Abstract
Recent history has shown both the benefits and risks of information sharing among firms. Information is shared to facilitate mutual business objectives. However, information sharing can also introduce security-related concerns that could expose the firm to a breach of privacy, with significant economic, reputational, and safety implications. It is imperative for organizations to leverage available information to evaluate security related to information sharing when evaluating current and potential information-sharing partnerships. The "fine print" or privacy policies of firms can provide a signal of security across a wide variety of firms being considered for new and continued information-sharing partnerships. In this article, we develop a methodology to gauge and benchmark information security policies in the partner-selection process that can help direct risk-based investments in information sharing security. We develop a methodology to collect and interpret firm privacy policies, evaluate characteristics of those policies by leveraging natural language processing metrics and developing benchmarking metrics, and understand how those characteristics relate to one another in information-sharing partnership situations. We demonstrate the methodology on 500 high-revenue firms. The methodology and managerial insights will be of interest to risk managers, information security professionals, and individuals forming information sharing agreements across industries.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Risk analysis : an official publication of the Society for Risk Analysis
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.