Date of Award
Ph.D. in Accountancy
Brian J. Reithel
Mitchell R. Wenger
Information security has been a particularly hot topic since the enhanced internal control requirements of Sarbanes-Oxley (SOX) were introduced in 2002. At about this same time, cloud computing started its explosive growth. Outsourcing of mission-critical functions has always been a gamble for managers, but the advantages of cloud computing are too tempting to ignore. However, the move to cloud computing could prove very costly for a business if the implementation were to fail. When making the decision to outsource critical functions, managers look to accountants to provide assurance that their data and transactions will be secure and that emergency procedures will be in-place and work as designed, to protect the business from any potential losses due to unforeseen events. Statement on Auditing Standards (SAS) 70 has provided guidance to auditors of third-party service organizations since 1992, but was replaced in April 2010 by Statement on Standards for Attestation Engagements (SSAE) 16. And yet, data breaches continue to occur, costing billions of dollars annually. This research used data from the Privacy Rights Clearinghouse (PRC) database and, through frequency analysis, Chi-square and cluster analysis techniques, found statistically significant differences in the frequency of breaches experienced by various types of consumer organizations based on breach and organization type. This result will be useful to auditors. The research also conducted a survey of 67,749 IT manager/directors. The responses to this survey were to be analyzed using binary logistic regressions and Chi-square tests. Unfortunately, due to severe limitations in the response rate and further complicated by the number of incomplete responses, no inferences can be drawn regarding factors relevant to decision-makers when contemplating the movement of critical business functions into the cloud environment.
Sims, James Eric, "Information Security In The Age Of Cloud Computing" (2012). Electronic Theses and Dissertations. 349.