attitude and outcome beliefs. As the importance of employees' following their organizations' information security rules and regulations increases, our study sheds light on the role of ISA and compliance-related beliefs in an organization's efforts to encourage compliance.
Journal Article
The Association Between the Disclosure and the Realization of Information Security Risk Factors
Firms often disclose information security risk factors in public filings such as 10-K reports. The internal information associated with disclosures may be positive or negative. In this paper, we evaluate how the nature of the disclosed security risk factors, believed to represent the firm's internal information regarding information security, is associated with future breach announcements reported in the media. For this purpose, we build a decision tree model, which classifies the occurrence of future security breaches based on the textual contents of the disclosed security risk factors. The model is able to accurately associate disclosure characteristics with breach announcements about 77% of the time. We further explore the contents of the security risk factors using text-mining techniques to provide a richer interpretation of the results. The results show that the disclosed security risk factors with risk-mitigation themes are less likely to be related to future breach announcements. We also investigate how the market interprets the nature of information security risk factors in annual reports. We find that the market reaction following the security breach announcement is different depending on the nature of the preceding disclosure. Thus, our paper contributes to the literature in information security and sheds light on how market participants can better interpret security risk factors disclosed in financial reports at the time when financial reports are released.
Journal Article
Circuits of Power in Creating de jure Standards: Shaping an International Information Systems Security Standard
This paper addresses the role of power and politics in setting standards. It examines the interaction of external contingencies, powerful agents, resources, meaning, and membership of relevant social and institutional groupings in generating successful political outcomes. To study these interactions, the paper adopts the circuits of power, a theoretical framework taken from the social sciences, and applies it to understanding the creation and development of the first standard in information security management. An informal group of UK security chiefs sparked off a process which led first to BS7799, the British standard, and later to ISO 17799, the international standard. The case study portrays how the institutionalization of this ad hoc development process results from the interactions of power among the stakeholders involved. The case study also shows how the different interests and objectives of the stakeholders were influenced by exogenous contingencies and institutional forces. The paper discusses theoretical and practical implications for the future development of such standards.
Journal Article
Institutional Influences on Information Systems Security Innovations
This research investigates information security management as an administrative innovation. Although a number of institutional theories deal with information systems (IS) innovation in organizations, most of these institutional-centered frameworks overlook external economic efficiency and internal organizational capability in the presence of pressures of institutional conformity. Using Korea as the institutional setting, our research model posits that economic-based consideration will moderate the institutional conformity pressure on information security adoption while organization capability will influence the institutional confirmation of information security assimilation. The model is empirically tested using two-stage survey data from a field study of 140 organizations in Korea. The results indicate that in addition to institutional influences, our six proposed economic-based and organizational capability moderating variables all have significant influences on the degree of the adoption and assimilation of information security management. We conclude with implications for research in the area of organizational theory and the information security management literature, and for practices regarding how managers can factor into their information security planning the key implementation variables discovered in this study. The robust setting of the study in Korean firms allows us to generalize the theory to a new context and across cultures.
Journal Article
Outsourcing Information Security: Contracting Issues and Security Implications
A unique challenge in information security outsourcing is that neither the outsourcing firm nor the managed security service provider (MSSP) perfectly observes the
outcome
, the occurrence of a security breach, of prevention effort. Detection of security breaches often requires specialized effort. The current practice is to outsource both prevention and detection to the same MSSP. Some security experts have advocated outsourcing prevention and detection to different MSSPs. We show that the former outsourcing contract leads to a significant disincentive to provide detection effort. The latter contract alleviates this problem but introduces misalignment of incentives between the firm and the MSSPs and eliminates the advantages offered by complementarity between prevention and detection functions, which may lead to a worse outcome than the current contract. We propose a new contract that is superior to these two on various dimensions.
This paper was accepted by Lorin Hitt, information systems.
Journal Article