CEC Theses and Dissertations

Date of Award

2016

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Information Systems (DISS)

Department

College of Engineering and Computing

Advisor

Ling Wang

Committee Member

Faith Heikkila

Committee Member

Gertrude Abramson

Abstract

Financial services institutions maintain large amounts of data that include both intellectual property and personally identifiable information for employees and customers. Due to the potential damage to individuals, government regulators hold institutions accountable for ensuring that personal data are protected and require reporting of data security breaches. No company wants a data breach, but finding a security incident or breach early in the attack cycle may decrease the damage or data loss a company experiences. In multiple high profile data breaches reported in major news stories over the past few years, there is a pattern of the adversary being inside the company’s network for months, and often law enforcement is the first to inform the company of the breach.

The problem that was investigated in this case study was whether new information technology (IT) utilized by Fortune 500 financial services companies led to the changes in data security incidents and breaches. The goal of this dissertation is to gain a deeper understanding on how IT can increase awareness of a security incident or breach, and can also decrease security incidents and breaches. This dissertation also explores how threat information sharing increases awareness and decreases information security incidents and breaches. The objective of the study was to understand how changes in IT can influence an increase or decrease in data security breaches.

This investigation was a case study of nine Fortune 500 financial services companies to understand what types of IT increase or decrease detection of security incidents and breaches. An increase in detecting and stopping a security incident or breach may have positive effects on the security of an enterprise. The longer a hacker has access to IT systems, the more entrenched they become and the more time the hacker has to locate data with high value. Time is of the essence to detect a compromise and react. The results of the case study showed that Fortune 500 companies utilized new IT that allowed them to improve their visibility of security incidents and breaches from months and years to hours and days.