Hemantha S. B. Herath

Learn More
In recent years there has been a growing stream of research focusing on cyber-insurance. Risk transference with insurance has been suggested by both practitioners and academics to absorb losses caused by security breaches as well as to supplement the existing set of security tools to manage IT security residual risk after IT security investments are made.(More)
a r t i c l e i n f o Keywords: Information technology management Information technology audit Information systems audit Information security audit Audit decision Agency model Compliance with ever-increasing privacy laws, accounting and banking regulations, and standards is a top priority for most organizations. Information security and systems audits for(More)
Our paper investigates the problem of justifying security investments concerning spam and email virus using real life data from a midsize North American university. We formulate the spam and email virus security problem as a capital budgeting problem using operating characteristic (ROC) curves in a decision theoretic framework. Prior research has(More)
  • 1