Essays on information risk management in electronic markets

Within the modern, hyper-connected business landscape with the pervasive and extensive usage of IT, effective and efficient information risk management is imperative for firms to support inside IT governance as well as the outside communities or markets that they service. Therefore, this dissertation empirically studies a firm\u27s internal and external strategies for ensuring information risk management in two essays. First, information risk management is about not just technology, but also is about all business processes involving policies and practices for ensuring confidentiality, integrity and availability of information assets. Then, successful information risk management can be achieved only if top level executives give it their complete support and commitment across all required functions of a firm. Therefore, the first essay conducts a comprehensive analysis to investigate the effects of IT executive status in a Top Management Team (TMT) on information risk management. Second, firms have collected information about customers through websites to utilize high-quality marketing techniques such as personalized services or offerings with consequences that are potentially both beneficial and harmful to customers. The second essay aims to find out the impacts of different privacy-related aspects such as policies and practices on consumer willingness to provide personal information over the Internet, particularly in regards to website types and the types of requested information. The results of the dissertation can give firms insights into how to internally set IT executives\u27 compensation strategies as well as to delegate authority and responsibility for ensuring confidentiality, integrity, and availability of information assets. Also, they shed light on how to externally set up their privacy practices for customer willingness to invest in a long-term business relationship